It seems BSA reports are inconclusive and can only be used to try to give you an overall view of what MIGHT be out of compliance. It reports on the side of error, meaning if it cannot find the right keys in the registry, even though it is installed, it will report it anyway as not being installed. Hmmm, good tool? sure okay, but do i want my auditors to see this? NO WAY.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, April 26, 2002 12:00 PM To: [EMAIL PROTECTED] Subject: MS Baseline Security Analyzer? I've had a chance to use this new tool on my three servers. 1. It told me I had 3 hotfixes missing,MS02001, 016, and 022. When downloading patch MS02001, it says that this patch is part of the Security Rollup Package 1. I installed this package on all w2000 machines as well as my 3 w2000 servers when it was first released. Why can it not see that it is installed already? 2. I downloaded and installed the other two hotfixes, rebooted, and reran the scanner. The hotfixes still show as not being installed. 3. I've changed other settings it told me were a risk, yet it never changes it's analysis when run again. Has anyone else encountered these and similar issues? thanks dp
