1. What are other available password policy options that could be enforced to improve security? Enforce password history, Maximum password age, Minimum password age, Minimum password length, Store passwords using reversible encryption, and Passwords should always meet complexity requirements
2. Is using the option to “Store passwords using reversible encryption” a good security practice? Why or why not?
The Store password using reversible encryption policy setting provides support for applications that use protocols that require the user's password for authentication. Storing encrypted passwords in a way that is reversible means that the encrypted passwords can be decrypted. A knowledgeable attacker who is able to break this encryption can then log on to network resources by using the compromised account. For this reason, never enable Store password using reversible encryption for all users in the domain unless application requirements outweigh the ...view middle of the document...
5. Could you perform the analysis on other computers? If so, how do you connect from the main computer?
You can also use MBSA to scan a group of computers based on domain membership, an IP address range, or an explicit list of computers by NetBIOS name. To scan a range of computers, specify /d (for domain), /r (for IP address range), or /listfile (for a list of computer names separated by newline characters) as the command-line switch.
6. What sources could you use to perform the MBSA security state?
Computer by Name or IP and multiple Computers by Domain or IP Range
7. What does WSUS stand for and what does it do?
Windows Server Update Service and it downloads Microsoft updates to a single server and deploys them
8. What is the difference between MBSA and Microsoft® Update?
MBSA scans for security vulnerabilities while Microsoft update checks the Microsoft database for available updates. They are two totally different tools.
9. What are some of the options that you can use when employing the MBSA tool?
You can read all possible command-line (scriptable) options either from the MBSA help file after you install MBSA or by using the MBSACLI /? command from the command-line.
10. Explain a scenario in which an organization can use MBSA, WSUS, and Windows Update in a combined strategy to maintain enterprise-level systems and keep them up to date.
Organizations are faced with the difficult and time-consuming task of securing and managing network systems, and keeping their desktops and servers up-to-date—all of this in the face of constrained resources and the uncertainty as to whether systems are, in fact, secure. Organizations want easy and efficient ways to maintain network security, manage updates, and, at the same time, reduce total costs for security management. With a number of Microsoft tools and technologies, including those integrated in Windows 2000 Server, the Microsoft Baseline Security Analyzer (MBSA), Microsoft Operations Manager (MOM), Software Update Services (SUS), and System Management Server, IT administrators can more effectively manage the security of their Windows environments.