Getting Started
- In this lab we will perform an initial vulnerability assessment on Windows OS systems using the Microsoft Baseline Analyzer (MBSA) tool
- An MBSA scan will identify security updates and common security misconfigurations for a Windows OS device
Materials needed
- Windows 7 Virtual Machine
- Software Tools used
- Microsoft Baseline Analyzer
Next
Logging In
- Using a computer, go to https://apps.cyber.org
- Log in with the username and password provided by your teacher via Canvas email.
- The Username and Password is auto generated and does not contain any personal information.
Back
Next
Setup Environment
- Log into your range
- Open the Windows 7 Environment
- You should be on your Windows 7 Desktop
Back
Next
Launch MBSA
- Click “Start | All Programs | Microsoft Baseline Analyzer 2.2”
- Select Yes on the UAC window that appears
- On the main page, select Scan a Computer
Running the Scan
- For Which computer do you want to scan?, accept the defaults
- Under Options, check ONLY the top 2 boxes
- Click Start Scan
- This may take 2 – 3 minutes
Back
Next
Viewing the Results
- The scan will deliver results sorted with the highest risk items at the top
- Each reported item has an icon that indicates the level of risk
Back
Next
Mitigating Identified Vulnerabilities
- Click the X in the upper right to close MBSA Vulnerability Scan
- Turn on Automatic Updates
- Type “updates” in the Search field under the Start button
- Select Windows Updates
- Click Turn On Automatic Updates
- You will get a notification “Windows could not search for new updates.” This is because Windows 7 is out of support but the setting for Automatic Updates is now correct
- Close the update window
Back
Next
Mitigating Identified Vulnerabilities
- Correct User-base vulnerabilities
- Type “Computer” in the Search field under the Start button
- Select Computer Management
- In the left column click to select Local Users and Groups
- In the right column double-click on the Users folder
- Secure Guest Account
- Right-click on the Guest account
- Select Properties
- Click to check Account is Disabled
- Click OK
Back
Next
Mitigating Identified Vulnerabilities
- Correct User-base vulnerabilities
- Secure Guest Account
- Right-click on the windows account
- Select Set Password
- Click Proceed
- Enter P@ssword! in New Password and Confirm Password
- Click OK
- Do the same password changing step for the Infosec account
Back
Next
Mitigating Identified Vulnerabilities
- Correct User-base vulnerabilities
- Secure Infosec Expirations
- Right-click on the windows account
- Select Properties
- Click to uncheck Password Never Expires
- Click Apply then OK
- Do the same password expiration steps for the Administrator account
Back
Next
Mitigating Identified Vulnerabilities
- Correct User-base vulnerabilities
- Secure Administrator Group
- In the left column click to select Local Users and Groups
- Select the Groups folder
- Double-click on Administrators to open this group
- Click to select BackupAdmin
- Click on Remove
- Click to select Infosec
- Click on Remove
- Click OK
- Close the Computer Management window
Back
Next
Mitigating Identified Vulnerabilities
- Correct Local Policy settings
- Type “Local” in the Search field under the Start button
- Select Local Security Policy
- Configure Policy for strong passwords
- In the left column click on Account Policies
- In the right column double-click on Password Policy
- Change each setting to match the following
Back
Next
Mitigating Identified Vulnerabilities
- Correct Local Policy settings
- Configure Policy for secure logon
- In the left column click on Local Policies
- In the right column double-click on Security Options
- Scroll down to Network Access: Let Everyone permissions apply to anonymous users
- Double-click to open and change to Disabled
- Click OK
- Close Local Security Policy window
Back
Next
Mitigating Identified Vulnerabilities
- Secure running services
- Type “Services” in the Search field under the Start button
- Select Services
- Scroll down to the bottom and double-click World Wide Web Services
- Click Stop then change the field from Automatic to Disabled
- Click OK
- Close the Services window
Back
Next
Mitigating Identified Vulnerabilities
- Turn off Autologon
- Type “netplwiz” in the Search field under the Start button
- Select to open
- Click to check the box “Users must enter a username and password to use this computer”
- Click OK to close the User Accounts window
Back
Next
Rescanning to Confirm Changes
- Click “Start | All Programs | Microsoft Baseline Analyzer 2.2”
- Select Yes on the UAC window that appears
- On the main page, select Scan a Computer
- For Which computer do you want to scan?, accept the defaults
- Under Options, check ONLY the top 2 boxes
- Click Start Scan
- Your results should now show all vulnerabilities corrected EXCEPT the HOMEUSER$ has a non-expiring password
- This setting is needed for the virtual environment.
Back
Next
Submit a screenshot with the date in Canvas.
Back
Module 5 Sem 2 System Hardening activity
Teaching and Learning
Created on October 17, 2025
Start designing with a free template
Discover more than 1500 professional designs like these:
View
Decisions and Behaviors in the Workplace
View
Tangram Game
View
Process Flow: Corporate Recruitment
View
Weekly Corporate Challenge
View
Wellbeing and Healthy Routines
View
Match the Verbs in Spanish: Present and Past
View
Planets Sorting Game
Explore all templates
Transcript
Getting Started
Materials needed
Next
Logging In
Back
Next
Setup Environment
Back
Next
Launch MBSA
Running the Scan
Back
Next
Viewing the Results
Back
Next
Mitigating Identified Vulnerabilities
Back
Next
Mitigating Identified Vulnerabilities
Back
Next
Mitigating Identified Vulnerabilities
Back
Next
Mitigating Identified Vulnerabilities
Back
Next
Mitigating Identified Vulnerabilities
Back
Next
Mitigating Identified Vulnerabilities
Back
Next
Mitigating Identified Vulnerabilities
Back
Next
Mitigating Identified Vulnerabilities
Back
Next
Mitigating Identified Vulnerabilities
Back
Next
Rescanning to Confirm Changes
Back
Next
Submit a screenshot with the date in Canvas.
Back