Thank you for installing HFNetChk 3.2. Command line syntax has changed since version 3.1. Please read the 'List of Updates and Fixes' sections below for more information on these changes. OVERVIEW ======== The remainder of this document covers: - How to use HFNetChk - Interpreting Output and Locating Patches - System and Language Applicability - System Requirements - Determining HFNetChk Version Number - List of Updates and Fixes in version 3.2 - Reporting Bugs or Providing Feedback on HFNetChk - Joining the HFNetChk Beta Program to Obtain Updates on Future Beta Releases HOW TO USE HFNETCHK =================== From a command prompt, type the following: 'hfnetchk' (without the quotes) and press enter To see verbose output (reason why a hotfix was considered NOT found, details about warning messages, and details about note messages) use the following syntax: 'hfnetchk -v' To scan a system against baseline security standards, use the following syntax 'hfnetchk -b' To view additional command line syntax options, type the following: 'hfnetchk -?' If you are running HFNetChk on a non English-language system, please see the System and Language Applicability section below for more information. For more information on how to use HFNetChk, please see the following Knowledge Base Article: Q303215 - http://support.microsoft.com/support/kb/articles/q303/2/15.asp Frequently Asked Questions about HFNetChk: Q305385 - http://support.microsoft.com/support/kb/articles/q305/3/85.asp Information about NOTE messages: Q306460 - http://support.microsoft.com/support/kb/articles/q306/4/60.asp (above URLs may have been wrapped) INTERPRETING OUTPUT and LOCATING PATCHES ======================================== If the system being scanned is missing a patch, you will see output similar to the following: Patch NOT Found MS01-013 Q285156 MS01-013 refers to the Microsoft Security Bulletin 01-013. Q285156 refers to Microsoft Knowledge Base article Q285156. To obtain the patch for this issue, please read the Microsoft Security Bulletin and view the section titled "Patch Availability". Microsoft Security Bulletins can be viewed at the following URL: http://www.microsoft.com/technet/security/current.asp Knowledge Base articles may be viewed by entering the Q number into the search field on the following page: http://support.microsoft.com/directory/ If you believe you have applied the patch, but it still appears as missing, please run hfnetchk with the following syntax: 'hfnetchk -v -z' The resulting output will show you the reason why the patch was considered not installed. Please confirm that you have obtained the latest version of the patch from the Microsoft web site, as patches are occasionally re-released. SYSTEM AND LANGUAGE APPLICABILITY ================================= The 3.2 version of HFNetChk may be run from Windows NT 4.0, Windows 2000, or Windows XP machines. This tool will NOT operate on Windows 95, Windows 98, or Windows Me systems. HFNetChk 3.2 can be used to scan systems of any language*. To scan a non English-language system, use the -nosum switch. 'hfnetchk -nosum' (without the quotes) -nosum can be used with any combination of other command line switches. * The HFNetChk -nosum command cannot asses Windows NT 4.0-based computers that run Japanese, Chinese Simplified, Chinese Traditional, Korean, or Chinese Hong Kong. SYSTEM REQUIREMENTS =================== - Windows NT 4.0 - Windows 2000 - Windows XP - Internet Explorer 5.0 or greater, or - An XML parser is necessary in order for the tool to function correctly. Systems not running Internet Explorer 5.0 or greater will need to download and install an XML parser in order to run this tool. The Server service (as well as the Remote Registry service on Windows 2000 and Windows XP) is required to be running on all systems being scanned. Please see Q303215 for more information on these services. Obtaining an XML parser ----------------------- XML parsers have shipped in each version of Internet Explorer since IE 5.0. If you are running IE 5.0 or greater, you do not need to install a separate parser*. - If you are running an earlier version of Internet Explorer and do not wish to upgrade to IE 5.0 or greater, you may download and install a standalone version of the Microsoft XML parser. MSXML version 3.0 SP1 is available from the following location: http://msdn.microsoft.com/downloads/default.asp?URL=/downloads/sample.asp?url=/msdn-files/027/001/591/msdncompositedoc.xml (above URL may have been wrapped for readability) Additional information on the Microsoft XML parser is available from http://www.microsoft.com/xml *If you are running IE 5.0 or greater... ------------------------------------- but the tool is still unable to read or locate the XML file, there is a chance that another application may have "unregistered" the XML parser. To "re-register" the XML parser, please type the following at a command prompt: 'regsvr32 msxml.dll' (without the quotes) DETERMINING HFNETCHK VERSION NUMBER =================================== You can determine which version of HFNetChk you are running by viewing the first line of output provided when running the tool: C:\hfnetchk.exe Microsoft Network Security Hotfix Checker, 3.2 UPDATES AND FIXES IN HFNETCHK 3.2 ================================= The following issues have been addressed in the 3.2 release: Functional Updates: - Erroneous message "Administrative rights required to scan" even though you were indeed an administrator has been fixed. - HFNetChk 3.1 and earlier could provide inaccurate results when performing a "local" scan against a Terminal Server via a Terminal Services session. System environment variables (used to locate %systemroot% directory) from the Terminal Server client, rather than the Terminal Server, were being used. Tool has been updated to always retrieve environment variables from the remote system being scanned. - Supersedence code has been updated to better handle operating systems and applications running with less than current service packs. - Improved handling when encountering systems that are not at least Windows NT 4.0 or greater. Output: - Screen output and word wrap format has been updated. - Warning message related to security patches for which no files or registry keys exist in the XML file has been changed to read "NOTE" instead of "WARNING". - Text associated with the former WARNING message (now NOTE) has been changed to read "Please refer to Q306460 for a detailed explanation." - Additional error reporting has been added for instances where the system running HFNetChk is unable to parse the XML file. ***Changes to command line syntax*** ------------------------------------ - Action switch (-a) has been removed. - New -history switch has been added. The history switch will enable you to view hotfixes that have been at one point in time "explicitly installed" or "explicitly not installed". This switch does NOT recognize superseded patches or rollup patches - it will only show those patches that at some point in time were individually installed, or were never individually installed. This switch should only be used in special circumstances (i.e. to determine if a specific patch was installed, not via a superseding or rollup patch). The default tool output (without this switch) will show hotfixes that are "missing" and need to be installed to be current - taking into account superseded or rollup patches. More information about this switch is discussed in Q303215. Q303215 should be reviewed prior to using this switch. - New -s suppression switch has been added. NOTE and/or WARNING messages may now be suppressed from the default output. - New -nosum switch has been added. This switch will disable the checksum scanning option. Enabling this switch is required when scanning non English-language systems. Registry keys and file versions will still be evaluated. - New -b switch has been added. This switch will scan systems for presence of hotfixes considered necessary to comply with minimum baseline security standards. This feature requires that all systems being scanned be running the latest Operating System service pack. - Usage syntax documentation for -i and -r has been updated to note that these switches are only available from Windows 2000 and Windows XP systems. These switches are not available when running the tool from a Windows NT 4.0 system. REPORTING BUGS OR PROVIDING FEEDBACK ON THIS TOOL ================================================= Please email bug reports or questions to hfnetchk@microsoft.com When reporting bugs to this alias, please include the following information: - Operating System and Service Pack version, - Internet Explorer version, - HFNetChk version, - XML data version, - Command line syntax used to execute HFNetChk - Output from hfnetchk -v -z (when possible) JOINING THE HFNETCHK BETA PROGRAM TO OBTAIN UPDATES ON FUTURE BETA RELEASES =========================================================================== To receive notification of future beta releases, you may register to join the HFNetChk beta program. When the next beta is released you will receive an email from Microsoft with information about the new beta release and instructions on how to access the beta. To join the beta program, please visit the betaplace.com website, enter the username and password listed below, and select the Survey icon in the left navigation pane. https://www.betaplace.com UserID: HFNetChk Password: FooBar =========================================================================== Hfnetchk was developed for Microsoft by Shavlik Technologies LLC (http://www.shavlik.com/security). More information about Shavlik, including a GUI version and an advanced command-line version of Hfnetchk, is available on the http://www.shavlik.com/nshc.htm web site.