Microsoft Baseline Security Analyzer Troubleshooting

Microsoft Baseline Security Analyzer (MBSA) is a useful tool for auditing the configuration and update status of Windows computers. Most of the time, its reports are useful and easy to understand. However, some of its responses are baffling, and some of its suggested solutions haven’t been updated since Server 2003. Here is my collection of odd MBSA reports, and how to resolve them.

Internet Explorer

MBSA Reports:

The use of Internet Explorer is not restricted for administrators on this server

Solution:
Enable IE Enhanced Security Configuration in the Server Manager

IIS Status

MBSA Reports:

Unable to scan IIS Status - The IIS Common Files are not installed on the local computer. Refer to the system requirements list under Microsoft Baseline Security Analyzer Help.

Solution:
Install IIS6 Metadata Compatibility in Server Manager (Management Tools->IIS 6 Management Compatibility->IIS 6 Metabase Compatibility)

Mysterious SQL Server

MBSA Reports:

SQL Server is running on a domain controller

when SLQ server is clearly not installed on the domain controller.
Solution:
For some reason, the Windows Internal Database has been installed on the server via the Server Manager. Use Server Manager Remove Features to remove Windows Internal Database, if it is not required by another service or application. It is not required for any of the basic functionality of a domain controller, such as Active Directory, DNS, or DHCP.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.