Add admin and system, remove the everyone account for all drives.
Background Intelligent Transfer Service
Remote Registry Service
DHCP Client(unless you use dhcp)
TCP/IP NetBIOS Helper Service
Remove the admin shares for C$
this would be a start, everything else depends on how secure you want this server, what ports you need open and what type of firewall you are using.
And of course do security updates as often as you can.