Check Servers for Applied Patches
Make sure your Windows servers have the latest patches installed.
Keeping a network
of systems patched and up-to-date is hard enough in Unix, but it can
be even more difficult on Windows systems. A lack of robust built-in
scripting and remote access capabilities makes Windows unsuitable for
automation. Nevertheless, before you even attempt to update your
systems, you need to know which updates have been applied to each
system; otherwise, you might waste time and effort updating systems
that don’t need it. Clearly, this problem gets more
difficult as the number of systems that need to be managed increases.
We can avoid much of the extra work of manually updating systems by
using the HFNetChk
tool, which was originally a
standalone program from Shavlik Technologies. It is now a part of
Microsoft’s Baseline
Security Analyzer (http://download.microsoft.com/download/8/e/e/8ee73487-4d36-4f7f-92f2-2bdc5c5385b3/mbsasetup.msi)
and is available through its command-line interface,
mbsacli.exe
.
Not only can HFNetChk remotely check the status of Windows Server 2003 and Windows XP/2000/NT, but it can also check whether critical updates for IIS, SQL Server, Exchange Server, Media Player, and Internet Explorer have been applied. Although it can only check the update status of a system (and won’t actually bring the system up-to-date), it is still an invaluable timesaving tool.
HFNetChk works by downloading a signed and compressed XML file from Microsoft that contains ...
Get Network Security Hacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.