July 1st, 2003, 03:17 PM
Baseline Security Analyzer
I understand there is the MBSA, but I also heard there is a method to create and .inf to configure the settings inside Windows 2000 is that correct?
July 1st, 2003, 03:19 PM
Uh, I guess. But you would still have to do manual imports of security templates and such. You would still need to use MBSA to check for patches. I guess you could rewrite MBSA as a wsh script, but what would be the point? My advice is, if there is a prewritten tool that does it, use it. If not, then make one yourself. Unless your just curious. Then rewritting stuff rocks!
$person!=$kiddie or die(\"Alas, die you hotmail hacker!!\");
July 1st, 2003, 03:24 PM
OK, the BLSA is a complete piece of crap. It often givs false positives on missing patches and such. Go to the CIS site (Center for Internet Security) and get their analyzer. It is far superior. Also, they have canned INF files that you can import and run via the Security Configuration and Analysis snap-in. They have INFs based on NSA standards all the way down to a basic lockdown.
Editing INF files is tricky business and is not for the average user to attempt. Take a look at the INFs available at www.cisecurity.org. The analyzer is free and I know it is used by auditing firms such as KPMG.
Hope this helps!
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden