I run a Web server. Am I at risk?

Not directly. But watch out for some newer servers that support "servlets". Servlets are fine if they are all written by the people running the server site; using servlets in this way is probably better than using CGI scripts. Going beyond this to let clients upload Java servlets into your server is very risky. 
Of course, you should be careful about which Java applets appear on your server. Unless you wrote the applet yourself, you don't necessarily know what it's doing. If you copy somebody else's applet, it could possibly be a trojan horse - doing something useful as well as being malicious. 

Access Manager - More info

     If the above options do not provide enough security for you, download Access manager for Windows.

Access manager provides much more security than standard ways in Windows.

More info

More articles about Security