We use Windows Server Update Services (WSUS) to roll out security updates. I'd like to follow up by scanning the network with Micro-soft Baseline Security Analyzer (MBSA) to make sure no computers are missing updates. But I'm worried that MBSA will clutter up each system's report with security updates that we've chosen not to install for various reasons. Is there a way that I can edit MBSA's list of updates?
You can't edit the list of updates that MBSA uses, but you can do
something much easier. The latest version of MBSA (MBSA 2.0) lets you specify
a WSUS server to use as the basis for the scan. When you specify a WSUS server,
MBSA scans only for updates that you've approved for rollout on the WSUS server.
Therefore, the reports show only the missing patches that you care about. You
can download WSUS from http://www.microsoft.com/windowsserversystem/updateservices/downloads/WSUS.mspx
and MBSA from http://www.microsoft.com/technet/security/tools/mbsa2/default.mspx.