From what standpoint:
From a firewall standpoint yes.
From external to DMZ only open ports 443, 4172TCP, 4172UDP.
Check this out:
I think from an OS perspective you would stop and disable uneeded services, a possible rename of the Admin account to something on standard, and of a course a really good password. Also limit who has access to the box. The more administrators inside the box messing around the greater potential for something to happen.
I wouldn't be too concerned with Windows itself, keep it patched and only allow the ports that are needed to access it. Its going to be difficult to exploit a box if you can only see it on the secure ports.
Thanks mittim / Gunnar.
Windows OS in a DMZ is always a serious concern.
I was wondering if using the default Windows Security Profiles would achieve a better result but wasn't sure if it would break something else too.