Saturday, January 23, 2010

Running Microsoft Baseline Security Analyzer (MBSA) command line

You may already familiar with Microsoft Baseline Security Analyzer (MBSA) GUI, but how about the MBSA command line?

You get at least 2 benefits from the MBSA command line

1. If you want to scan the remote computers that are not part of your domain, MBSA GUI won’t help you, at least I couldn’t find any option to do it. In this situation, MBSA command line comes in place.

2. You can easily schedule MBSA Command line running at midnight to scan a range of computers, and view the reports with a cup of coffee next morning.

The format of MBSA command line is:

MBSACLI [/target /r /d domain] [/n option] [/o file] [/qp] [/qe] [/qr] [/qt] [/listfile file] [/xmlout] [/wa
/wi] [/catalog file] [/nvc] [/ia] [/mu] [/nd] [/rd directory] [/?][/u username /p password]

For example, if you want to scan an IP mbsacli /target /u administrator /p password

Enter “mbsacli /?” for more details.

Something you have to be aware:

1. MBSA Command line need an offline security update signature to perform a scan, the file name is MBSA GUI can automatically download it and save it in “C:\Documents and Settings\\Local Settings\Application Data\Microsoft\MBSA\2.1.1\Cache\” (depends on your MBSA installation) , but if you haven’t run the GUI for a long time, you can download the latest signature from here I normally save it in a temporary folder, then use /category parameter to specify the file location: mbsacli /target /catalog c:\temp\ /u administrator /p password

2. The cons of this command line is the username and password is in the plain text, you have to change your password after you finish a scan.

3. The output of MBSA command line is ugly, however, you can view the report from MBSA GUI, it is user friendly and pretty beautiful.

4. The version of MBSA we are talking here is 2.1.1, released on Nov 4, 2009. You can download it from here:

No comments:

Post a Comment