It's one thing to define a security policy, it's quite another thing to be confident that all of your servers comply to the associated technical requirements.
Click here to view a blogcast that shows you how to use the Security Configuration Wizard's command line interface to assess the compliance of a system to the security policy. The results are viewed in an easy to read interface that renders the XML report. The same approach can be used to measure the compliance of multiple machines.
This blogcast follows on from two related SCW blogcasts:
SCW is a really great tool, with only one drawback.
It's only available for Windows Server 2003 SP1.
In my work environment, we have a mix of XP SP1 (we're getting around to rolling out SP2), 2000, and a few servers that are lucky enough to be on 2003 (but may not necessarily be at SP1 yet).
What tools are there to analyse (spelt the English way) systems that are on older operating systems for departures from policy?
Alun> I understand your challenge - clearly you're not alone.
SCW could still be a handy tool for you in that it can be used to help you understand the infrastructure requirements of your applications - use the knowledge base. It's a great way of being aware which ports, services and features each MSFT app uses.
As for policy compliance I know of many people who swear by tripwire (http://www.tripwire.com) - it baselines your systems and reports exceptions.
As for MSFT solutions - as I'm sure you're aware our approach is to enforce policy via Active Directory OUs - this can work really well - the challenge is defining what access and resources are required by each role - that of course is where SCW comes in. I've not heard of plans to back port SCW to earlier platforms - I recommend making such a request via your MSFT account team if you have one.