Windows 7 / Getting Started

Microsoft Baseline Security Analyzer

The Microsoft Baseline Security Analyzer (MBSA) tool allows you to scan client computers to determine if they have all currently available software updates installed. This tool allows administrators in environments that do not use a central update solution like WSUS to locate client computers that are not up to date with security updates. If you do not use a utility like the MBSA tool, you need to access Windows Update on each computer to determine whether a particular computer has all updates installed. The MBSA tool is important in the latter stages of an operating system's life cycle. This is because more updates are available for an operating system the longer that operating system is available, and it becomes increasingly time consuming to determine if a particular update is missing.

The MBSA tool can check a computer for updates based on Microsoft Update, or can scan a computer based on updates that were approved on a WSUS server. You can also use the MBSA tool to determine if there are problems with a computer's security configuration, such as whether common administrative vulnerabilities are present and weak passwords are set. You can use the MBSA tool to scan servers as well as clients, so it is possible to check for other vulnerabilities, such as those that are present in Internet Information Server (IIS) and Microsoft SQL Server. To scan a computer, you need to have administrator access on the local computer and administrator access on any remote computer that you are scanning. This requirement ensures that you cannot use the MBSA tool as an attack tool to scan other people's computers to determine which vulnerabilities they may possess. You cannot use version 2.1 and earlier of the MBSA tool to scan computers running Windows 7.

More Info MBSA
To get more information about the MBSA, consult the following Microsoft TechNet Web page: http://technet.microsoft.com/en-au/security/cc184923.aspx.

MBSA 2.1.1 was released to support Windows 7 clients. It can run on and scan any of the following clients:

  • Windows 2000
  • Windows XP
  • Windows Vista
  • Windows Server 2003
  • Windows Server 2003 R2
  • Windows Server 2008
  • Windows Server 2008 R2

After you've run at least a single report, the View Existing Security Scan Reports link will be enabled, allowing you to view past reports. If you click this link, it'll provide a list of all the reports that have been run. This list includes the computer name, the IP address, the overall assessment of the scan, and the date when it was run.

[Previous] [Contents] [Next]

In this tutorial:

  1. Windows 7 and Other software Up to Date
  2. Understanding Windows Live
  3. Updates versus upgrades
  4. Why updates are important
  5. Windows Update
  6. Windows Update: The essentials
  7. Types of Updates
  8. Completing an Update
  9. Configuring automatic Updating
  10. Windows Update Applet and Functions
  11. Manually Install Updates Using Windows Update
  12. Action Center
  13. Updates Do Not Install Properly
  14. Other Windows Update Settings
  15. Configuring Windows 7 Update to Use a Proxy Server
  16. Can't Find Hidden Update
  17. Viewing and Changing Installed Updates
  18. Can't Uninstall Current Update
  19. Upgrade Windows Anytime
  20. Understanding Windows Server Update Services
  21. Windows Update Policies
  22. Updating Drivers
  23. Using Device Manager to Update Drivers
  24. Windows Update Driver Settings
  25. Windows 7 Service Packs
  26. Basic Service Pack Information
  27. Installation of Service Packs
  28. Installing and Removing Software
  29. Installation via CD or DVD
  30. Problem Installing from Disc
  31. Installation via Downloaded Program
  32. Viewing and Changing Programs
  33. Uninstalling Software
  34. Compatibility Issues in 64-Bit Version
  35. Upgrade Issues with 64-Bit Windows 7
  36. Other Program Compatibility Issues
  37. Side-by-Side Installs and Virtual Registries
  38. Removing Updates from Windows 7
  39. Thwarting Exploits with DEP
  40. Microsoft Baseline Security Analyzer
  41. Picking Computers to Scan
  42. Vulnerability Checks
  43. Installing MBSA
  44. Running the MBSA
  45. Running the MBSACLI
  46. MBSACLI Location
  47. Running in an Isolated Environment
  48. Using Windows Server Update Services
  49. WSUS Updates
  50. WSUS Requirements
  51. Installing, Configuring, and Using WSUS
  52. Adding the Application Server and Web Server (IIS) Roles
  53. Installing the Report Viewer
  54. Installing WSUS
  55. Configuring Group Policy Settings for WSUS
  56. Creating a GPO to Configure Clients to Use WSUS
  57. Verifying That Clients Are Using GPO Settings for WSUS
  58. Verifying That Clients Are Using GPO Settings with GPResult
  59. Creating Computer Groups on WSUS
  60. Approving Updates in WSUS
  61. Viewing WSUS Reports