Build a specification for a test bed where you can evaluate hardening for services.
Get rid of all samples on all production servers.
Ensure that production servers have no dependencies on test servers.
Develop a list of all services in your environment that run with any kind of elevated privilege.
Download URL Scan and learn how to use it.
Download the System Internals tools and learn how to use those.