Once you have baseline security in place, whether it is a true business policy or a combination of business and industry practices, you will need to maintain this state to ensure the security and integrity. The whole idea is to compare your baseline image with the current image in order to validate the settings. There are many ways to achieve this. Microsoft has a free tool called Attack Surface Analyzer (ASA) that can be used to compare the two states of the system. The details and capabilities of this tool can found at http://www.microsoft.com/en-us/download/details.aspx?id=24487.
An administrator can perform the following steps to install, configure, and generate an Attack Surface Report using Microsoft ASA:
Download Attack Surface Analyzer from http://www.microsoft.com/en-us/download/details.aspx?id=24487.
Complete the installation. It is a standalone, simple MSI installation process.
Open the Attack Surface Analyzer...