MBSACLI (download v2.3)

Baseline Security Analyzer.

Syntax
      mbsacli [/c|/i|/r|/d domainname|ipaddress|ipaddressrange]
                 [/n option] [/sus SUS server|SUS filename]
                    [/s level] [/nosum] [/nvc] [/o filename] [/e] [/l] [/ls]
                       [/lr report name] [/ld report name] [/v] [/?]
                          [/qp] [/qe] [/qr] [/q] [/f] [/unicode]

Options
The Computer to Scan:
	no option           - Scan the local computer.
	/c domainname\computername - Scan the named computer.
	/i xxx.xxx.xxx.xxx         - Scan the specified IP address.
	/r xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx - Scan the specified range of IP addresses.
	/d domainname              - Scan the named domain.

Items NOT to update

	/n IIS       - Skip IIS checks.
	/n OS        - Skip Windows operating system, IE, Office and Outlook checks.
	/n Password  - Skip password checks.
	/n SQL       - Skip SQL checks.
	/n Updates   - Skip security update checks.
   The above can be combined, for example:
   /n OS + IIS + Updates   -  skip IIS, Windows, and security update checks.

Security Update Scan Options
	/sus SUS server | SUS filename - Check only for security updates that are approved
          at the specified SUS server, or at the file path of the Approveditems.txt file.
          e.g. http://server or http://server/Approveditems.txt.
          If neither is specified, the value will default from the registry (set via Group Policy)
	/s 1    - Suppress security update check note messages.
	/s 2    - Suppress security update check note and warning messages.
	/s 3    - Suppress warnings except for service packs.
	/nosum  - Security update checks will not test file checksums.

Output File Name 
	/o filename    By default, the output filename uses the format "domain - computername (date)"

Display the Results
	/e              - List the errors from the latest scan.
	/l              - List all the reports that are available.
	/ls             - List the reports from the latest scan.
	/lr report name - Display an overview report.
	/ld report name - Display a detailed report.
	/v              - Display security update reason codes.

Miscellaneous Options
	/?       - Usage help.
	/qp      - Do not display progress.
	/qe      - Do not display error list.
	/qr      - Do not display report list.
	/q       - Do not display progress, error list, or report list.
	/f       - Redirect the output to a file.
	/unicode - Generate unicode output, useful for Japanese versions of Windows.

Early versions of this command were known as HFNETCHK.

“It's completely intuitive; it just takes a few days to learn, but then it's completely intuitive” ~ Terry Pratchett.

Related:

Q320454 - Microsoft Baseline Security Analyzer (MBSA) version 1.2.1
Q296861 - Use QCHAIN to install multiple hotfixes with only one reboot.
Q310747 - System File Checker (Sfc.exe)
Equivalent bash command (Linux): rpm - Remote Package Manager


© Copyright SS64.com 1999-2014
Some rights reserved