Microsoft Baseline Security Analyzer


If you need a quick (and free) security assessment of your standalone PC or a whole domain, I would suggest you use the Microsoft Baseline Security Analyzer. This tool is available to be downloaded here:

Why? I firmly believe and suggest this tool for all IT pro that needs to have a life, rather assessing one-on-one each and every workstation computer for the entire forest. There are tools out there for managing and monitoring of the entire domain like the Operations Manager 2007 (which by the way, I would really love to evaluate and hopefully in a couple of months be submitted for POC to my company, we are really growing rapidly and we wouldn’t want our operations to go out of hand!) for now I’ll go with the simplest tool that I found (MBSA 2.1).

 How? Really simple!

Just choose the most appropriate MSI installer from  @

I chose MBSASetup-x64-EN.msi (my Workstation is a 64 bit machine and I prefer ENglish)



















After downloading, launch the MSI installer.










The installation is really easy, just click next > Accept the License Agreement, next then Install!





















The setup will run and prompt you with this if the installation has been completed without errors.






To launch, go to your start then all programs, and you will see a newly highlighted shortcut icon "Microsoft Baseline Security Analyzer 2.1" . Launch the application.




  The MBSA 2.1 looks like this, (looks like a familiar screen to me like windows update)

you can choose to scan a computer or multiple computers, the first thing that I did is ofcourse, try it out on my workstation!

















I just clicked start scan










The scan just took about 5 minutes over a Vista Enterprise x64 on a AMD 64 X2 4800 with 2GB of Ram – loaded with development IDE’s (VS 2005,2008 and SQL 2005, 2008 Management studio)

On my results page, I see that I need to make sure that the update service is updating my local SQL server!
















If you are planing to scan multiple computers or a domain, here is the screen that will be shown. You just need to give the Domain name or the IP address range.

Note: you must have a local administrator privileges to run this.

Enough said more info is available at Technet


Published by


John is currently creating digital assets that protects people and their future, a technical trainer and a full time geek specializing on development and deployment of innovations created with .NET framework on Windows platform as well as Windows infrastructure projects. He is the primary contact of the Philippine Windows Users Group, a contributor at the Microsoft Philippines Community forums and regularly conducts community sessions as well as other Microsoft technology events. John owns the Busy Saving The World Techblog.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s