If you need a quick (and free) security assessment of your standalone PC or a whole domain, I would suggest you use the Microsoft Baseline Security Analyzer. This tool is available to be downloaded here: http://www.microsoft.com/downloads/details.aspx?FamilyID=f32921af-9dbe-4dce-889e-ecf997eb18e9&DisplayLang=en
Why? I firmly believe and suggest this tool for all IT pro that needs to have a life, rather assessing one-on-one each and every workstation computer for the entire forest. There are tools out there for managing and monitoring of the entire domain like the Operations Manager 2007 http://technet.microsoft.com/en-us/opsmgr/cc280350.aspx (which by the way, I would really love to evaluate and hopefully in a couple of months be submitted for POC to my company, we are really growing rapidly and we wouldn’t want our operations to go out of hand!) for now I’ll go with the simplest tool that I found (MBSA 2.1).
How? Really simple!
Just choose the most appropriate MSI installer from @ http://www.microsoft.com/downloads/details.aspx?FamilyID=f32921af-9dbe-4dce-889e-ecf997eb18e9&DisplayLang=en.
I chose MBSASetup-x64-EN.msi (my Workstation is a 64 bit machine and I prefer ENglish)
After downloading, launch the MSI installer.
The installation is really easy, just click next > Accept the License Agreement, next then Install!
The setup will run and prompt you with this if the installation has been completed without errors.
To launch, go to your start then all programs, and you will see a newly highlighted shortcut icon "Microsoft Baseline Security Analyzer 2.1" . Launch the application.
The MBSA 2.1 looks like this, (looks like a familiar screen to me like windows update)
you can choose to scan a computer or multiple computers, the first thing that I did is ofcourse, try it out on my workstation!
The scan just took about 5 minutes over a Vista Enterprise x64 on a AMD 64 X2 4800 with 2GB of Ram – loaded with development IDE’s (VS 2005,2008 and SQL 2005, 2008 Management studio)
On my results page, I see that I need to make sure that the update service is updating my local SQL server!
If you are planing to scan multiple computers or a domain, here is the screen that will be shown. You just need to give the Domain name or the IP address range.
Note: you must have a local administrator privileges to run this.
Enough said more info is available at Technet http://technet.microsoft.com/en-us/security/cc184924.aspx