Scanning machines against specific patches

Scanning machines against specific patches

Is there a way to get Microsoft Baseline Security Analyzer to scan a list of machines against specific patches? If so, what are the steps I'd take to perform this type of scan?

    Requires Free Membership to View

    Login

    When you register, you’ll also receive targeted alerts from my team of editorial writers and independent industry experts with the latest news, tips, and advice to help you do your job more efficiently and effectively. Our goal is to keep you informed on the hottest topics and biggest challenges faced by IT professionals today working with desktop management and security technologies.

    Margie Semilof, Editorial Director

    By submitting your registration information to SearchEnterpriseDesktop.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchEnterpriseDesktop.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Sure, and you have a couple of different options for these types of scans. The -sus option for mbsacli.exe supports scanning for only a specific list of patches. If you have an existing SUS (Software Update Services) server, you supply the URL to your SUS server or the path to the Approveditems.txt file as the option to the -sus option. For example, mbsacli.exe -sus http://mysusserver. This option will cause MBSA to check only for updates approved at the specified SUS server or within the specified text file.

You can also use combinations of the -n option, which specifies the checks NOT to perform (for example, OS, SQL, Password, etc.). Using this option trims down the security and update checks that are performed and helps you tailor the tool to your specific needs.

To control the machines that MBSA is run against, use one of the following options:

  • -c -- scan a specific named computer

  • -i -- scan a specific IP address

  • -r -- scan a range of IP addresses

  • -d -- scan a specific domain

This was first published in March 2005

Back to top