ARMED WITH THIS KNOWLEDGE, WE CAN NOW GO ABOUT GETTING ANDINSTALLING THE REQUIRED FIXES AND PATCHES ON OUR COMPUTERS

5. - MCSA MCSE EXAM 70 296 STUDY GUIDE PHẦN 7 POTX 5. - MCSA MCSE EXAM 70 296 STUDY GUIDE PHẦN 7 POTX 5. - MCSA MCSE EXAM 70 296 STUDY GUIDE PHẦN 7 POTX
MCSA MCSE EXAM 70 296 STUDY GUIDE PHẦN 7 POTX
5. Armed with this knowledge, we can now go about getting andinstalling the required fixes and patches on our computers. That is thetopic of the “Deploying and Managing Updates” section later in thischapter.The next method we examine is the Microsoft Network Security Hotfix Checker,commonly referred to as the HFNetChk tool.

The Microsoft Network Security Hotfix Checker

The Microsoft Network Security Hotfix Checker, HFNetChk, is a command-line tool thatcan be used to quickly analyze one or many computers to determine the installation statusof required security patches. In its current versions, it is accessed from and combined withthe Microsoft Baseline Security Analyzer Tool (v1.1). Unlike Windows Update, HFNetChkcan scan for missing updates from more than one product and can be scripted to performscans in a number of different configurations, depending on your organization’s needs.Products that HFNetChk currently scans include:

Windows 2000 Professional, Server, and Advanced Server

Windows XP Professional

Windows NT Workstation 4.0, Server 4.0, and Enterprise Edition Server 4.0

SQL Server 7.0

SQL Server 2000 Standard, Enterprise, and Conferencing Server

Exchange Server 5.5

Exchange Server 2000

Internet Information Server 4.0

Internet Information Services 5.0

Internet Explorer 5.01 or later

Windows Media Player

Microsoft Data Engine (MSDE) 1.0

N

OTEMBSA v1.1 does not scan Windows Server 2003 platform machines, although itmay be installed and used to scan other platforms as indicated in the precedingdiscussion. Microsoft indicates that the Windows Server 2003 functionality will beavailable in MBSA v1.2 when it is released.When the HFNetChk tool is run, it uses an Extensible Markup Language (XML) filecontaining information about all available hotfixes as its data source.The XML file containsall pertinent information about each product’s hotfixes, such as the security bulletin nameand title, and other detailed information about the hotfixes, including the file version,Registry keys applied by the hotfix, information about patches that supersede otherpatches, and various other important types of information about each hotfix.If the XML file is not found in the directory from which the HFNetChk tool is run oris not specified in the arguments for the HFNetChk tool, it will be downloaded from theMicrosoft Web site.The XML file comes in a digitally signed CAB format, and you mightbe asked to accept the download before the file is downloaded to your computer.After the CAB file has been downloaded and decompressed, HFNetChk scans theselected computers to determine the operating systems, applications, and service packs youhave installed. After this initial scan is completed, HFNetChk parses the XML file to iden-tify any security patches that are required (and not installed) for the configuration of eachcomputer scanned. If a patch is identified as being required but is not currently installed ona computer, HFNetChk returns output informing you so.By default, HFNetChk displays only those patches and fixes that are necessary to bringyour computers up to date. All other nonessential patches are not shown by default. In theevent that rollup packages exist, HFNetChk will not report the individual patches that therollup included as required.When determining the installation status of a patch on a com-puter, HFNetChk evaluates three distinct items: the file version and checksum of every filethat is installed by the patch and the Registry key that is installed by the patch. If theRegistry key is not found, HFNetChk assumes the patch is not installed. If the Registrykey is found, HFNetChk looks for the files that correspond to that patch, comparing thefile version and checksum to the XML file. If any one test fails, the output will be that thepatch is not installed.You can, however, disable checking Registry keys as part of the anal-ysis process, as we see later in this section.The basic syntax of the HFNetChk tool is:

mbsacli.exe /hf [-h hostname] [-i ipaddress] [-d domainname] [-n] [-b]

[-r range] [-history level] [-t threads] [-o output]

[-x datasource] [-z] [-v] [-s suppression] [-nosum]

[-u username] [-p password] [-f outfile] [-about]

[-fh hostfile] [-fip ipfile] [–fq ignorefile]

Table 8.5 provides the function of each of the HFNetChk switches.

Table 8.5

The HFNetChk SwitchesSwitch Explanation-h hostname Specifies the NetBIOS name of the computer to be scanned. If not specified, the default is localhost.-i ipaddress Specifies the IP address of the computer to be scanned. If not specified, the default is the local computer.-d domainname Specifies the domain name to be scanned. All eligible com-puters in the domain will be scanned.-n Specifies that the local network is to be scanned. All eligible computers on the local network will be scanned.-b Compares the current status of fixes to that of a minimum secure baseline standard.-r range Specifies the inclusive IP address range that is to be scanned in the format start_IP-end_IP—for example, 192.168.0.100-