I have been working with the Microsoft Shared Computer Toolkit for the last few days. The tool is good but I have no idea who at home would really use it at home and it is a little unweildly for a large company unless you are willing to put in the work and have quite a few machines you would like to lock down.
I started using the Microsoft Shared Computer Toolkit to lock down some laptops and to protect the hard drive from changes as we are getting a lot of viruses on our laptops in the field, but in the end it did not seem to work well for us in our active directory infrastructure. The shared toolkit is built for computers to logon using local computer accounts and although there are tools so that you can add these machines to active directory using a plugin to the users and computers by the admin it would still take a lot of planning.
If you are planning to lock down machines using the Microsoft Shared Computer Toolkit it is a good idea to look at this as a real project and not just a quick fix. The toolkit comes with a really good 110 page pdf of instructions. One thing to be aware of is that you will need to create a blank area at the end of the drive after the Windows partition of at least 1 gig, I was doing testing in a VMware VM and used qtparted on a Knoppix CD to resize my Windows partition. After you start the installation you will have a new style Microsoft wizard that will walk you through the tool.
In the end we are locking down our computers using local group policies with gpedit.msc and then creating an image with either Acronis or a RIS server and then having the machines logon using a local account with another account on the machine using Admin rights
