Windows 7 / Getting Started

Tools for Auditing Software Updates

One of the most important concepts in security is "Trust, but audit." Auditing provides a critical layer of protection against human error and omission. In the case of software update management, auditing enables you to verify that updates are distributed correctly and are not removed after distribution.

Microsoft provides the following tools for auditing software updates and the software update process:

  • WSUS WSUS enables you to view which updates have been distributed to which computers. To detect updates that are removed after distribution and new computers that do not have the proper updates installed, use WSUS reporting in conjunction with one of the other tools in this list.
  • Configuration Manager 2007 R2 Configuration Manager 2007 R2 monitors installed updates and can generate reports showing whether updates are successful.
  • MBSA The Microsoft Baseline Security Analyzer (MBSA) actively connects to computers on your network and, with proper credentials, generates reports displaying the installed updates and a list of other security vulnerabilities. MBSA is a graphical tool that simplifies manual, interactive auditing. MBSACLI and Configuration Manager 2007 R2, described next, use the MBSA engine.
  • MBSACLI The MBSA command-line interface (MBSACLI) allows you to script MBSA auditing, enabling you to audit large numbers of computers in an automated fashion. You can generate Extensible Markup Language (XML)-based reports that you can view with the MBSA interface, or you can create tools that process the XML-based MBSACLI reports. MBSACLI is included with MBSA.

WSUS and Configuration Manager 2007 R2 were described earlier in this tutorial. The sections that follow describe MBSA and MBSACLI.

[Previous] [Contents] [Next]

In this tutorial:

  1. Managing Software Updates
  2. Methods for Deploying Updates
  3. Windows Update Client
  4. Windows Server Update Services
  5. System Center Configuration Manager 2007 R2
  6. Manually Installing, Scripting, and Removing Updates
  7. Overview of Windows 7 Update Files
  8. How to Script Update Installations
  9. How to Remove Updates
  10. Deploying Updates to New Computers
  11. Other Reasons to Use a Private Network for New Computers
  12. Managing BITS
  13. BITS Behavior
  14. BITS Group Policy Settings
  15. Configuring the Maximum Bandwidth Served For Peer Client Requests Policy
  16. Managing BITS with Windows PowerShell
  17. Windows Update Group Policy Settings
  18. Configuring Windows Update to Use a Proxy Server
  19. Tools for Auditing Software Updates
  20. The MBSA Console
  21. MBSACLI
  22. Scheduling MBSA
  23. Troubleshooting the Windows Update Client
  24. The Process of Updating Network Software
  25. Assembling the Update Team
  26. Inventorying Software
  27. Creating an Update Process
  28. Discovering Updates
  29. Evaluating Updates
  30. Speeding the Update Process
  31. Retrieving Updates
  32. Testing Updates
  33. Installing Updates
  34. Removing Updates
  35. Auditing Updates
  36. How Microsoft Distributes Updates
  37. Security Updates
  38. Update Rollups
  39. Service Packs
  40. Microsoft Product Life Cycles