Before you begin I need to mention that we have servers that don’t have internet access:

So for this reason we download the updates and copy them locally:
muauth.cab (Microsoft Web site)
wsusscn2.cab (Microsoft Web site)
wuredist.cab (http://update.microsoft.com/redist/wuredist.cab)
After downloading the files from the Microsoft Web site, copy all files listed above to the following folder on the computer performing the security update scan:
C:\Documents and Settings\<username>\Local Settings\Application Data\Microsoft\MBSA\Cache
Or C:\Users\<username>\AppData\Local\Microsoft\MBSA\Cache (fore newer systems)

Scanning Multiple Systems for Updates and Patches:

Remember to run these commands from the correct path by first typing: cd “c:\Program Files\Microsoft Baseline Security Analyzer 2”

The following command scans all computers in the CONTOSO domain for security updates, but it does not scan for administrative vulnerabilities:

mbsacli /d contoso /n os+iis+sql+password

The following command scans all computers in the IP address range 192.168.195.130 to 192.168.195.254 for security updates, but it does not scan for administrative vulnerabilities:

mbsacli /r 192.168.195.130-192.168.195.254 /n os+iis+sql+password

The following command scans all computers listed in the ComputerNames.txt file for security updates, but it does not scan for administrative vulnerabilities:

mbsacli /listfile computernames.txt /n os+iis+sql+password

NOTE that the /n os+iis+sql+password flag means that it should NOT scan for these updates.

Reference:
http://msdn.microsoft.com/en-us/library/ff647642.aspx

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s