Hello. My name is Dustin. And welcome to Windows Security.
Microsoft Baseline Security Analyzer. Demo.
So in this demo, we're just gonna do a really quick run through of the NBS A or the Microsoft Baseline Security analyzer. I'm gonna show you how to download it, install it and then run your first scan. So let's go ahead and hop into our window. Seven virtual machine.
All right, so I'm in the virtual machine now, and all I did to find it was just search for NBS a download. And it takes you to Microsoft dot com, uh, flashy and dashed us since that's where I am. Slash downloaded. Then here's the download idea. Looks like 19892
So then all I do is download.
And this is a window seven virtual machine only running in 32 bits. All need to make sure I get the X 86 version Dash Ian for English. If you do have a 64 bit machine, you can use the 64 bet installer. So I have already got it downloaded. Let's take a look here.
All right, So, as you can see, I've got it right here. It's just your standard installer.
I've already installed it, so it'll just wants me to reinstall her. Repair it. But all you do is accept the terms and agreements and then just
install it. It takes just over a minute and let's go ahead and launch it here. So this is the first screen you get when you get it. Looks like I do. You have an older version. Not sure why they solve it on their website. Um,
but it is what it is. So here you can choose to scanning computer and you can do this over a network or just the local machine. And same thing. You can actually scanned multiple computers as well. And then you do have the option to view existing scan reports. So if you have an old one that you needed to view or print, you can put that in there.
So we're just gonna do scanning computer and it is this computer. Ah, that is the one I want to scanned. This is where you would enter a night p address. If you did have a remote computer that you wanted to scan
and then this is just the report name it shows you what each one's for us. It looks like it's gonna do the domain dash computer and then the date and time. So you do have a few options t go through, and, um, we'll just go through. So check for Windows administrative vulnerabilities. This just searches for any
admin vulnerabilities that your Windows machine may have
check for weak passwords. Pretty self explanatory. There. It's gonna check all the passwords and determine whether or not they are weak. And then you've got your I s admin privileges sequel, admin, privileges, vulnerabilities. I'm sorry.
And then also the security updates. And that's from that cab file. If you remember from our previous slide.
So we will go ahead and start our scan. I have already done the scans. That should run pretty quick, I think the first time I ran it, though it did take a about 3 to 5 minutes. Um,
so not not too long. This one should go quite a bit quicker. What it'll do first is actually contact my yourself to get a list of the current updates, and then I will use that cab file and compare them so we can see which ones you may be missing. And since I just built this machine looks like
there's quite a bit of vulnerabilities here.
Looks like one or more critical check was failed. So I am missing some Windows security updates. I'm not running a sequel server or silver light, so that's good there. Uh, it doesn't like that auto log on is configured on the computer
England. Incomplete updates looks like couple admin users and their five user accounts that have non expiring passwords, and this is just downloaded directly from Mike's offside into any configuration on. But the really cool thing is, it'll actually tell you what was scanned or how it found this and then how to correct it as well.
So say I didn't know how to
turn off the auto log on feature on Windows. I can click the how to correct this, and it will tell me here.
So it looks like to disable this feature. I can use the registry editor
and remove the auto log. I'm sorry, auto admin, log on and default password. And here it tells you the exact steps on what you need to do it,
it is storing credentials
and tells you 01 must be zero to remove the future. So this tells you exactly what you need to do to fix the issue,
so it's pretty handy. It'll tell you exactly what you're missing if you are offline and you can't contact, um, Microsoft to actually
patch or update the machine, and then it does run through a couple other things like the Loggains, the updates, administrator issues and then password expiration as well.