Section 1 – To allow copy and paste text between administrator computer and VM via vSphere client
1. Poweroff the Windows Server (VM)
2. Change the following configuration parameters to allow copy and paste “text” via vSphere client
Section 2 – Use MBSA standalone to check a MS server for patch status and also transfer file between administrator computer and VM via vSphere client by mount the ISO file
3. Download “Folder2Iso” (http://www.softpedia.com/get/CD-DVD-Tools/CD-DVD-Images-Utils/Folder2ISO.shtml)
4. Download MBSA 2.3 and related files:
a. Download Microsoft Baseline Security Analyzer 2.3 (for IT Professionals) - http://www.microsoft.com/en-us/download/details.aspx?id=7558&tduid=(4c7cdc0dd0c55c8a10d5e21f1173f9a1)(256380)(2459594)(TnL5HPStwNw-Vt9plCUUmDbMRMjz_kd1Lg)()
b. Download Security update catalog (wsusscn2.cab) from : go.microsoft.com/fwlink/?LinkId=76054
Remark: You need to keep using the latest one before run the offline scan
c. Windows Update Redistribution Catalogue (wuredist.cab) located at http://update.microsoft.com/redist/wuredist.cab
5. Use Folder2Iso to convert those MBSA 2.3 files into ISO
6. Power on the Windows Server (VM)
7. Mount the ISO via vSphere client
8. Copy file from virtual CD to the server and install MBSA 2.3
9. After the installation of MBSA complete, copy the wsusscn2.cab and wuredist.cab to “C:\Program Files\Microsoft Baseline Security Analyzer 2”
And then, go to command promote to run:
MBSACLI /xmlout /catalog “C:\Program Files\Microsoft Baseline Security Analyzer 2\wsusscn2.cab” /unicode >updates.xml
10. Open the “updates.xml” by notepad and copy all text inside
Remark: You need to make sure all line being copied. Since the line and content in the files (updates.xml) may over the limit of VMware vSphere client able to copy, you need to check your result in file size very carefully. (I copy all text by separate the file into different parts – I did not copy all line in one time)
11. Paste all text into a file which is on your machine and rename it to “updates.xml”
12. Download the “Getupdate.ps1” from https://deploywindows.info/2015/01/22/automate-mbsa-scan-and-download-missing-patches/ or
https://powershell.org/forums/topic/script-to-automate-mbsa-scan-and-download-missing-patches/
Modify the line 31, to remove the “#” and save the file to “Getupdate.ps1”
Copy the Run the “updates.xml” and “Getupdate.ps1” into the C:\temp and run the “Getupdate.ps1” under PowerShell to download all necessary hotfix, patch….
Remark: If you running the download from Windows 7 machine, you will need to upgrade your PowerShell verison 5 (By download and install Windows Management Framework 5.0 - https://www.microsoft.com/en-us/download/details.aspx?id=50395)
13. Use Folder2Iso to convert those hotfix, patch files into ISO file
14. Mount the ISO via vSphere client
15. Copy all files to C:\temp
16. Install those hotfix by run the “_install.bat”
Remark: If you are using Windows Server 2012 R2, you will need to do the following change of the “_install.bat”
Change "start /wait pkgmgr.exe /ip /m:" to "dism /online /Add-Package /PackagPath:C:\temp\"
Change "nostart" to "norestart"
Remove "/l:%SystemRoot%\Temp\*****.log"
17. You can go to “Programs and Features” – View installed updates to verify those hotfix, patch being installed:
18. Reboot the Server
19. Run the MBSA scan again until no missing patch have been found
Reference:
http://clintboessen.blogspot.hk/2009/11/perform-offline-mbsa-scan.html
http://www.breaknenter.org/2011/02/how-to-use-mbsa-standalone-to-check-a-ms-server-for-patch-status/
http://arnavsharma.net/windows-clients/understanding-mbsa-23-microsoft-baseline-security-analyzer
https://deploywindows.info/2015/01/22/automate-mbsa-scan-and-download-missing-patches/
https://blogs.technet.microsoft.com/askcore/2011/02/15/how-to-use-dism-to-install-a-hotfix-from-within-windows/
No comments:
Post a Comment