Microsoft Baseline Security Analyzer 2.2 (MBSA) is a tool that provides a streamlined method of identifying any missing security updates or any common security misconfigurations in your instances of SQL Server. This tool is available for download from Microsoft. Just choose your appropriate language and the destination where you would like to save the installation package to and your away.
How to Install MBSA
To install MBSA 2.2 is a relatively simple process. The steps are:
1. Double click on your downloaded MBSASetup-x64-EN.msi ( I have the 64 bit English version)
2. Select Run
3. Click Next
4. Accept the license agreement, Select Next
5. Choose your installation destination by using the Browse button, Click Next
6. Installation is now ready, Click Install
How to use MBSA 2.2
Now that we have installed MBSA 2.2 we can now check our existing environments to ensure that we are up to date with all of our security patches and configuration to help limit the possible security issues that we could incur.
Upon opening MBSA (ensure you run this as an administrator) for the first time we will be greeted with this screen as shown below:
The first thing we want to do is scan a computer (in my case as I am only doing this on my laptop). You may want to use the Scan Multiple Computers in your environment once your happy with how to use this tool.
For further information on the options for scanning click on the “Scanning Options” link at the bottom. The default options are suitable to get your scanning underway. You will require access to the internet from the machine that you are running the tool so that it can determine if your environment (machine) has the most up to date security information. Once you have started the scan this may take some time to complete. Just be patient and go and get yourself a coffee.
The results that come back from the scan gives you a break down per section:
Security Update Scan Results
Windows Scan Results
IIS Scan Results
SQL Server Scan Results
SQL Server Reporting Services Scan Results (If you have this installed)
SQL Server Analysis Services Scan Results (If you have this installed)
From the results you can then go and look deeper into any issues and resolve the issues. As can be seen below:
There are some issues with this instance of SQL Server. For example the “Folder Permissions” have an issue. To find out further information on the issue and how to correct the issue click on the “How to correct this” link.
You also have the ability to look back at previous security scans. From the main screen select “View Security Reports” and select the appropriate report you would like to review.
MBSA is a pretty simple effective tool that quickly and easily allows you to check your environment to bring it into line with recommended settings and patches. Once you have a report the detailed steps on how to resolve these are available for you on the appropriate links in the report to the right of the identified issue.
For more information have a read of How to use Microsoft Baseline Security Analyzer