New Website for Questions.

I'm about to change the way I do things with my website. Presently it's just HTML and a little PHP.
I run W2K with Apache and MySQL on a very old system, PP200 dual processor system.

I need to run a more secure, faster, energy effecent internet system.
Hardware;
ServerA = Athalon 750 for Windows and IIS
ServerB = PII 400 for secure file storage and database
   My power evaluation shows I'll save 20% on power using 2 systems vs the 1
   The compaq 2500 runs 5 SCSI drives - hardware RAID 5, and 2 pentium pro processors
It drinks power like I drank beer in college!



Questions:
What do you think about using IIS and NTFS security? (Fully patched)?
   I know NTFS security indepth but not the inter mingling of IIS and NTFS security (I'll figure it out).

The servers would be on a switch, behind a router, using port forwarding to ServerA.
ServerB  would only be accessed through ServerA requesting data.
   Is this good, bad, ugly?

I'm thinking ASP as my main platform with PHP for small things.
   Is this good, bad, ugly?

Security is my number 1 concern keeping the data secure is required by the youth organization I volunteer with.

This is entirely outside my field of expertise. I just wanted to get the discalimer out of the way because that fact has never stopped me in the past. I find that I learn a lot by asking/saying stupid things then reading people's responses. My questions would be why are you doing everything twice? Why have Apache and IIS? Why code in PHP and ASP. Doesn't that just lead to innefficiency and duplication of effort?

Guess I wasn't clear.
 
I run Apache and PHP now.
 
I want to move to IIS and VBScript (with a little PHP on the side.)
 
I haven't found htaccess to be secure enough.

and IIS more secure???
 
 
please show me where you find IIS more secure than Apache and its security

I guess from reading a PHP and MySQL web dev book.

It said to use integrated windows security one had to use IIS.

I have 50 or so accounts that will need access to various things on the server.

ok, i see your point...to work with integrated Windows authentication, it is best to use IIS and ASP, mainly because both are MS-own...
 
but if you no longer need that integration, you can switch to PHP with Apache....whatever you do, don't mix PHP and ASP, b/c they differ too much, so it is not logical to do that...
 
I personally use Linux / Apache / PHP / CGI for my webservers, this is waaaay more cross-browser/cross-OS then ASP...