RE: Windows Patch Auditing & "File and Print Sharing" disabled

["Shenk, Jerry A" <jshenk () decommunications com>]

The Microsoft Baseline Security Analyzer is pretty good for this if it's
your network and you have local admin access.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Mike Drugov
Sent: Thursday, April 30, 2009 12:01 PM
To: pen-test () securityfocus com
Subject: Windows Patch Auditing & "File and Print Sharing" disabled

Hello list,

I need some advise

I'm trying to scan a Windows Network where all end nodes except Domain
Controller have "File & Print Sharing" disabled.

What I'm trying to get a list of Microsoft Updates that are missing.


So far I tried Nessus & Foundstone and none of them are able to provide
a report with missing patches.(I'm able to get a report from Domain
Controller)

Nessus support stated that "File & Print Sharing" is required for patch
auditing


What is my other options?

Thanks


-----------------------------------------
Visit www.nyc.gov/hhc

CONFIDENTIALITY NOTICE: The information in this E-Mail may be
confidential and may be legally privileged. It is intended solely
for the addressee(s). If you are not the intended recipient, any
disclosure, copying, distribution or any action taken or omitted to
be taken in reliance on this e-mail, is prohibited and may be
unlawful. If you have received this E-Mail message in error, notify
the sender by reply E-Mail and delete the message.

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Tired of using other people's tools? Why not learn how to write your own
exploits?
InfoSec Institute's Advanced Ethical Hacking class teaches you how to
write stack and heap buffer overflow exploits for Windows and Linux.
Gain your Certified Expert Penetration Tester (CEPT) cert as well.

http://www.infosecinstitute.com/courses/advanced_ethical_hacking_trainin
g.html
------------------------------------------------------------------------


**DISCLAIMER
This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which 
they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the 
intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the 
message. If you have received this communication in error, please notify the sender and delete this e-mail message. The 
contents do not represent the opinion of D&E except to the extent that it relates to their official business.

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Tired of using other people's tools? Why not learn how to write your own exploits?
InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for 
Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well.

http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html
------------------------------------------------------------------------