You get at least 2 benefits from the MBSA command line
1. If you want to scan the remote computers that are not part of your domain, MBSA GUI won’t help you, at least I couldn’t find any option to do it. In this situation, MBSA command line comes in place.
2. You can easily schedule MBSA Command line running at midnight to scan a range of computers, and view the reports with a cup of coffee next morning.
The format of MBSA command line is:
MBSACLI [/target /r /d domain] [/n option] [/o file] [/qp] [/qe] [/qr] [/qt] [/listfile file] [/xmlout] [/wa
/wi] [/catalog file] [/nvc] [/ia] [/mu] [/nd] [/rd directory] [/?][/u username /p password]
For example, if you want to scan an IP 192.168.1.1: mbsacli /target 192.168.1.1 /u administrator /p password
Enter “mbsacli /?” for more details.
Something you have to be aware:
1. MBSA Command line need an offline security update signature to perform a scan, the file name is wsusscn2.cab. MBSA GUI can automatically download it and save it in “C:\Documents and Settings\
2. The cons of this command line is the username and password is in the plain text, you have to change your password after you finish a scan.
3. The output of MBSA command line is ugly, however, you can view the report from MBSA GUI, it is user friendly and pretty beautiful.
4. The version of MBSA we are talking here is 2.1.1, released on Nov 4, 2009. You can download it from here: http://www.microsoft.com/downloads/details.aspx?FamilyID=b1e76bbe-71df-41e8-8b52-c871d012ba78&displaylang=en