Scheduled MSBA Scans

The Microsoft Baseline Security Scanner comes with a Command Line Interface. So it is pretty easy make a bat file to schedule. You will need blat to email the notification if you want. I tried to make blat email a UNC or URL link to where the reports are saved but have not had luck. Put your list of targets to scan in the servers.txt file with one name per line.

rem ———- Set Variables
set MailTo1=”admin@company.com”
set ServerList=g:\logs\servers.txt
set ArchivePath=g:\logs\LogArchive\MBSA
set ReportPath=%ArchivePath%
set MBSAPath=”C:\Program Files\Microsoft Baseline Security Analyzer 2\”
set uname=%username%

rem ———- Enter Logs folder and clear out temp files and old reports
del “%userprofile%\SecurityScans\*.mbsa”
del resultslist.txt

rem ———- Run MBSA Against Server List to Generate Reports
%MBSAPath%mbsacli /listfile %ServerList%

rem ———- archive scan
@ECHO OFF
FOR /f “tokens=2-4 delims=/ ” %%G IN (‘DATE /T’) DO (
SET _mm=%%G
SET /A _dd=%%H
SET _yyyy=%%I
)
@ECHO ON

mkdir %ArchivePath%\%_yyyy%%_mm%%_dd%
copy “%userprofile%\SecurityScans\*.mbsa” %ArchivePath%\%_yyyy%%_mm%%_dd%\*.mbsa
dir /b %ArchivePath%\%_yyyy%%_mm%%_dd%\ > resultslist.txt

rem ———- use blat to email report
blat -to %MailTo1% -subject MBSA-Scan-Completed -sig resultslist.txt -body “To view results check files located at %ReportPath%\%_yyyy%%_mm%%_dd%\”

Share

8 Replies to “Scheduled MSBA Scans”

  1. Have you had any problems using MSBA 2.x on Win XP SP2 machines with File and Printer Sharing exception enabled in Windows Firewall?

    I’ve had that many problems, that I have a script that temporarily disables the firewall runs MSBA and then enables it.

  2. Have you had any problems using MSBA 2.x on Win XP SP2 machines with File and Printer Sharing exception enabled in Windows Firewall?

    I’ve had that many problems, that I have a script that temporarily disables the firewall runs MSBA and then enables it.

  3. Nope. We don’t use the firewall on internal only machines. Plus this was really made for checking servers not all desktop clients on the network. I can see where that can be an issue just not one we have run into.

  4. Nope. We don’t use the firewall on internal only machines. Plus this was really made for checking servers not all desktop clients on the network. I can see where that can be an issue just not one we have run into.

  5. I see.

    I really don’t have as much use for MSBA on our workstations as I used to since all are very much uniform with one local admin the rest run as limited users. WSUS, ePO reporting is done at least once a month, so I can factor in that as well. I also only have one server to look after.

    One additional thing about blat, since I don’t have a SNMP server and that port is locked down, is there any way not to use SNMP and use Exchange…somehow.

  6. I see.

    I really don’t have as much use for MSBA on our workstations as I used to since all are very much uniform with one local admin the rest run as limited users. WSUS, ePO reporting is done at least once a month, so I can factor in that as well. I also only have one server to look after.

    One additional thing about blat, since I don’t have a SNMP server and that port is locked down, is there any way not to use SNMP and use Exchange…somehow.

Comments are closed.