How to scan range of server using for update using MBSA CLI

MBSA 2.2 can be downloaded from here

Differences Between Mbsa.exe and Mbsacli.exe

For most functions of MBSA, the GUI tool, Mbsa.exe, and the command-line tool, Mbsacli.exe, perform the same functions. In some cases, the command-line interface provides more technical options for advanced administrators. The following command-line switches are examples of command-line interface–based features that are not available in the MBSA GUI tool:

• /nvc. This switch instructs MBSA to not attempt to connect to the Internet to check for an updated version of the MBSA scan tool.
• /qp. This switch instructs MBSA to not show scan progress.
• /qt. This switch instructs MBSA to not display the completed scan report immediately after a scan completes.
• /Unicode. This switch instructs MBSA to provide the completed scan report in Unicode format.
• /u. This switch lets you specify the user name of an administrator-level user on the target computer(s).
• /p. This switch lets you specify the password of an administrator-level user on the target computer(s).
• /catalog. This switch lets you specify an alternate location for the offline catalog (Wsusscn2.cab) file.
• /rd. This switch lets you specify an alternate location for the completed scan report. (This is useful when running MBSA in a non-user context or as a domain administrator.) You can use this switch to place completed scan reports on a network share or in a local directory.
• /nd. This switch instructs MBSA to not download any files from the Microsoft Web site when performing a scan. In other words, it instructs MBSA to perform the scan like it would in offline mode.
• /xmlout. This switch instructs MBSA to perform a security scan (no vulnerability assessment checks) using the most basic files necessary to perform an MBSA scan (Mbsacli.exe and Wusscan.dll) without performing a full MBSA installation. This is useful for performing a basic security scan without having to install all MBSA features. This mode allows a limited set of command-line switches, including only /catalog, /wa, /wi, /nvc, and /Unicode.

When the mbsacli command runs without any command-line switches, it runs a default scan against the local computer.

Scanning range of server for WSUS update remotely from one server, this is great used for who have more than 1 server in big range, helpful.

Example:

C:\Program Files\Microsoft Baseline Security Analyzer 2> mbsacli /nvc /r 172.x.x.10-172.x.x.15
Microsoft Baseline Security Analyzer
Version 2.2 (2.2.2170.0)
(C) Copyright 2002-2010 Microsoft Corporation. All rights reserved.

Scanning...
1 of 16 computer scans complete.
2 of 16 computer scans complete.
3 of 16 computer scans complete.
Scan Complete.

172.18.200.11 : Logon failure: unknown user name or bad password. (Not joined to domain)
172.18.200.15 : Could not resolve the computer name: . Please specify computer name, domain\computer, or an IP address. (IP Not in use)
172.18.200.14 : Could not resolve the computer name: . Please specify computer n
ame, domain\computer, or an IP address.(IP Not in use)

Computer Name, IP Address, Assessment, Report Name
-----------------------------------------------------
DEV\AD01, x.x.x.12, Incomplete Scan, DAD01 (4-18-2011 5-10 PM) (Valid Server)
DEV\DSM01, x.x.x.13, Incomplete Scan, DSM01 (4-18-2011 5-10 PM) (Valid Server)

Icon showing update detected, 19 updates is detected and ready for installation