MBSACLI – Windows CMD Command
Baseline Security Analyzer.
Syntax
mbsacli [/c|/i|/r|/d domainname|ipaddress|ipaddressrange]
[/n option] [/sus SUS server|SUS filename]
[/s level] [/nosum] [/nvc] [/o filename] [/e] [/l] [/ls]
[/lr report name] [/ld report name] [/v] [/?]
[/qp] [/qe] [/qr] [/q] [/f] [/unicode]
Options
The Computer to Scan:
no option - Scan the local computer.
/c domainname\computername - Scan the named computer.
/i xxx.xxx.xxx.xxx - Scan the specified IP address.
/r xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx - Scan the specified range of IP addresses.
/d domainname - Scan the named domain.
Items NOT to update
/n IIS - Skip IIS checks.
/n OS - Skip Windows operating system, IE, Office and Outlook checks.
/n Password - Skip password checks.
/n SQL - Skip SQL checks.
/n Updates - Skip security update checks.
The above can be combined, for example:
/n OS + IIS + Updates - skip IIS, Windows, and security update checks.
Security Update Scan Options
/sus SUS server | SUS filename - Check only for security updates that are approved
at the specified SUS server, or at the file path of the Approveditems.txt file.
e.g. https://server or https://server/Approveditems.txt.
If neither is specified, the value will default from the registry (set via Group Policy)
/s 1 - Suppress security update check note messages.
/s 2 - Suppress security update check note and warning messages.
/s 3 - Suppress warnings except for service packs.
/nosum - Security update checks will not test file checksums.
Output File Name
/o filename By default, the output filename uses the format "domain - computername (date)"
Display the Results
/e - List the errors from the latest scan.
/l - List all the reports that are available.
/ls - List the reports from the latest scan.
/lr report name - Display an overview report.
/ld report name - Display a detailed report.
/v - Display security update reason codes.
Miscellaneous Options
/? - Usage help.
/qp - Do not display progress.
/qe - Do not display error list.
/qr - Do not display report list.
/q - Do not display progress, error list, or report list.
/f - Redirect the output to a file.
/unicode - Generate unicode output, useful for Japanese versions of Windows.Early versions of this command were known as HFNETCHK.
Really? It really is excellent to witness anyone ultimate begin addressing this stuff, however I?m still not really certain how much I agree with you on it all. I subscribed to your rss feed though and will certainly keep following your writing and possibly down the road I may chime in once again in much more detail good work. Cheers for blogging though!
I was looking at some of your articles on this website and I believe this site is very instructive! Continue posting.