One of the absolute best tools for managing security group policy settings in a Microsoft environment is their Security Compliance Manager. Hot off the presses is version 3.0, which is a major step forward in both functionality and OS/product support.
The full product announcement from Microsoft is here. The most exciting news for me is full support of Windows Server 2012, IE 10, and configuring stand-alone machines. Oh yes, Windows 8 support, but who’s even using that?
Not new to the 3.0 release, is the ability to compare different baselines, archive baselines, and create your own custom baselines that you can export to a GPO. Your IA guys should love it! And in case you missed it, there’s a beta version of a SCM baseline for SQL Server 2012 you can find here.