I worked on a vbScript program that queried a range of computers by IP addresses. The script grabs information from the registry on the status of Windows Update settings. It places the results in an HTML table for easy analysis. The result was interesting; even though we have a policy of those settings to be installed on all systems, there were a few holes found.
Which is sort of the old ‘trust but verify’ mantra of an information security guy. You can set up rules and procedures, but you need to verify that the rules and procedures are being followed. If they are not, there can be some serious holes for malware to slip through.