Interesting metaphor S0nic! A stand alone server should be treated the same as any other node on the network as well as the DC. The main reason behind this is that it offers a backdoor for an intruder to gain a foot hold. The idea of having to comprimize only the domain controller in order to do any damage is somewhat true as far as privilidge rights etc... go. But, a hacker could gain control of a less secured box and use that as a levy to work his way up. Think of it as some "dood" holding the poor bastard in Sonic's story ransom and demanding to see the president....then shoots the president. You should use a stand alone server if you are running it to compliment the dc or if you don't really have services that require user to authenticate to that system. I would agree that a domain is a better decision for any type of corporate work because of the security that is involved. But if this is a home network and you are wanting users to be able to use the server for data storage or whatnot....just keep it as a workgroup and set the server to be part of that workgroup. By doing this you are pretty much trusting everybody in the group but can afford this because they are friends, roommates, etc... You can setup permissions on the shares to make sure they only have access to what you want them too. Do not share out your entire drive of course. If this is going to be a gateway or if you plain on multihoming it or whatnot for your internet connection.....I would suggest rethinking your stratagy and follow the advise posted above. There are a million different tweaks you can do to a 2000 box in order to make it secure but first fix the holes in the os with the patches. Then worry about services. Well....hope this helps.

Cordially,

Sp1d3r