If you administer Windows 2000 servers, you might want to check out their new Baseline Security Analyzer
. It will scan for missing hotfixes and known vulnerabilities and return XML reports about the machine. (Conveniently translated to HTML for easy reading.) It also checks out the security status of SQL Server 7.0+.