Baseline Security Analyzer.

Syntax mbsacli [/c|/i|/r|/d domainname|ipaddress|ipaddressrange] [/n option] [/sus SUS server|SUS filename] [/s level] [/nosum] [/nvc] [/o filename] [/e] [/l] [/ls] [/lr report name] [/ld report name] [/v] [/?] [/qp] [/qe] [/qr] [/q] [/f] [/unicode] Options The Computer to Scan: no option - Scan the local computer. /c domainname\computername - Scan the named computer. /i xxx.xxx.xxx.xxx - Scan the specified IP address. /r xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx - Scan the specified range of IP addresses. /d domainname - Scan the named domain. Items NOT to update /n IIS - Skip IIS checks. /n OS - Skip Windows operating system, IE, Office and Outlook checks. /n Password - Skip password checks. /n SQL - Skip SQL checks. /n Updates - Skip security update checks. The above can be combined, for example: /n OS + IIS + Updates - skip IIS, Windows, and security update checks. Security Update Scan Options /sus SUS server | SUS filename - Check only for security updates that are approved at the specified SUS server, or at the file path of the Approveditems.txt file. e.g. http://server or http://server/Approveditems.txt. If neither is specified, the value will default from the registry (set via Group Policy) /s 1 - Suppress security update check note messages. /s 2 - Suppress security update check note and warning messages. /s 3 - Suppress warnings except for service packs. /nosum - Security update checks will not test file checksums. Output File Name /o filename By default, the output filename uses the format "domain - computername (date)" Display the Results /e - List the errors from the latest scan. /l - List all the reports that are available. /ls - List the reports from the latest scan. /lr report name - Display an overview report. /ld report name - Display a detailed report. /v - Display security update reason codes. Miscellaneous Options /? - Usage help. /qp - Do not display progress. /qe - Do not display error list. /qr - Do not display report list. /q - Do not display progress, error list, or report list. /f - Redirect the output to a file. /unicode - Generate unicode output, useful for Japanese versions of Windows.

Early versions of this command were known as HFNETCHK, written by shavlik technologies and supplied by Microsoft.

"It's completely intuitive; it just takes a few days to learn, but then it's completely intuitive" Terry Pratchett.


Q320454 - Microsoft Baseline Security Analyzer (MBSA) version 1.2.1

Q296861 - Use QCHAIN to install multiple hotfixes with only one reboot.

Q310747 - System File Checker (Sfc.exe)

Equivalent bash command (Linux): rpm - Remote Package Manager