In addition to the SMS objects created to distribute the SMS 2003 R2 Scan Tool for Vulnerability Assessment, Setup gives you the option of creating additional SMS objects to distribute the Microsoft Baseline Security Analyzer (MBSA) scan engine to your clients. If you are certain that all of your clients already have MBSA installed, you do not need to have Setup install the agent. However, if you attempt to run the SMS 2003 R2 Scan Tool for Vulnerability Assessment on a client that does not have MBSA installed, the Vulnerability Assessment Tool advertisement will fail.
If you decide to have Setup create the objects to install MBSA, you must specify a base name for the additional objects that SMS will create. The suggested base name is MBSA 2.0. The documentation assumes you are using the default base name. If you choose another name, it must be different from any existing SMS objects.
When configured to create the objects to install MBSA,
Setup creates a package with the default name of
MBSA 2.0. The MBSA 2.0 package always
obtains its source files from the
which is located under the installation directory you specify
|Do not rename the packages or move the package source folder after installation. Doing so will cause the inventory scans to fail.|
Setup is automatically configured to copy the package to all distribution points in the site and to all child sites. If you prefer to limit the distribution points that contain the Vulnerability Assessment Tool package, clear this setting in the wizard and manually configure the distribution points for the package after Setup is complete.
|Setup does not create any advertisements for this package, but it does add the MBSA 2.0 package and MBSA Install Silently (without shortcuts) program to the Run another program first setting on the Advanced tab of each Vulnerability Assessment program. This ensures that MBSA 2.0 is installed on the client before installing the tool and scanning for vulnerability assessments.|
When configured to create the objects to install MBSA, Setup creates the following three programs to manage MBSA on the SMS client computers:
- MBSA Install Silently:
%\System32\msiexec.exe /m mbsa.mif /I /mbsasetup-en.msi /qn
- MBSA Install Silently (without shortcuts):
%\System32\msiexec.exe /i mbsasetup-en.msi /m mbsa.mif TRANSFORMS=MBSA-SHORTCUT.mst /qn
- MBSA Uninstall Silently:
%\System32\msiexec.exe /x mbsasetup-en.msi /qn
All programs have the following additional settings:
- Run hidden.
- Do not reboot the computer after running.
- Can run only on Windows 2000, Windows XP, and Windows
- Can run whether or not a user is logged on.
- Run with administrative rights.
- Suppress program notifications.