Microsoft Baseline Security Analyzer (MBSA) can perform local, or remote scans on Windows desktops and servers, identifying any missing service packs, security patches, and common security misconfigurations. You can chose what you want to scan for, including Windows, IIS and SQL administrative vulnerabilities, weak passwords, and Windows updates.
Once the desired scan has completed, a report will be corrected for each machine which was canned, with an overall security classification and details of the result.