MBSACLI (download v2.3)

Baseline Security Analyzer.

      mbsacli [/c|/i|/r|/d domainname|ipaddress|ipaddressrange]
                 [/n option] [/sus SUS server|SUS filename]
                    [/s level] [/nosum] [/nvc] [/o filename] [/e] [/l] [/ls]
                       [/lr report name] [/ld report name] [/v] [/?]
                          [/qp] [/qe] [/qr] [/q] [/f] [/unicode]

The Computer to Scan:
  no option           - Scan the local computer.
  /c domainname\computername - Scan the named computer.
  /i xxx.xxx.xxx.xxx         - Scan the specified IP address.
  /r xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx - Scan the specified range of IP addresses.
  /d domainname              - Scan the named domain.

Items NOT to update

  /n IIS       - Skip IIS checks.
  /n OS        - Skip Windows operating system, IE, Office and Outlook checks.
  /n Password  - Skip password checks.
  /n SQL       - Skip SQL checks.
  /n Updates   - Skip security update checks.
   The above can be combined, for example:
   /n OS + IIS + Updates   -  skip IIS, Windows, and security update checks.

Security Update Scan Options
  /sus SUS server | SUS filename - Check only for security updates that are approved
          at the specified SUS server, or at the file path of the Approveditems.txt file.
          e.g. https://server or https://server/Approveditems.txt.
          If neither is specified, the value will default from the registry (set via Group Policy)
  /s 1    - Suppress security update check note messages.
  /s 2    - Suppress security update check note and warning messages.
  /s 3    - Suppress warnings except for service packs.
  /nosum  - Security update checks will not test file checksums.

Output File Name 
  /o filename    By default, the output filename uses the format "domain - computername (date)"

Display the Results
  /e              - List the errors from the latest scan.
  /l              - List all the reports that are available.
  /ls             - List the reports from the latest scan.
  /lr report name - Display an overview report.
  /ld report name - Display a detailed report.
  /v              - Display security update reason codes.

Miscellaneous Options
  /?       - Usage help.
  /qp      - Do not display progress.
  /qe      - Do not display error list.
  /qr      - Do not display report list.
  /q       - Do not display progress, error list, or report list.
  /f       - Redirect the output to a file.
  /unicode - Generate unicode output, useful for Japanese versions of Windows.

Early versions of this command were known as HFNETCHK.

“It's completely intuitive; it just takes a few days to learn, but then it's completely intuitive” ~ Terry Pratchett.

Related commands

Q296861 - Use QCHAIN to install multiple hotfixes with only one reboot.
Q310747 - System File Checker (Sfc.exe)
Equivalent bash command (Linux): rpm - Remote Package Manager.

Copyright © 1999-2023 SS64.com
Some rights reserved