MBSA is a free tool by Microsoft to help scan a server to determine the security state compliance. The main feature I made use of it is the ability to scan for missing MS patches. Usually, we need to compile the list of missing patches and pass it to the Application team to test it out whether any of the patches affect or break their applications.
I have decided to post this is because I thought that every System Administrator should already know about this great tool, but I was wrong. One of my customers requested for this list and none of the System Admins know how to go about it.
Syntax
mbsacli.exe /target webserver /catalog c:\mbsa\wsusscn2.cab /n password+iis+os+sql /nvc /nd /rd c:\mbsa
These are the switches I’ve chosen:
- /target webserver (This is the server I am scanning)
- /catalog c:\mbsa\wsusscn2.cab (This is the update cab I downloaded)
- /n password+iis+os+sql (This is telling MBSA which scans NOT to perform. I just want to know about updates)
- /nvc (Do not check for new version of MBSA)
- /nd (This is telling MBSA not to download updates)
- /rd c:\mbsa (This is the directory for my report)
For more details on these and other available options use mbsacli /?
Ways to download wsusscn2.cab for offline use in a secured environment
Today, most places would have blocked Internet access on the servers in a Data Centre. Here are a couple of ways to download a copy of wsusscn2.cab for offline scanning.
Method 1:
1. Run mbsacli.exe by itself on a machine with Internet access. It will automatically download the wsusscn2.cab file and save it into either of the following folders:
- C:\Documents and Settings\<username>\Local Settings\Application Data\Microsoft\MBSA\2.0\Cache\
- C:\Users\<username>\AppData\Local\Microsoft\MBSA\2.1\Cache
Method 2:
1. Download it from http://go.microsoft.com/fwlink/?LinkId=76054
No comments:
Post a Comment