And the resulting report sent to C:\Temp:

MBSACLI Switches:

MBSACLI [/target /r /d domain] [/n option] [/o file] [/qp] [/qe] [/qr]

[/qt] [/listfile file] [/xmlout] [/wa /wi] [/catalog file] [/nvc] [/ia] [/mu] [/nd] [/rd directory] [/?]

MBSACLI [/l] [/ls] [/lr file] [/ld file] [/unicode] [/nvc] [/?]

Description: This is a command line interface for Microsoft Baseline Security Analyzer Parameter List:

/target

domain\computer

Scan named computer.

/target

IP

Scan named IP address.

/r

IP-IP

Scan named IP addresses range.

/listfile

file

Scan named IP address or computer listed in the specified file.

/d

domain

Scan named domain (Use NetBIOS compatible domain name (Ex:

 

 

MyDomain) instead of Fully Qualified Domain Name

 

 

(Ex:Mydomain.com) ).

/n

option

Select which scans to NOT perform. All checks are performed by

 

 

default.

 

 

Valid values: "OS", "SQL", "IIS", "Updates", “Password", Can be

 

 

concatenated with "+" (no spaces).

/wa

 

Show only updates approved on the WSUS server.

/wi

 

Show all updates even if not approved on the WSUS server.

/nvc

 

Do not check for a new version of MBSA.

/o

filename

Output XML file name template.

 

 

Default: %D% - %C% (%T%).

/qp

 

Do not display scan progress.

 

 

15