Microsoft Baseline Security Analyzer (MBSA) is a useful tool for auditing the configuration and update status of Windows computers. Most of the time, its reports are useful and easy to understand. However, some of its responses are baffling, and some of its suggested solutions haven’t been updated since Server 2003. Here is my collection of odd MBSA reports, and how to resolve them.
Internet Explorer
MBSA Reports:
The use of Internet Explorer is not restricted for administrators on this server
Solution:
Enable IE Enhanced Security Configuration in the Server Manager
IIS Status
MBSA Reports:
Unable to scan IIS Status - The IIS Common Files are not installed on the local computer. Refer to the system requirements list under Microsoft Baseline Security Analyzer Help.
Solution:
Install IIS6 Metadata Compatibility in Server Manager (Management Tools->IIS 6 Management Compatibility->IIS 6 Metabase Compatibility)
Mysterious SQL Server
MBSA Reports:
SQL Server is running on a domain controller
when SLQ server is clearly not installed on the domain controller.
Solution:
For some reason, the Windows Internal Database has been installed on the server via the Server Manager. Use Server Manager Remove Features to remove Windows Internal Database, if it is not required by another service or application. It is not required for any of the basic functionality of a domain controller, such as Active Directory, DNS, or DHCP.