Since its release, Microsoft Systems Management Server 2003 has had the ability to scan client computers using the Microsoft Baseline Security Analyzer (MBSA) and to inventory the SMS clients for missing software updates. MBSA also has the ability to look for certain types of security vulnerabilities and report back on them, but this feature has not been available within SMS until now. When you install the SMS 2003 R2 Scan Tool for Vulnerability Assessment, Setup will create SMS objects (packages, programs, collections, and advertisements) to deploy the MBSA scan tool to SMS clients for the purpose of reporting on known vulnerabilities. Setup also gives you the option to create SMS objects to distribute MBSA to your SMS clients. After SMS clients have run the advertisement for the scan tool, and after the client’s hardware inventory is received at the site server, you can view reports on the vulnerabilities discovered by MBSA. SMS does not include the ability to automatically remediate any of these vulnerabilities, but in some cases it may be possible for you to create remediation scripts and distribute them using SMS software distribution. The SMS 2003 R2 Scan Tool for Vulnerability Assessment does not scan clients for missing software updates or create packages to distribute software updates to clients. If you want to manage software updates for your SMS clients, you should also install the SMS 2003 Inventory Tool for Microsoft Updates, available on the SMS 2003 Inventory Tool for Microsoft Updates Web site (http://go.microsoft.com/fwlink/?LinkID=50169), or the SMS 2003 R2 Inventory Tool for Custom Updates and supporting software updates catalogs. For more information, see Inventory Tool for Custom Updates.

This section covers the installation and use of the SMS 2003 R2 Scan Tool for Vulnerability Assessment. Before you can successfully run the scan tool and view the reports, you must also perform the following tasks:

• Deploy SMS client software to computers you want to manage.
  
  
• Configure the Advertised Programs Client Agent.
  
  
• Configure the Hardware Inventory Client Agent.
  
  
• Configure a reporting point.
  
  

For more information about these tasks, see Scenarios and Procedures for Systems Management Server 2003: Planning and Deployment, available from the Systems Management Server 2003 Product Documentation Web page (http://go.microsoft.com/fwlink/?LinkID=9502). This document does not include information about how to create remediation scripts for discovered vulnerabilities.

In This Section