I have recently came across that Department of Defence website where they provide free and unclassified Windows Security Guides. From Windows 2000 to windows 7, they provide a set of checklist and “STIG” which stands for Security Technical Implementation Guides.

Having only checked the Windows 7 “STIG”, I found it a useful resource when one can get some ideas on how to secure/validate a windows 7 server configuration.

http://iase.disa.mil/stigs/content_pages/windows_os_security.html