 This free tool from Microsoft checks computers for common security misconfigurations.
The Microsoft Baseline Security Analyzer can check computers running Microsoft Windows Server 2008 R2, Windows 7, Windows® Server 2003, Windows Server 2008, Windows Vista, Windows XP or Windows 2000. The scanning of computers for security updates with this tool requires "Windows Server Update Services", that means you must have administrator privileges for each computer you want to scan.
Once installed you can (we were using version 2.1) : (1)Scan a computer (check a computer using its name or IP Address). (2)Scan multiple computers (check multiple computers using a domain name or a range of IP addresses). (3)View existing security scan reports (view, print and copy the results from the previous scans). Chooisng the initial option (once a system is chosen to scan) commences security updates to be downloaded from Microsoft, then the scanning operation starts. After a few minutes the report is presented visually and highlights key risks, amber warniings and 'green tiicked' OK items. An example report follows: Security assessment: Potential Risk Scanned with MBSA version: 2.1.2112.0
Catalog synchronization date:
Security update catalog: Microsoft Update Security Updates Scan Results
Issue: Developer Tools, Runtimes, and Redistributables Security Updates
Score: Check passed
Result: No security updates are missing. Issue: Office Security Updates
Score: Check passed
Result: No security updates are missing. Issue: SDK Components Security Updates
Score: Check passed
Result: No security updates are missing. Issue: SQL Server Security Updates
Score: Check passed
Result: No security updates are missing. Issue: Windows Security Updates
Score: Check passed
Result: No security updates are missing.
Operating System Scan Results
Administrative Vulnerabilities
Issue: Local Account Password Test
Score: Check passed
Result: No user accounts have simple passwords.
Issue: File System
Score: Check passed
Result: All hard drives (4) are using the NTFS file system. Issue: Password Expiration
Score: Check not performed
Result: Check is skipped on Windows XP Home Edition computers. Issue: Guest Account
Score: Check passed
Result: The Guest account is not disabled on this computer. Issue: Autologon
Score: Check not performed
Result: Check is skipped on Windows XP Home Edition computers. Issue: Restrict Anonymous
Score: Check passed
Result: Computer is properly restricting anonymous access. Issue: Administrators
Score: Check failed (non-critical)
Result: More than 2 Administrators were found on this computer. Issue: Windows Firewall
Score: Best practice
Result: Windows Firewall is disabled and has exceptions configured. Issue: Automatic Updates
Score: Check passed
Result: Updates are automatically downloaded and installed on this computer. Issue: Incomplete Updates
Score: Best practice
Result: No incomplete software update installations were found. Additional System Information
Issue: Windows Version
Score: Best practice
Result: Computer is running Microsoft Windows XP. Issue: Auditing
Score: Best practice
Result: Check is skipped on Windows XP Home Edition computers. Issue: Shares
Score: Best practice
Result: 3 share(s) are present on your computer. Issue: Services
Score: Best practice
Result: No potentially unnecessary services were found.
Internet Information Services (IIS) Scan Results
IIS is not running on this computer. SQL Server Scan Results
SQL Server and/or MSDE is not installed on this computer. Desktop Application Scan Results
Administrative Vulnerabilities
Issue: IE Zones
Score: Check passed
Result: Internet Explorer zones have secure settings for all users. Issue: Macro Security
Score: Check passed
Result: 1 Microsoft Office product(s) are installed. No issues were found. The MBSA can be downloaded from Microsoft here | 
Security Software Reviews 
