Solved

How to download the cabinate file for scanning the missing security patches on the server?

Posted on 2016-08-24
4
36 Views
Last Modified: 2016-09-13
My Server is not updating from the wsus server, so I need to run the scanning
on the server for missing security patches, for that, I need to download the latest wsus cabinate file, please help.
0
Comment
Question by:satheesh kumar
  • 3
4 Comments
 
LVL 62

Assisted Solution

by:btan
btan earned 300 total points (awarded by participants)
ID: 41769577
May consider use of MBSA

Using MBSA without Internet access

In order to get the most accurate scan results, MBSA needs to download the latest updates from Microsoft.com. If you need to scan computers from a network that has no Internet access, you need to take extra steps to update MBSA since it won’t be able to reach Microsoft.com. To complete this step you need to update the Wsusscn2.cab file located in %SystemDrive%\Users\UserName\AppData\Local\Microsoft\MBSA\Cache. The Wsusscn2.cab file (signed by Microsoft) contains the security updates, update rollups, and service packs that are available from Microsoft Update. Wsusscn2.cab is automatically updated when a security update, update rollup, or service pack is added, removed, or revised on the Microsoft Updates site. Computers that are not connected to the Internet can be scanned and then updated for the updates in the WsusScn2.cab file.
https://dougvitale.wordpress.com/2011/11/18/microsoft-baseline-security-analyzer/#nointaccess
0
 
LVL 7

Accepted Solution

by:
Hector2016 earned 200 total points (awarded by participants)
ID: 41770145
Please use the WSUSOffline tool for all computers without direct access to the internet or to WSUS.

http://download.wsusoffline.net/

You need to run this tool on a computer with internet access and then share the Client folder to every offline computer, then run the Installer application inside that folder from each computer and it will update the computer. You can also create ISO files with collections of updates for each windows or office versions and languages.

You dont need to worry about the location of the WSUS cabinet file, because the tool will download and use it transparently.
0
 
LVL 62

Assisted Solution

by:btan
btan earned 300 total points (awarded by participants)
ID: 41770256
Can check out MBSA for offline as shared earlier too
MBSA uses files that it downloads from the Internet, but the computer I want to use to scan my network doesn't have Internet access. How can I use MBSA in an offline and secure environment?

You can either perform the scan using the mbsacli command-line utility with the /nd (do not download) parameter, or you can perform the scan using the GUI. Before scanning you must copy the necessary files to the computer performing the scan.

Four types of files are required:
Security update catalog (wsusscn2.cab), available from the  Microsoft Web site
Windows Update Redistribution Catalog (wuredist.cab) located at  

http://update.microsoft.com/redist/wuredist.cab
Authorization catalog (muauth.cab) for Windows Update site access, available from the  Microsoft Web site or by examining the contents of the wuredist.cab file located at  

http://update.microsoft.com/redist/wuredist.cab

Windows Update Agent standalone installers (if not already installed): For x86-based computers (WindowsUpdateAgent30-x86.exe) or
For x64-based computers (WindowsUpdateAgent30-x64.exe) or
For ia64-based computers (WindowsUpdateAgent30-ia64.exe), the latest versions are available by examining the contents of the wuredist.cab file located at  

http://update.microsoft.com/redist/wuredist.cab

After downloading the files from the Microsoft Web site, copy all files listed above to the following folder on the computer performing the security update scan:
C:\Documents and Settings\<username>\Local Settings\Application Data\Microsoft\MBSA\Cache

Important: To ensure that MBSA has access to the most current versions of these files, you should download them on a weekly basis or after any release of security bulletins from Microsoft. This is especially important in the case of the security update catalog (Wsusscn2.cab) because Microsoft releases an updated version of this file whenever new security bulletins are released or updated.

When you run MBSA to perform security update checks on remote computers, MBSA deploys the Windows Update Agent to the remote computer. Although an ia64 version of the Windows Update Agent (WindowsUpdateAgent30-ia64.exe) is available for Itanium-based computers, MBSA does not automatically deploy this version. It must be installed and configured on Itanium-based computers before performing a security scan on those computers.
0
 
LVL 62

Expert Comment

by:btan
ID: 41795679
As explained for offline downloads and provided guidance on approaches.
0

Featured Post

Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

939 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now