MS Baseline Security Analyzer

[Vorlin]

Greetings,

Not sure how many use Automatic Updates, but I noticed (as many probably have) that if you have the service "Automatic Updates" turned off, you can't update through Windows Update. Looking for a better alternative as I like to keep my services streamlined, I found a rather nifty tool called "Microsoft Baseline Security Analyzer". It does scanning of local machines, workgroup machines, and remote PCs based on IP. I included some screenshots for those who haven't seen it. It does download information from the MS site, so it keeps up with some sort of database there for what's relevant at the time.

Main page can be found here.

Opening page

Scan page

Scanning a machine

Results page

It does have a "Copy" function, as you can tell from the Results page and that basically puts the non-graphical results into text-only, as follows.

Security Updates Vulnerabilities Check passed Windows Security Updates No critical security updates are missing.
Security Updates Vulnerabilities Check passed Windows Media Player Security Updates No critical security updates are missing.
Security Updates Vulnerabilities Check passed MDAC Security Updates No critical security updates are missing.
Security Updates Vulnerabilities Check passed MSXML Security Updates No critical security updates are missing.
Security Updates Vulnerabilities Check passed Office Updates No critical security updates are missing.
Windows Scan Results Vulnerabilities Best practice Windows Firewall Windows Firewall is disabled and has exceptions configured.
Windows Scan Results Vulnerabilities Check passed Local Account Password Test No user accounts have simple passwords.
Windows Scan Results Vulnerabilities Check passed File System All hard drives (1) are using the NTFS file system.
Windows Scan Results Vulnerabilities Check passed Guest Account The Guest account is not disabled on this computer.
Windows Scan Results Vulnerabilities Check passed Restrict Anonymous Computer is properly restricting anonymous access.
Windows Scan Results Vulnerabilities Check passed Administrators No more than 2 Administrators were found on this computer.
Windows Scan Results Vulnerabilities Check passed Automatic Updates Updates are automatically downloaded and installed on this computer.
Windows Scan Results Vulnerabilities Check not performed Password Expiration This check was skipped because the computer is not joined to a domain.
Windows Scan Results Vulnerabilities Check not performed Autologon This check was skipped because the computer is not joined to a domain.
Windows Scan Results Additional System Information Additional information Windows Version Computer is running Windows 2000 or greater.
Windows Scan Results Additional System Information Best practice Auditing This check was skipped because the computer is not joined to a domain.
Windows Scan Results Additional System Information Additional information Shares 2 share(s) are present on your computer.
Windows Scan Results Additional System Information Best practice Services Some potentially unnecessary services are installed.
Internet Information Services (IIS) Scan Results Additional System Information Best practice IIS Status IIS is not running on this computer.
SQL Server Scan Results Product Status Best practice SQL Server/MSDE Status SQL Server and/or MSDE is not installed on this computer.
Desktop Application Scan Results Vulnerabilities Check passed IE Zones Internet Explorer zones have secure settings for all users.
Desktop Application Scan Results Vulnerabilities Check not performed Macro Security No Microsoft Office products are installed

There's quite a bit of info, as you can tell, and for those who're more savvy with updating and MS tools, this is a lot better tool I think in providing more information and where to go than just what AU provides.

Anyone else have comments on this utility?

EDIT: I just realized how many other threads were out there concerning this tool. Don't I feel like a tool for not using the search button prior to posting, hah! At least there are some screenshots...please don't shoot me!

[Tiger Shark]

I'm a slacktard...

ROFLMAO....

I like MBSA. I use it against all servers I have just installed and locked down and whenever I make major changes to others.

[White Scorpion]

thanks for the info, i will study it when i have the time

[SDK]

MSBA is very powerfull tool for Windows User! It should be in all Windows Admin ToolBox just after SUS.

[thehorse13]

I prefer the CIS tool. (Center for Internet Security). It goes above and beyond what the MS tool does, including the ability to apply NSA baseline security policies to your box. It also has the same stuff available for Unix systems.

http://www.cisecurity.org/

I recommend this one.

[phishphreek]

Originally posted here by thehorse13
I prefer the CIS tool. (Center for Internet Security). It goes above and beyond what the MS tool does, including the ability to apply NSA baseline security policies to your box. It also has the same stuff available for Unix systems.

http://www.cisecurity.org/

I recommend this one.

How does the scoring work? I was unable to find in the docs the scale and what the scoring means. I just did a quick browse through it though. All I saw is that a default install should have a 1.5 score on 2K.

[Vorlin]

I'll have to check out the CIS tool...from what I saw, it looks to be a benchmark utility but that was the 10 second run-down before I had to leave. Will check it out though!