This tool has two parts:

1. The Windows configuration extractor is a script that runs on the server to extract necessary security configurations. This script doesn't make any changes to the server other than creating one main file to analyze and one temporary file

2. The Windows configuration analysis tool runs on your workstation. Although I encourage you to download and run it from the website to make sure you have the latest version, the tool does not transfer the confidential configuration information to my server. If you participate in the anonymous statistics program, machine-identifiable information (such as IP and DNS information) is not sent to my statistics-gathering server.

Features
In addition to the checks listed below, the tool also displays the following useful information:

# The full "well-known" name of applications currently communicating over a network
# The full "well-known" name of applications waiting for communication partners
# Local and Domain groups
# Members of built-in groups
# Users with security-policy permissions

Value-added features added at the request of the user community:
# Comparison of current settings against common industry practice under the "Statistics" tab
# Bulk script analysis. The "Browse & analyze all dumps in folder" button will automatically analyze multiple dump files in a single directory.

The following is a list of the current checks:
the percentage is the percent of analyzed computers that follow best practice based on:
# 228 XP Computers,
# 628 Windows 2003 computers,
# 187 Windows 2000 computers, and
# 9 Windows NT4 computers.)
That have submitted anonymous statistics.