how to know for sure windows 2000 is up to date on patch?

[bing]

Archived from groups: microsoft.public.win2000.security (More info?)

Hi,

This windows 2000 server runs SQL 2000 and IIS 5.0. I'm pretty clear how to
patch SQL server and IIS. Just don't know much about OS level patching. I
don't want to get this machine connected to the network until I know for sure
it's update on patches. So can anybody tell me how I can check what OS
patches it may need, etc.?

Thanks in advance.

Bing

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

You can install MBSA on a machine that is connected to the outside
world and run it. This will trigger download of the latest mssecure.xml
file of test info. Then, open a cmd prompt and change to the install point
of MBSA and issue mbsacli /? to see the cmdline options, including
specifying the patch info file to use. You then basically need to take
this file to the disconnected machine, install MBSA and run mbsacli
in an offline mode telling it where you placed the file.

--
Roger Abell
Microsoft MVP (Windows Security)

"bing" <bing@discussions.microsoft.com> wrote in message
news17E289A-71CF-4834-A153-544AB7F61F3C@microsoft.com...
> Hi,
>
> This windows 2000 server runs SQL 2000 and IIS 5.0. I'm pretty clear how
to
> patch SQL server and IIS. Just don't know much about OS level patching.
I
> don't want to get this machine connected to the network until I know for
sure
> it's update on patches. So can anybody tell me how I can check what OS
> patches it may need, etc.?
>
> Thanks in advance.
>
> Bing

 

[bing]

Archived from groups: microsoft.public.win2000.security (More info?)

Thanks, Roger.

Does 'a machine that is connected to the outside world' have to be windows
2000 as well? I just run MBSA on my windows XP and got mssecure.xml file.
Not sure whether or not it's OS dependent and can be used on windows 2000.
Anybody want to provide more guidance? Thanks much.

Bing

"Roger Abell" wrote:

> You can install MBSA on a machine that is connected to the outside
> world and run it. This will trigger download of the latest mssecure.xml
> file of test info. Then, open a cmd prompt and change to the install point
> of MBSA and issue mbsacli /? to see the cmdline options, including
> specifying the patch info file to use. You then basically need to take
> this file to the disconnected machine, install MBSA and run mbsacli
> in an offline mode telling it where you placed the file.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
>
> "bing" <bing@discussions.microsoft.com> wrote in message
> news17E289A-71CF-4834-A153-544AB7F61F3C@microsoft.com...
> > Hi,
> >
> > This windows 2000 server runs SQL 2000 and IIS 5.0. I'm pretty clear how
> to
> > patch SQL server and IIS. Just don't know much about OS level patching.
> I
> > don't want to get this machine connected to the network until I know for
> sure
> > it's update on patches. So can anybody tell me how I can check what OS
> > patches it may need, etc.?
> >
> > Thanks in advance.
> >
> > Bing
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

These checklists are also helpful...

http://townsendonemedia.com/BulletInBlue/

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

You will be fine following Roger's advice. The computer you run MBSA on does
not have to be the same operating system. There is also a new version of
MBSA available now - version 2.0 for download. You also could put your
server on an isolated network connected to the internet and protected by a
firewall to go to Windows Updates to check for and install missing critical
security updates. Of course I would backup the server first to image type
backup just in case you have an issue with a particular update though you
should be able to uninstall all or most updates in Control Panel - add and
remove programs. --- Steve


"bing" <bing@discussions.microsoft.com> wrote in message
news:2F5B1D7A-9828-4D0D-88D5-CF6C5F6ECA36@microsoft.com...
> Thanks, Roger.
>
> Does 'a machine that is connected to the outside world' have to be
> windows
> 2000 as well? I just run MBSA on my windows XP and got mssecure.xml file.
> Not sure whether or not it's OS dependent and can be used on windows 2000.
> Anybody want to provide more guidance? Thanks much.
>
> Bing
>
> "Roger Abell" wrote:
>
>> You can install MBSA on a machine that is connected to the outside
>> world and run it. This will trigger download of the latest mssecure.xml
>> file of test info. Then, open a cmd prompt and change to the install
>> point
>> of MBSA and issue mbsacli /? to see the cmdline options, including
>> specifying the patch info file to use. You then basically need to take
>> this file to the disconnected machine, install MBSA and run mbsacli
>> in an offline mode telling it where you placed the file.
>>
>> --
>> Roger Abell
>> Microsoft MVP (Windows Security)
>>
>> "bing" <bing@discussions.microsoft.com> wrote in message
>> news17E289A-71CF-4834-A153-544AB7F61F3C@microsoft.com...
>> > Hi,
>> >
>> > This windows 2000 server runs SQL 2000 and IIS 5.0. I'm pretty clear
>> > how
>> to
>> > patch SQL server and IIS. Just don't know much about OS level
>> > patching.
>> I
>> > don't want to get this machine connected to the network until I know
>> > for
>> sure
>> > it's update on patches. So can anybody tell me how I can check what OS
>> > patches it may need, etc.?
>> >
>> > Thanks in advance.
>> >
>> > Bing
>>
>>
>>

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

The file of patch info in good for all supported OSs.

As Steve pointed out there is now MBSA 2.0, which uses
different file. Pre MBSA 2 patch info file is mssecure.xml
and this is left in the install dir of MBSA, but with MBSA 2
file is wsusscan.cab and is left many levels deep down in
the profile of the account that ran MBSA 2 (do a seach on
that account's folder in Documents and Settings).

--
Roger Abell
Microsoft MVP (Windows Security)

"bing" <bing@discussions.microsoft.com> wrote in message
news:2F5B1D7A-9828-4D0D-88D5-CF6C5F6ECA36@microsoft.com...
> Thanks, Roger.
>
> Does 'a machine that is connected to the outside world' have to be
windows
> 2000 as well? I just run MBSA on my windows XP and got mssecure.xml file.
> Not sure whether or not it's OS dependent and can be used on windows 2000.
> Anybody want to provide more guidance? Thanks much.
>
> Bing
>
> "Roger Abell" wrote:
>
> > You can install MBSA on a machine that is connected to the outside
> > world and run it. This will trigger download of the latest mssecure.xml
> > file of test info. Then, open a cmd prompt and change to the install
point
> > of MBSA and issue mbsacli /? to see the cmdline options, including
> > specifying the patch info file to use. You then basically need to take
> > this file to the disconnected machine, install MBSA and run mbsacli
> > in an offline mode telling it where you placed the file.
> >
> > --
> > Roger Abell
> > Microsoft MVP (Windows Security)
> >
> > "bing" <bing@discussions.microsoft.com> wrote in message
> > news17E289A-71CF-4834-A153-544AB7F61F3C@microsoft.com...
> > > Hi,
> > >
> > > This windows 2000 server runs SQL 2000 and IIS 5.0. I'm pretty clear
how
> > to
> > > patch SQL server and IIS. Just don't know much about OS level
patching.
> > I
> > > don't want to get this machine connected to the network until I know
for
> > sure
> > > it's update on patches. So can anybody tell me how I can check what
OS
> > > patches it may need, etc.?
> > >
> > > Thanks in advance.
> > >
> > > Bing
> >
> >
> >

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Thanks for that information! I just started playing with MBSA 2.0 but was
not yet aware of the change in files. -- Steve


"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:%236uJvLqhFHA.720@TK2MSFTNGP14.phx.gbl...
> The file of patch info in good for all supported OSs.
>
> As Steve pointed out there is now MBSA 2.0, which uses
> different file. Pre MBSA 2 patch info file is mssecure.xml
> and this is left in the install dir of MBSA, but with MBSA 2
> file is wsusscan.cab and is left many levels deep down in
> the profile of the account that ran MBSA 2 (do a seach on
> that account's folder in Documents and Settings).
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
>
> "bing" <bing@discussions.microsoft.com> wrote in message
> news:2F5B1D7A-9828-4D0D-88D5-CF6C5F6ECA36@microsoft.com...
>> Thanks, Roger.
>>
>> Does 'a machine that is connected to the outside world' have to be
> windows
>> 2000 as well? I just run MBSA on my windows XP and got mssecure.xml
>> file.
>> Not sure whether or not it's OS dependent and can be used on windows
>> 2000.
>> Anybody want to provide more guidance? Thanks much.
>>
>> Bing
>>
>> "Roger Abell" wrote:
>>
>> > You can install MBSA on a machine that is connected to the outside
>> > world and run it. This will trigger download of the latest
>> > mssecure.xml
>> > file of test info. Then, open a cmd prompt and change to the install
> point
>> > of MBSA and issue mbsacli /? to see the cmdline options, including
>> > specifying the patch info file to use. You then basically need to take
>> > this file to the disconnected machine, install MBSA and run mbsacli
>> > in an offline mode telling it where you placed the file.
>> >
>> > --
>> > Roger Abell
>> > Microsoft MVP (Windows Security)
>> >
>> > "bing" <bing@discussions.microsoft.com> wrote in message
>> > news17E289A-71CF-4834-A153-544AB7F61F3C@microsoft.com...
>> > > Hi,
>> > >
>> > > This windows 2000 server runs SQL 2000 and IIS 5.0. I'm pretty clear
> how
>> > to
>> > > patch SQL server and IIS. Just don't know much about OS level
> patching.
>> > I
>> > > don't want to get this machine connected to the network until I know
> for
>> > sure
>> > > it's update on patches. So can anybody tell me how I can check what
> OS
>> > > patches it may need, etc.?
>> > >
>> > > Thanks in advance.
>> > >
>> > > Bing
>> >
>> >
>> >
>
>