The Microsoft Baseline Security Analyzer (MBSA) allows you to assess the administrative vulnerabilities present on one or multiple computers on your network. MBSA scans the specified computers and then generates a report that contains details for each computer about the security checks that it performed, the results, and recommendations for fixing any problems. You can check your computer for security problems in Microsoft SQL Server and Internet Information Services (IIS) as well as check to see if your computer has the most current Windows and Office updates installed.
The Microsoft Baseline Security Analyzer (MBSA) checks computers running Windows Server 2003 to 2012, and Windows XP to Windows 8.1. You must have administrator privileges for each computer you want to scan though.
The following checks are optional and you can choose whether or not to run these checks before starting a scan of the computer..
Check for Windows administrative vulnerabilities
This option scans for problems with the way that Windows is configured on the target computer. Such factors as the number of members of the local Administrators group, file-system type, and whether Windows Firewall is enabled are checked and reported.
Check for weak passwords
This option tests the passwords of local user accounts to determine whether any are blank or have other problems that might allow them to be guessed easily.
Check for IIS administrative vulnerabilities
This option checks for Internet Information Services administrative vulnerabilities.
Check for SQL Server administrative vulnerabilities
Selecting this option checks for administrative vulnerabilities on each instance of SQL Server, Microsoft Data Engine, or SQL Server 2000 Desktop Engine (MSDE) running on the target computer.
Check for security updates
Selecting this option checks the target computer for missing Windows and Office updates. When you select this option, you can also specify the following options:
Configure computers for Microsoft Update and scanning prerequisites
This option installs the current version of Microsoft Update Agent on the target computer if it is absent or out of date and configures the target computer to meet other requirements for scanning for security updates.
Scan using Update Services servers only
Selecting this option scans only for those security updates that are approved on the computer’s Update Services server. The Microsoft Update Web site or an offline catalog are not used.
Scan using Microsoft Update only
Selecting this option uses only the security update catalog downloaded from the Microsoft Update Web site to determine the updates to be checked. Updates that are not approved on the computer’s Update Services server are reported as though they were approved.
Once you select your options you can pick which computer you want to scan and click on Start scan.
When completed you will see the results of the scan which can be sorted in different ways such as the worst results first etc.
There will be links within the results that you can click for more information such as what was scanned and more details about the results. Icons will be placed next to each result showing statistics such as failure, passing, warning or information.
There are other options to print and copy your report to paste into another application such as Word. You can also view previous scans if you want to make comparisons.
The Microsoft Baseline Security Analyzer can be downloaded for free here.