Scan Your Windows Servers For Security Issues

by on May 15, 2008 | 1 comment

As someone who has to keep tabs on several Windows servers, the best way to make sure everything is in order is through consistency and methodology. Basically, what you do to one, do to all (unless, of course, the needs are different for each machine).

One tool I have found to be very valuable is the Microsoft Baseline Security Analyzer. In a nutshell, this tool scans your computer for common security problems (settings) and checks installations of data applications (SQL, MDAC, etc.) for updates and vulnerabilities. From the article “How To: Use the Microsoft Baseline Security Analyzer“:

Microsoft Baseline Security Analyzer (MBSA) checks for available updates to the operating system, Microsoft Data Access Components (MDAC), MSXML (Microsoft XML Parser), .NET Framework, and SQL Server. MBSA also scans a computer for insecure configuration settings. When MBSA checks for Windows service packs and patches, it includes in its scan Windows components, such as Internet Information Services (IIS) and COM+. MBSA uses Microsoft Update and Windows Server Update Services (WSUS) technologies to determine needed updates. This Microsoft Update data source is obtained either directly from the Microsoft Update Web site or, if offline or in a secure environment, from an offline catalog file named Wsusscn2.cab.

It is not feasible for me to be an expert on all things Windows security, so this tool is very helpful in making sure servers are reasonably secured. The utility works on all versions of Windows Server and Windows Vista and is recommended for any Windows system administrators.

Free eBook!

Like what you read?

If so, please join over 28,000 people who receive our exclusive weekly newsletter and computer tips, and get FREE COPIES of 5 eBooks we created, as our gift to you for subscribing. Just enter your name and email below:

Post A Comment Using Facebook

  • Harold Vandusen

    In addition, from my personal experience, I would also recommend you collect and analyze all security permissions across the server.
    This way you will be able to find potential security vulnerabilities such as wrong access rights distribution and you will have a chance to correct them.
    For such purposes you can use enterprise security reporter that can report on group memebrship, ntfs security, sharepoint secuirty as well as sql security with a plenty of predefined and customizable reports.
    All the reports are also schedulable and can be sent by e-mail.

What’s Your Preference?

Daily Alerts

Each day we send out a quick email to thousands of PCMECH readers to notify them of new posts. This email is just a short, plain email with titles and links to our latest posts. You can unsubscribe from this service at any time.

You can subscribe to it by leaving your email address in the following field and confirming your subscription when you get an email asking you to do so.

Enter your email address for
Daily Updates:

Weekly Newsletter

Running for over 6 years, the PCMECH weekly newsletter helps you keep tabs on the world of tech. Each issue includes news bits, an article, an exclusive rant as well as a download of the week. This newsletter is subscribed to by over 28,000 readers (many who also subscribe to the other option) - come join the community!

To subscribe to this weekly newsletter simply add your email address to the following field and then follow the confirmation prompts. You will be able to unsubscribe at any time.

Enter your email address for
Free Weekly Newsletter: