I have to set up a Windows 2003 Small Business Server to work as a Subversion repository and possibly as an E-Mail server later.

The machine is a virtual one, hosted with a hosting company, and freshly initialized.

I used the Security Configuration Wizard to deactivate all server roles. After I install Subversion, I will open the necessary ports for the service; in addition, obviously, RDP will stay open so I can remote control the machine.

Automatic updates are activated, and I will set up E-Mail notification every time somebody logs on to the server.

I'm a programmer and not a professional systems administrator, so I would like to know whether you would regard this a sane and secure setup for a (publicly available) box to host sensitive code and/or E-Mail on.

Is there anything in addition I should do to make the machine secure?

Is there anything I can do on a long-term basis to keep the machine secure, apart from monitoring the event log (as far as I can make sense out of it), and seeing that any hotfixes are installed properly?