Solved

How to download the cabinate file for scanning the missing security patches on the server?

Posted on 2016-08-24
4
131 Views
Last Modified: 2016-09-13
My Server is not updating from the wsus server, so I need to run the scanning
on the server for missing security patches, for that, I need to download the latest wsus cabinate file, please help.
0
Comment
Question by:satheesh kumar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 64

Assisted Solution

by:btan
btan earned 300 total points (awarded by participants)
ID: 41769577
May consider use of MBSA

Using MBSA without Internet access

In order to get the most accurate scan results, MBSA needs to download the latest updates from Microsoft.com. If you need to scan computers from a network that has no Internet access, you need to take extra steps to update MBSA since it won’t be able to reach Microsoft.com. To complete this step you need to update the Wsusscn2.cab file located in %SystemDrive%\Users\UserName\AppData\Local\Microsoft\MBSA\Cache. The Wsusscn2.cab file (signed by Microsoft) contains the security updates, update rollups, and service packs that are available from Microsoft Update. Wsusscn2.cab is automatically updated when a security update, update rollup, or service pack is added, removed, or revised on the Microsoft Updates site. Computers that are not connected to the Internet can be scanned and then updated for the updates in the WsusScn2.cab file.
https://dougvitale.wordpress.com/2011/11/18/microsoft-baseline-security-analyzer/#nointaccess
0
 
LVL 7

Accepted Solution

by:
Hector2016 earned 200 total points (awarded by participants)
ID: 41770145
Please use the WSUSOffline tool for all computers without direct access to the internet or to WSUS.

http://download.wsusoffline.net/

You need to run this tool on a computer with internet access and then share the Client folder to every offline computer, then run the Installer application inside that folder from each computer and it will update the computer. You can also create ISO files with collections of updates for each windows or office versions and languages.

You dont need to worry about the location of the WSUS cabinet file, because the tool will download and use it transparently.
0
 
LVL 64

Assisted Solution

by:btan
btan earned 300 total points (awarded by participants)
ID: 41770256
Can check out MBSA for offline as shared earlier too
MBSA uses files that it downloads from the Internet, but the computer I want to use to scan my network doesn't have Internet access. How can I use MBSA in an offline and secure environment?

You can either perform the scan using the mbsacli command-line utility with the /nd (do not download) parameter, or you can perform the scan using the GUI. Before scanning you must copy the necessary files to the computer performing the scan.

Four types of files are required:
Security update catalog (wsusscn2.cab), available from the  Microsoft Web site
Windows Update Redistribution Catalog (wuredist.cab) located at  

http://update.microsoft.com/redist/wuredist.cab
Authorization catalog (muauth.cab) for Windows Update site access, available from the  Microsoft Web site or by examining the contents of the wuredist.cab file located at  

http://update.microsoft.com/redist/wuredist.cab

Windows Update Agent standalone installers (if not already installed): For x86-based computers (WindowsUpdateAgent30-x86.exe) or
For x64-based computers (WindowsUpdateAgent30-x64.exe) or
For ia64-based computers (WindowsUpdateAgent30-ia64.exe), the latest versions are available by examining the contents of the wuredist.cab file located at  

http://update.microsoft.com/redist/wuredist.cab

After downloading the files from the Microsoft Web site, copy all files listed above to the following folder on the computer performing the security update scan:
C:\Documents and Settings\<username>\Local Settings\Application Data\Microsoft\MBSA\Cache

Important: To ensure that MBSA has access to the most current versions of these files, you should download them on a weekly basis or after any release of security bulletins from Microsoft. This is especially important in the case of the security update catalog (Wsusscn2.cab) because Microsoft releases an updated version of this file whenever new security bulletins are released or updated.

When you run MBSA to perform security update checks on remote computers, MBSA deploys the Windows Update Agent to the remote computer. Although an ia64 version of the Windows Update Agent (WindowsUpdateAgent30-ia64.exe) is available for Itanium-based computers, MBSA does not automatically deploy this version. It must be installed and configured on Itanium-based computers before performing a security scan on those computers.
0
 
LVL 64

Expert Comment

by:btan
ID: 41795679
As explained for offline downloads and provided guidance on approaches.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question