Today I want to point out a couple of things in the security area that might be helpful to you.
First, let me tell you about a service, rather than a product. SekChek evolved from work done by consultants at DeLoitte & Touche while analyzing security for its clients. It's called a "security evaluator" and, at first, I worried a bit about using it. What happens is that you download a piece of software that will "extract security details from your computer."
It creates a data file that you send to SekChek. In return, SekChek sends you a report of your security. I had visions of getting a report that read: "Your security is lame. We stole all your stuff!" But the report is actually rather comprehensive, and the company is quite trustworthy. Take a look at this PDF for a sample report of a Windows 2000 Server platform. Make sure you have some time, though, as it's 110-pages long. I did say it was comprehensive!
The report will tell you what you have in the way of security, compare it to industry standard best practices and make recommendations for changes you should make. Every time you use the service, the report will also show the changes in your system over time to better highlight where problems are cropping up or where they've been mitigated. SekChek is also available for AS/400, NetWare, Unix and NT systems. At least check the report and I think you'll see it's something that could be very useful.
The second new rollout I want to mention is a product from ScriptLogic - Enterprise Security Reporter 3.0, an agent-less, comprehensive discovery and reporting solution for compliance reviews and security audits. It takes snapshots of the security settings on files, folders, file shares and other resources, and captures local and global user and group information.
Enhancements in Version 3 include a new discovery engine (claimed to be "five-times faster" than the previous one); a new distributed engine technology to reduce bandwidth for discovery at remote sites; and a new "delta comparison" option showing the differences between two Enterprise Security Reporter snapshots taken at different times. Visit ScriptLogic to get all the details, watch a demo and download an evaluation copy.