Microsoft Baseline Security Analyzer help

[ntluser]

I am using Windows XP MCE on my laptop.

I have just used MBSA v2.1 to run a security check and it has highlighted some problems.

Unfortunately, my limited knowledge of Microsoft Technospeak does not allow me to understand either the problem or Microsoft's solution. Hopefully, someone on the forum can help me out please.

Under the section SQL Server Scan Administrative Vulnerabilities Instance MSSQL10.SQLEXPRESS I have:-

Issue.................................................Result

CmdExec role.......... Error reading registry.If you are scanning a remote computer the Remote Registry Service should be enabled
( 13)

Folder Permissions.... Permissions on the SQL Server and/or MSDE installation folders are not set properly



Under the section SQL Server Scan Administrative Vulnerabilities Instance SQLEXPRESS I have:-

Issue.................................................Result

Service Accounts.....SQL Server, SQL Server Agent, MSDE and/or MSDE Agent service accounts should not be members of the local Administrators group or run as LocalSystem.

Password Policy.......Enable password expiration for the SQL server accounts.

Sysadmins..............More than 2 members of sysadmin role are present.

SQL Server/MSDE Security Mode...SQL Server and/or MSDE authentication mode is set to SQL Server and/or MSDE and Windows (Mixed Mode).

At present the system admins are Administrator ( which is me) and a separate user admin in my own name( which is also me).Wondering if I can eliminate my own user identity and just log on as administrator, but am not sure about the pros and cons of that.

Checking installed software I find I have both SQL 2005, which came with one of the programs I installed ( not sure which) and SQL 2008 which came when I installed the Visual Studio 2008 Express Edition for programming purposes.Just wondering if there is a conflict and if I need to uninstall the 2005 version but not sure what impact that would have on software relying upon it.

Ideally, I would like to get my system to pass the MBSA security test but am not sure what action to take or how to do it.

Any help would be greatly appreciated please.TIA.

[Graham M]

Are you running this on a home PC? If so why?

[ntluser]

Quote:

Originally Posted by Graham M

Are you running this on a home PC? If so why?

I assumed MBSA was for testing security on home or corporate computers.

I have used it on previous home computers I have owned and had no problem with MBSA until now.

[Graham M]

It's more useful in Enterprise situations where security is of paramount importance, are you behind a router and/or Firewall? Windows server setups work very differently security-wise to a home PC so things it may think are wrong are most likely fine for home use.

[ntluser]

Quote:

Originally Posted by Graham M

It's more useful in Enterprise situations where security is of paramount importance, are you behind a router and/or Firewall? Windows server setups work very differently security-wise to a home PC so things it may think are wrong are most likely fine for home use.

Thanks for that,Graham. I have a router and firewall plus various anti-spyware programs but online you can never be too safe!! LOL!!

[Matty_]

Use Secunia instead http://secunia.com/vulnerability_scanning/personal/