NT Gatekeeper: Performing a Security Scan

How can I check my Windows NT 4.0 system for installed hotfixes, password settings, and other common security configuration settings? I prefer to use a GUI tool.

You can use the Microsoft Baseline Security Analyzer (MBSA) tool to perform a security scan on your NT 4.0 system. However, you can't install MBSA on an NT 4.0 machine, and you can run MBSA against only an NT 4.0 machine that has at least Service Pack 4 (SP4) installed.

To use MBSA, install Windows XP or Windows 2000 on a machine in the domain of the NT 4.0 machines you want to scan, then install MBSA on the XP or Win2K machine. You can download MBSA from http://download.microsoft.com/download/win2000platform/install/1.0/nt5xp/en-us/mbsasetup.msi.

You can run MBSA from the Windows GUI or the command prompt (mbsacli.exe). MBSA analyzes local and remote machines for information about their Windows OS versions, Microsoft IIS versions, Microsoft SQL Server versions, hotfixes, and password-, account-, and security-related settings. Running a security check against an NT computer is simple—just double-click MBSA's desktop shortcut, click Scan a computer, enter the IP address of the NT machine you want to scan, select the desired scan options, and click Start scan. MBSA automatically generates a report at the end of a scan. For more information about the tool, see the MBSA white paper "Baseline Security Analyzer" and the Microsoft article "Microsoft Baseline Security Analyzer (MBSA) Version 1.0 Is Available".