Discussion:
Incomplete Scan
(too old to reply)
Bob Weiner
2009-06-03 18:21:14 UTC
Permalink
Raw Message
We'd like to use MBSA 2.1 to scan the windows machines on our network. This
worked at one time but now is failing (from multiple computers) with an
"Incomplete Scan" error. The "how to correct this" link says:

"manually install WUA on each target computer."

What broke? This worked before.

In a domain with a couple thousand computers, with some coming and going all
the time, are we really supposed to manually install an agent just to run a
scan? Can't MBSA do passive scans, like nmap, if it doesn't find an agent?
Doug Neal [MSFT]
2009-06-15 20:18:05 UTC
Permalink
Raw Message
Thank you for posting this, Bob.

Due to customer requests, MBSA 2.1 changed the default behavior was changed
to prevent automatic installation of updated Windows Update Agent clients
when needed on target machines. To re-enable this feature that was the
default behavior in MBSA 2.0.1, simply check the option to 'Configure
computers for Microsoft Update and scanning prerequisites' in the 'which
computer do you want to scan' screen. As long as you have administrative
rights on the target machines, MBSA will automatically deploy the latest WUA
client - which should solve this issue.

Also note that this settings is not retained between uses so there is no
chance a security auditor could unintentionally upgrade target clients. So,
be sure to re-check this each time you need it. I hope that helps...
--
--
Doug Neal [MSFT]
***@online.microsoft.com

This posting is provided "AS IS" with no warranties, and confers no rights.

If newsgroup discussion with experts and MVPs is unable to solve a problem
to your satisfaction, feel free to contact PSS for support on the Microsoft
Baseline Security Analyzer (MBSA). Information is available at the following
link:
http://support.microsoft.com/default.aspx

This e-mail address does not receive e-mail, but is used for newsgroup
postings only.
Post by Bob Weiner
We'd like to use MBSA 2.1 to scan the windows machines on our network.
This worked at one time but now is failing (from multiple computers) with
"manually install WUA on each target computer."
What broke? This worked before.
In a domain with a couple thousand computers, with some coming and going
all the time, are we really supposed to manually install an agent just to
run a scan? Can't MBSA do passive scans, like nmap, if it doesn't find an
agent?
Loading...