Another test you can run to protect your Windows systems from hacks is an “authenticated” scan — essentially looking for vulnerabilities as a trusted user. These types of tests can be very beneficial because they often highlight system problems and even operational security weaknesses (such as poor change management processes, weak patch management, and lack of information classification) that would never be discovered otherwise.

A trusted insider who has physical access to your network and the right tools can exploit vulnerabilities even more easily. This is especially true if no internal access control lists or IPS is in place and/or a malware infection occurs.

A way to look for Windows weaknesses while you’re logged in (that is, through the eyes of a malicious insider) is by using some general vulnerability scanning tools, such as LanGuard and QualysGuard.


Run authenticated scans as a regular local or domain user and as an administrator or any other user type you might have. This will show you who has access to what in the event that a vulnerability is present. You’ll likely be surprised to find out that a large portion of vulnerabilities are accessible via a standard user account.

You don’t necessarily need to run authenticated scans every time you test for security flaws, but doing so at least once or twice per year is not a bad idea.

You can also use Microsoft Baseline Security Analyzer to check for basic vulnerabilities and missing patches. MBSA is a free utility from Microsoft that you can download. MBSA checks all Windows 2000 and later operating systems for missing patches. It also tests Windows, SQL Server, and IIS for basic security settings, such as weak passwords. You can use these tests to identify security weaknesses in your systems.

With MBSA, you can scan either the local system you’re logged in to or computers across the network. One caveat: MBSA requires an administrator account on the local machines you’re scanning.