Here's an auditing trick I had never used before. I'm sure I should be able to script this information from the registry. But, until I find where this information, here's what we did:
File -> Add/Remove Snap-in...
Chose "Security Configuration and Analysis"
In the main window, right-mouse-click on Security Configuration and Analysis
Choose Open Database
We created a temp database.
When asked for the .inf file, we pointed to the .inf files we grabbed from the DISA benchmarks.
Right-mouse-click on Security Configuration and Analysis, again
Choose Analyze Computer Now
DO NOT CHOOSE Configure....
MMC will analyze the computer against the settings in the DISA .inf file.
When it is doen, I double-clicked the individual policys, and exported them to our results directory.