IIS works fine, you have to remember to publish the frontpage extensions if you wish to use frontpage to publish your content. I cannot imagine this so I won't try here. But running PHP on IIS isn't too big of a problem.
I agree apache is dead easy to get and install. But security wise, apache is generally a bigger problem. You should get a security checker for apache, one I recommend (cause it's free) is "Trustsight Security Hardening Tool" by Trustsight. This tool checks your config scripts and ini files and advises you of potential security issues with apache and php.
Now using Apache 2.x isn't any more complicated, matter of a fact the installation instructions work well, only one change you should make I'll note below.
Installing PHP is trivial, but I put the following in the same directory as my apache executable:
php4apache2.dll (changed from php4apache.dll for version 1.3.x)
php4ts.dll (should reside in the same place as above dll)
since this makes it clean if I decide to tear it down and rebuild from scratch (I'm constantly doing this with my test server), I don't have to go digging in the windows directory...
LoadModule php4_module c:/php/php4apache.dll
Can be placed anywhere in the http.conf, I placed mine with the rest of the loadmodule functions with a comment that I added it for php. Mine obviously reads (since I'm using Apache 2.x)
LoadModule php4_module c:/php/php4apache2.dll
DirectoryIndex index.html index.php
I honestly read it four times and didn't see any difference in the before and after versions
AddType application/x-httpd-php .php
I also added in the addtype area. This is critical to it working. You must Reboot the server to make these settings permanent in some cases.
At this point I'd install phpmyadmin, after installing mysql. I also prefer using Mysqlcc for adding users as this is a very clean GUI for local use. I also recommend if you install phpmyadmin that you use COOKIE or HTTP methods for login, and do not automatically login (via settings in the config.inc.php). If your test server ever gets exposed to the net, this can become exploitable in a very nasty way. Of course some may consider the other methods a pain, think of it as server practise
If your going to explain MySQL setup, you'll need to be a bit more comprehensive as I'm sure most users unfamiliar get hung up here.
Just some quick comments if you need further details let me know.
Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Ubuntu7.10/Debian3.1 - 2.2.3/1.3.37 - 5.0.38/4.0.27 - 5.2.1/4.4.7 - CVS/9.1.2}