There are a couple of options when trying to securely copy files between two Windows 2003 servers. Each option has it's pros and cons depending on your specific environment. Here is a list of options that comes to mind:
- Routing and Remote Access (RRAS) Virtual Private Network
- Windows IPSec
- Remote Desktop Protocol (RDP)
- SSH Service
RRAS can be configured as a demand dial VPN connection between two servers. There is a wizard that can walk you through creating the settings but it's usually used for scenarios where you want to join multiple sites (tunnel mode) and not for point to point connections (transport mode). Very secure and reliable but a little more complex that what you are asking for.
If you don't have to deal with any Network Address Translation (NAT) port forwarding you could simply create an IPSec policy and use a shared secret for the authentication. Configuring IPSec can be accomplished in the Local Security Policy (Secpol.msc) Management Console and there are wizards to walk you through the configuration. You can't get much more secure than this.
RDP is a simple solution that allows you to interact with each server using the Windows Explorer. Chances are you have already configured your servers to allow Remote Access and thus have this option available to you once you allow the traffic through the router/firewall. This traffic is safe and secure but requires interactive configuration (for example, you can't have a script launch rdp and copy the files).
The last option that comes to mind is SSH. I have been using FreeSSHD on my Windows servers for several years as a way to support scripted connections between my servers. You could also use OpenSSH but the configuration is a little more difficult than FreeSSHD. Reliable and secure this would be the easiest solution to configure even if having to deal with a router/firewall since you only need to open port 22. One warning, many people are actively scanning the network for SSH servers and attempting brute force logins. I only allow certificate based authentication to my servers thus avoiding any chance of someone guessing my password.
My first choice is to use IPSec (assuming you don't have any problems with NAT and/or firewalls) and my second choice would be SSH. I hope this helps.