Picking Computers to Scan
You can run MBSA against a single computer or multiple computers in a network. When you choose to scan a single computer. You can identify the computer to scan based on the computer name or its IP address.
You'll need administrative access to scan any computers using MBSA, so if you're scanning remote computers, you should be logged on with an account that is in the remote computer's Administrators group.
Tip When running MBSA in a domain, you should use a domain account that is added to the Administrators group of the desktop computers Most organizations create a group that is automatically added to the local Administrators group on desktop computers that desktop support personnel manage.
If you instead click the Scan Multiple Computers link of MBSA. You can choose to scan all the computers in a domain or all the computers in a range of IP addresses.
When MBSA is run, it will first connect to a Microsoft website to download the MBSA detection catalog (wsusscn2.cab). This catalog includes information about all available updates and security vulnerabilities. It is used to compare the existing updates and confi gurations on individual clients with a list of security updates that have been released along with known vulnerabilities. If the catalog has already been downloaded, MBSA will check to be sure it is up to date.
Note You can download the wsusscn2.cab catalog directly from Microsoft's site using this link: http://go.microsoft.com/fwlink/?linkid=76054 This file can then be centrally located and used with the /catalog switch when using MBSACLI (the command-line equivalent of MBSA).
The previous version of the cabinet fi le was named wsusscan.cab and is still available. However, wsusscan.cab has not been updated since March 2007 and doesn't include updates and security vulnerabilities since then. You need to use the wsusscn2.cab fi le to ensure that you are checking against the most recent data.
In this tutorial:
- Windows 7 and Other software Up to Date
- Understanding Windows Live
- Updates versus upgrades
- Why updates are important
- Windows Update
- Windows Update: The essentials
- Types of Updates
- Completing an Update
- Configuring automatic Updating
- Windows Update Applet and Functions
- Manually Install Updates Using Windows Update
- Action Center
- Updates Do Not Install Properly
- Other Windows Update Settings
- Configuring Windows 7 Update to Use a Proxy Server
- Can't Find Hidden Update
- Viewing and Changing Installed Updates
- Can't Uninstall Current Update
- Upgrade Windows Anytime
- Understanding Windows Server Update Services
- Windows Update Policies
- Updating Drivers
- Using Device Manager to Update Drivers
- Windows Update Driver Settings
- Windows 7 Service Packs
- Basic Service Pack Information
- Installation of Service Packs
- Installing and Removing Software
- Installation via CD or DVD
- Problem Installing from Disc
- Installation via Downloaded Program
- Viewing and Changing Programs
- Uninstalling Software
- Compatibility Issues in 64-Bit Version
- Upgrade Issues with 64-Bit Windows 7
- Other Program Compatibility Issues
- Side-by-Side Installs and Virtual Registries
- Removing Updates from Windows 7
- Thwarting Exploits with DEP
- Microsoft Baseline Security Analyzer
- Picking Computers to Scan
- Vulnerability Checks
- Installing MBSA
- Running the MBSA
- Running the MBSACLI
- MBSACLI Location
- Running in an Isolated Environment
- Using Windows Server Update Services
- WSUS Updates
- WSUS Requirements
- Installing, Configuring, and Using WSUS
- Adding the Application Server and Web Server (IIS) Roles
- Installing the Report Viewer
- Installing WSUS
- Configuring Group Policy Settings for WSUS
- Creating a GPO to Configure Clients to Use WSUS
- Verifying That Clients Are Using GPO Settings for WSUS
- Verifying That Clients Are Using GPO Settings with GPResult
- Creating Computer Groups on WSUS
- Approving Updates in WSUS
- Viewing WSUS Reports