The Security Configuration Wizard does not automatically install when you install SP1 or R2. Follow these steps to install:
After installation is complete, the Security Configuration Wizard is available from Start > All Programs | Administrative Tools | Security Configuration Wizard.
When you initially run the tool, you need to provide a server to use as a baseline (you'll probably have multiple security policies based on the role each server plays in your organization). Further in the Wizard, you will see a complete list of the potential roles for your server, from both a server and a client perspective. For example, you might have one server that runs the SMS 2003 server, and another that has the SMS 2003 client installed. Select the roles for this server. You can also choose whether to enable administrative services, such as BITS (Background Intelligent Transfer Service), Browser, Browse Master, Remote Desktop, SQL Server Agent, and more. Microsoft can't be on top of every possible service on your server, so the Wizard also provides you with the capability to either ignore or disable any services that are not on the lists.
Beyond services, the Wizard also allows you to specifically allow or deny specific TCP/IP ports. Also, you can use the tool to restrict access to a specific TCP/IP port to a single computer or a range of IP addresses. For example, if you want to allow only people on your administrative network permission to establish any kind of connection using Remote Desktop, you could restrict port 3389 to just that subnet.
You can also make policy changes that affect the handling of SMB file and print traffic. For example, if your server has enough excess capacity, you can require signing for all SMB traffic to prevent man-in-the-middle type attacks on your clients. The same goes for signing all LDAP traffic. In the policy, you can indicate that all clients that connect run a version of at least SP3 for Windows 2000 to help protect LDAP information on your network.
Other areas addressed in the tool:
All in all, the Security Configuration Wizard is extremely thorough and will take a huge amount of time to get "just right," but has the potential to be a huge boon for your security efforts.