Microsoft provides a tool for Windows Server 2008 that tests for security misconfiguration. It comes with a graphical interface and a command line interface for both local and remote scans. It looks for vulnerabilities, performs assessment checks, and checks SQL Server 2005.
In addition to Windows Server 2008, MBSA runs on Windows Vista, Windows Server 2003, Windows XP, and Windows 2000 systems. It scans for misconfigurations on Internet Information Server (IIS), SQL Server, Internet Explorer, and MS Office.
MBSA is available for download from the Microsoft website. It is free to download and use on Windows systems. It comes with a readme.html document containing information on system requirements, scan options, and tool support options.