Ecora has a free tool to perform port scans by subnet.

NetExplorer is billed mainly as a tool for performing system inventory, but it also enumerates open ports and associates the open ports with their common uses which can help you find security holes or compromised machines on your network.

It is pretty simple and I don't believe it contains any stealth functionality so it wouldn't be very effective for secretly scanning subnets from a hacker perspective.


Ecora also has some other free tools available including a tool called Reporter. The free version is a fully functional scaled down version of the Enterprise edition, but will only work on 5 servers. Reporter will automatically collect configuration settings from network devices, operating systems, databases, and applications and produce documentation in a readable format.

I haven't played with Reporter so I can't comment. I imagine the output would need significant editing before it could be used as a policy document, but it may prove helpful to use a tool like Reporter to gather the data and create the core report in the first place to give you somewhere to start.