[unisog] microsoft baseline security analyzer

Anderson, Kelly kjanders at umich.edu
Fri May 16 20:18:11 GMT 2003

Hi Nick, 

MBSA is a useful tool, but you will want to use Shavlik's Hfnetchk
program to get the best picture of your patching needs - it simply does
a better job than MBSA in identifying patches needed.  Plus, you can
script it to scan multiple machines.  We're using it as the "ultimate"
authority on patching.  

Have fun!  


Kelly J. Anderson, MCSE            
Windows 2000 Infrastructure   
University of Michigan             
United for Peace and Justice   

-----Original Message-----
From: nick nelson [mailto:snelson at valdosta.edu] 
Sent: Thursday, May 15, 2003 7:20 PM
To: unisog at sans.org
Subject: [unisog] microsoft baseline security analyzer

'lo folks..

I've recently been (as of today) assigned the job of running microsoft
baseline security analyizer on our network of 4000 or so windows PCs and
securing the ones that come up as critical risks, or however they word

I've ran the test (it's running tonight, overnight). There was about 700
PCs identified as severe risks when I left, so it's obviously going to
be quite the task.

Does anyone have any recommendations on what the team can do to make
this easier? Obviously a lot of these will be windows updates needing
done, is there any way to do remote windows updates? Also, does anyone
have any kind of documents/websites/templates they give to users (mostly
faculty) helping them secure their windows 2000/xp machiens, ie, picking
a good password, not having open shares, running windows updates, etc.

Any help would be appreciated, I'm not exactly a microsoft fan, nor
guru, so this should be interesting :)

nick at arpa.com            |     arpa.com :: the mainstream runs shallow
snelson at valdosta.edu     |     Office of Information Technology 

A: Top posters
Q: What's the most annoying thing about email these days?

More information about the unisog mailing list