How To Do It
First you will want to categorize your servers, and determine what services are really provided by each one. This process also helps identify servers that are being used for unanticipated or unintended file sharing, "orphaned" applications, or unneeded duplication of services. You may want to make a multiple column list or spreadsheet, listing server names, services, and the appropriate security template to apply.
You'll use the MMC (Start -> Run -> MMC). The go to File -> Add/Remove Snap-in, click Add, and choose Security Templates. Click Add, Close, and OK. The policies present will be listed. To customize one, right-click on it, click Save As, choose a unique name, and click OK. Review the settings and options for various objects, make your changes, and save the template. When you're ready, you can apply the template using the Security Configuration and Analysis Snap-in for the MMC.
In Windows Server 2008 you can generate a snapshot of the current settings using the secedit tool, and roll back to those settings if the new changes cause problems. You should always test your changes before keeping and applying modified and updated templates to your production servers.
Be careful! If you don't understand what you're doing, or what may happen as a result--get help! Microsoft has an excellent series of articles on TechNet.