It goes beyond this posting to describe the complete list of functionality changes and updates in SP1 but its sure that as consultants and system administrators we are most eagerly awaiting the release of the Security Configuration Wizard that promises to deliver role based lockdown of servers including the ability to -
• Disable unnecessary services.
• Disable unnecessary IIS Web extensions.
• Block unused ports, including support for multi-homed scenarios.
• Secure ports that are left open using IPSec.
• Reduce protocol exposure for Lightweight Directory Access Protocol (LDAP), LAN Manager, and server message block (SMB).
• Configure audit settings with a high signal-to-noise ratio.
Furthermore it uses an extensible XML knowledge base, which lets administrators import existing Windows security templates and lets developers extend the SCW to handle new user defined roles.
You can get access to the SP1 Technical Preview Program and the bits here - so while waiting for the final version of the SP1 - go ahead and test/play with the RC version ;-)