EC2 Instances running Windows are just like any other Windows machine, even if they are running behind a VPC.
Things you need to consider might be:
How to pass administration credentials to these machine? - Here you can set up an IAM Role for these instances that can read a private bucket on S3 that have these credentials. You can then pass the name of the bucket in the User Data field when you start these instances. See more details here: http://docs.amazonwebservices.com/IAM/latest/UserGuide/role-usecase-ec2app.html
How to have a secure network between your internal network and the servers in the VPC? You can attach an additional Elastic Network Interface (ENI) that is not available for public access on top of your public IP. This ENI allows you to create a management network with your corporate domain. See more details here: http://docs.amazonwebservices.com/AmazonVPC/latest/UserGuide/VPC_ElasticNetworkInterfaces.html
You might also want to take a look at AWS Direct Connect
If you have any other specific concerns, please update your question.