HP t5740e, Baseline Security Analyzer 2.2 Use Manual
Using Microsoft®
Baseline Security
Analyzer 2.2
®
and WindowS
Update
For HP Thin Clients running Microsoft
Windows Embedded Standard 7
Table of Contents:
Microsoft Baseline Security Analyzer 2.2 .............................................................. 2
Preface ........................................................................................................... 2
Introduction .................................................................................................... 2
Background .................................................................................................... 2
Installation on WES 7 ...................................................................................... 3
Scanning Options ............................................................................................ 6
Key Options for Thin Clients: ................................................................... 6
Features .......................................................................................................... 7
Enhanced Reporting: ............................................................................... 7
Using Microsoft Baseline Security Analyzer 2.2 ................................................ 7
Using the MBSA GUI with WES 7 ............................................................. 7
Using MBSA Command-line with WES 7 ................................................ 11
Using MBSA in OFF-line Mode with WES 7 ............................................ 14
Localizations ................................................................................................. 18
Issues ........................................................................................................... 18
Using Windows Update on WES 7 ..................................................................... 18
Introduction .................................................................................................. 18
Audience ...................................................................................................... 19
Overview ...................................................................................................... 19
RAM Drive Considerations ............................................................................. 19
Good News about WES 7 Quick Fix Engineering (QFE) Releases ..................... 20
Disk Space Concerns ..................................................................................... 20
HP Windows Update Perspective ................................................................... 20
How to Enable Windows Update ................................................................... 21
HKEY Local Machine ............................................................................. 21
HKEY Current User ................................................................................ 21
Microsoft Baseline Security Analyzer 2.2
Preface
The scope of this document is focused on how customers can identify the most
current Microsoft Quick Fix Engineering (QFE) releases and Security Updates that
are applicable to their Golden Master image and is not concerned with the process
of downloading and deploying these items.
The Microsoft Baseline Security Analyzer (MBSA) solution presents a Microsoftsupported method for discovering and identifying security updates, on-demand,
without the customer having to wait for the same update to be packaged, tested,
and then delivered to http://www.hp.com/
for identifying necessary security updates.
Introduction
. This process is recommended by HP
This white paper describes the application of MBSA on HP thin clients with WES 7
for the purpose of assessing the security state and detecting missing security
updates for this platform.
Background
To easily assess the security state of Windows machines, Microsoft offers the free
Microsoft Baseline Security Analyzer (MBSA) scan tool. MBSA includes a graphical
and command line interface that can perform local or remote scans of Microsoft
Windows systems.
®
MBSA 2.2 runs on Windows Server
2008, Windows Vista™, Windows Server 2003, Windows XP and Windows
2000 systems and will scan for missing security updates, rollups, and service packs
using Microsoft Update technologies. MBSA also scans for common security
misconfigurations (also called Vulnerability Assessment checks) using a known list of
less secure settings and configurations for all versions of Windows; Internet
Information Server (IIS) 5.0, 6.0, and 6.1; SQL Server 2000 and 2005; Internet
Explorer
To assess missing security updates, MBSA only scans for missing security updates,
update rollups, and service packs available from Microsoft Update. MBSA does not
scan or report missing non-security updates, tools, or drivers.
®
(IE) 5.01 and later; and Office 2000, 2002, and 2003 only.
2008 R2, Windows 7, Windows Server
2
Installation on WES 7
The MBSA graphical user interface (GUI) is a simple and seamless installation
process for WES 7 that only takes approximately 2 Mb of disk space.
Windows Update must be enabled first, go to Control Panel and open Windows
Update:
1. Click Change Settings.
3
2. Under Important Updates, choose Never check for updates..., then click OK.
Windows Update is now active:
3. Install MBSA 2.2. Once finished, the Write Filter must be committed and the
system rebooted:
4
5
Scanning Options
Key Options for Thin Clients:
Check for Security Updates
Select this option to check the target computer for missing Microsoft Windows
updates. When you select this option, you can also specify the following options:
Configure Computers for Microsoft Update and Scanning
Prerequisites
Select this option to install the current version of the Windows Update Agent on the
target computer, if it is absent or out of date, and to configure the target computer
to meet other requirements for scanning for security updates.
Scan Using Update Services Servers Only
Select this option to scan only for those security updates that are approved on the
computer's assigned Windows Server Update Services (WSUS) server. The
Microsoft Update website or an offline catalog is not used.
Scan using Microsoft Update Only
Select this option to use only the security update catalog downloaded from the
Microsoft Update website to determine the updates to be checked. Updates that are
not approved on the computer's WSUS server are reported as though they were
approved. If the Microsoft Update website cannot be reached by the client, an error
is reported.
6
Features
Enhanced Reporting:
• Current Update Compliance appears in the report; installed and needed
updates are reported together in a single scan report.
• Maximum bulletin severity and update package download links are now
available in report details.
• Access to the live Microsoft Update site for published content for live (online)
security update assessment, as well as an off line catalog for customers with
limited or secure internet access are provided.
• Command-line option to redirect reports to a user-selected directory or network
share using /rd option is available.
• Reports can now be easily shared and viewed.
• Multiple copies of MBSA can be run for increased scanning performance.
• Structured XML output offers simplified integration for update scanning.
• Specific web links are available for locating updates and taking necessary
actions.
Using Microsoft Baseline Security Analyzer 2.2
Using the MBSA GUI with WES 7
The target system must be connected to the Internet in order to download the current
Microsoft Security Update database.
1. Click Scan a computer.
7
Loading...