Microsoft offers a tool to check the Windows machines you administer from common security oversights and holes. You can run a quick scan on your machine, a specific remote machine, an IP range, or even a domain to find out how your machines add up.
The results that you get from running this scan can tell you the general health of your machine and how it’s behaving in response to a WSUS (Windows Server Update Services) server, a group policy, Windows Updates, and system administration habits and practices.
One very useful thing to do with the MBSA is to run a scan of a machine before and after a group policy is put in place and see how it affects your machine’s security. This should certainly allow you to get a good grasp on where your setup is weak and what needs improvement to reduce the risk and threat from your workstations. Combine this with the AccessChk utility to check file access permissions and you should know exactly where your machine stands and the capabilities of a person accessing them.
Download and learn more about Microsoft Baseline Security Analyzer.