10.1. Scanning Exchange Servers for Security Patches
Problem
You want to ensure that your Exchange servers have the most up-to-date set of security patches.
Solution
Download the current version of Microsoft Baseline Security Analyzer (MBSA) tool from http://www.microsoft.com/mbsa. Follow the included instructions to install it on a Windows 2000, Windows XP, or Windows Server 2003 machine that belongs to a domain in the same forest as the servers you want to scan.
Using a graphical user interface
Open MBSA (c:\program files\Microsoft Baseline Security Analyzer\mbsa.exe).
From the initial MBSA page, choose whether you want to scan a single computer or more than one by clicking the appropriate link:
If you want to scan a single computer, you can specify it by computer name or IP address.
If you need to scan multiple computers, you can choose to scan by domain (in which case, MBSA will scan all computers it can see in that domain) or by IP address range.
You can optionally specify a format for the names of the reports produced in either mode; by default, the report name will include the domain name, computer name, and date and time of the scan. To speed up the scans as much as possible, you should uncheck the Check for weak passwords and Check for SQL vulnerabilities boxes (provided, of course, that you're only scanning your Exchange servers!).
Click Start scan. MBSA will attempt to fetch the latest version of the security updates list from Microsoft's web site, then it will begin scanning ...
Get Exchange Server Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
