VALIDATEMDA USER GUIDE
Last Updated: June 6th, 2008
The information presented in these guidelines reflects Microsoft Corporation’s views as of the date of
publication. These views can and probably will change in response to changing market conditions.
Microsoft makes no warranties or guarantees, implicit or explicit, in or by virtue of this document.
Unless otherwise permitted by law, no part of this document may be copied without Microsoft’s prior
written permission.
© Microsoft Corporation 2008. All rights reserved.
MS Confidential Information - Distributed under NDA Page 1 of 9
Overview
The ValidateMDA tool simplifies the MDA Milestone 3 auditing process. ValidateMDA uses Component
Based Servicing (CBS) in Windows Vista to determine if MDA Milestone 3 required updates are installed
on a system. ValidateMDA takes as input a cumulative XML database of MDA Milestone 3 required
updates released each month over the course of the calendar year. The XML database contains
information about each update including the CBS detection logic contained within each update package.
This XML database provides the information CBS needs to determine if a required update is installed,
not applicable to the system or missing. ValidateMDA will also determine if an MDA Milestone 3
required update is not applicable to a system because it has been superseded by another update.
Usage and Switches
ValidateMDA.exe -InstalledUpdates [-Console] [-Text <output_file>] [-
Xml <output_xml_file>] [-Offline <boot_drive> <windows_directory>]
ValidateMDA.exe <input_file> -Audit [-Console] [-Text <output_file>]
[-Xml <output_xml_file>] [-Offline <boot_drive> <windows_directory>]
ValidateMDA.exe <input_file> [-Console] [-Text <output_file>] [-Xml
<output_xml_file>] [-Installed] [-Missing] [-From <MM-YYYY>] [-To <MM-
YYYY>] [-Offline <boot_drive> <windows_directory>]
Important ValidateMDA must be run in an elevated command prompt.
Switch Description
-installedupdates Outputs all the updates installed on a system based on the –console, -text and
–xml switches. ValidateMDA does not take an XML database as input when
the -installedupdates switch is used.
<input_file> The cumulative XML database of MDA Milestone 3 required updates.
-console Outputs the results of the scan to the console.
-text <output_file> Outputs the results of the scan to the text file specified. Results will not be
output to the console unless –console is specified in addition to –text.
-xml <output_xml_file> Outputs the results of the scan to the xml file specified. Results will not be
output to the console unless –console is specified in addition to –text.
-installed Outputs the list of installed MDA Milestone 3 required updates based on the –
console, -text and –xml switches. Installed updates are included in the scan
but not included in the scan results without this switch.
-missing Outputs the list of missing MDA Milestone 3 required updates and updates
that are not applicable to the system based on the –console, -text and –xml
switches. Missing and not applicable updates are included in the scan but not
included in the scan results without this switch.
-from <MM-YYYY> Specifies the start of a date range to include in the scan. Only MDA Milestone
3 required updates released within this date range will be included in the
scan. Also requires the –to <MM-YYYY> switch. ValidateMDA will scan for all
updates in the cumulative XML database regardless of their release date if the
–from and –to switches are not specified. The –from switch cannot be used
MS Confidential Information - Distributed under NDA Page 2 of 9
with –audit.
-to <MM-YYYY> Specifies the end of a date range to include in the scan. Only MDA Milestone
3 required updates released within this date range will be included in the
scan. Also requires the –from <MM-YYYY> switch. ValidateMDA will scan for
all updates in the cumulative XML database regardless of their release date if
the –from and –to switches are not specified. The –from switch cannot be
used with –audit.
-audit The –audit switch simplifies the process of running ValidateMDA for auditing
purposes. For more information, see the Audit Mode section below.
-offline <boot_drive> The –offline switch must be used when ValidateMDA is run offline, for
<windows_directory> example in the Microsoft Windows Pre-installation Environment (Windows
PE). The –offline switch takes the boot drive letter and the path to the
Windows directory on the computer as input. For more information, see the
“Offline Switch” section below.
Audit Mode
The –audit switch simplifies the process of running ValidateMDA for auditing purposes. ValidateMDA
will do the following when run in audit mode.
1. Check for the existence of csup.txt in %systemroot% (for example, c:\windows).
2. Check to ensure that the date found in csup.txt matches the MM-DD-YYYY format.
3. Subtract 3 months from the date found in csup.txt and scan from the beginning of the year found in
the XML database (the AuditStartDate attribute) to the month 3 months prior to the date found in
csup.txt (for example, from January 2007 to February 2007 if the date found in csup.txt were 05-01-
2007 and the AuditStartDate were 01-2007). This eliminates the need to use the –from and –to
switches.
4. Automatically include the -installed and –missing switches.
5. Return a Compliant/Non-Complaint result in the output as well as in a DOS error level.
Complaint/Non-Compliant Result
ValidateMDA will return a Complaint/Non-Complaint result in the output of the scan (console, text and
xml) based on the following conditions.
1. The date found in csup.txt, for example, if all MDA Milestone 3 required updates are installed on the
system for January and February of 2007, ValidateMDA will return Complaint in the output and DOS
error level if the csup.txt date were 05-01-2007.
2. ValidateMDA will return Non-Compliant if the date found in csup.txt does not match the MM-DD-
YYYY format or if csup.txt is missing from %systemroot% (for example, c:\windows).
3. ValidateMDA will return Non-Complaint in both the output and DOS error level if any updates are
not found on the system in the date range being scanned.
4. Updates that are found to not be applicable to the system (for example because of SKU version,
language, binary version number and so on) or that have been superseded by another update are
MS Confidential Information - Distributed under NDA Page 3 of 9
listed as Not-Applicable and will not result in a system being found Non-Compliant if there are no
missing updates.
The following are important notes to consider when running ValidateMDA in audit mode.
When ValidateMDA is not run in audit mode, it will not include the Complaint/Non-Complaint result
in the output. Only the list of installed, not-applicable and missing updates will be listed based on
the use of the –installed and –missing switches.
ValidateMDA considers updates that are pending install (updates that require a reboot which has
not occurred to complete installation) as installed. ValidateMDA also considers updates that are
pending uninstall (updates that require a reboot which has not occurred to complete uninstallation)
as uninstalled.
Complaint/Non-Complaint DOS error level codes are returned when ValidateMDA is run with the –
audit switch only. Any codes returned without the –audit switch do not indicate a compliant or non-
compliant result.
Changing the Audit Start Date
The cumulative XML database contains an AuditStartDate attribute which is part of the root MDA
element. The AuditStartDate attribute contains the date that ValidateMDA will use to determine the
month and year to start auditing from when run in audit mode. For example, the below AuditStartDate
attribute value will audit a system for January and February of 2007 if the csup.txt date were 05-01-2007
on the system being scanned.
<MDA AuditStartDate="01-2007">
…
</MDA>
You can change the start date of the audit switch by changing the value of this attribute. The default
value in the XML database provided by Microsoft is 01-2007.
Excluding Updates from the Audit Scan
Updates can be manually excluded from the audit scan by changing the MDARequired attribute value of
the update in the XML database. Each update in the XML database has an MDARequired attribute in the
Package element (an update will have a Package element for x86, x64 or both depending on how the
update applies to both architectures). For example, changing the MDARequired attribute value of
KB941568 for x64 from true to false will exclude the update from the audit scan. KB941568 for x64 will
not be reported as installed, not applicable, or missing if the MDARequired attribute value for this KB is
false.
<Package
Identity="Package_1_for_KB941568~31bf3856ad364e35~amd64~~6.0.1.0"
Keyword="KB941568" MinSP="0" MaxSP="0" SKU="" MDAReleaseDate="12-2007"
MDARequired="false">
MS Confidential Information - Distributed under NDA Page 4 of 9
…
</Package>
Important Changing the MDARequired attribute value for an update in the XML database will affect the
result of the -audit, -installed and -missing switches.
DOS Error Level
ValidateMDA returns the following DOS error levels when run in audit mode.
Error Level Description
0 MDA Milestone 3 Complaint
1 MDA Milestone 3 Non-Compliant
2 Error
Important The table above applies to DOS Error Level codes returned when ValidateMDA is run with
the –audit switch only. Any codes returned without the –audit switch do not indicate a compliant or
non-compliant result.
The DOS error level enables ValidateMDA to be included in scripts. The following is an example script
that can be used to catch the DOS error level returned by ValidateMDA.
@ECHO OFF
:BEGIN
ValidateMDA.exe ..\UpdateDatabase.xml -audit -text result.txt
IF ERRORLEVEL ==2 GOTO TWO
IF ERRORLEVEL ==1 GOTO ONE
IF ERRORLEVEL ==0 GOTO ZERO
GOTO END
:TWO
ECHO EXIT CODE 2 (ERROR)
GOTO END
:ONE
ECHO EXIT CODE 1 (NOT-COMPLIANT)
GOTO END
:ZERO
ECHO EXIT CODE 0 (COMPLIANT)
:END
Detailed Usage and Output Examples
The following sections contain additional information on the usage of ValidateMDA switches as well as
examples.
Console, Installed and Missing Switches
The following example outputs all the installed, not applicable and missing MDA Milestone 3 required
updates for 2007 to the console.
MS Confidential Information - Distributed under NDA Page 5 of 9
The following are important notes to consider when using ValidateMDA.
ValidateMDA is not localized and will report all results in English.
ValidateMDA must be run in an elevated command prompt.
ValidateMDA considers updates that are pending install (updates that require a reboot which has
not occurred to complete installation) as installed. ValidateMDA also considers updates that are
pending uninstall (updates that require a reboot which has not occurred to complete uninstallation)
as uninstalled.
ValidateMDA will include a Result section in the text output when run in audit mode that includes
the complaint or non-complaint result of the scan. This is not included in the example below
because ValidateMDA is not being run in audit mode.
ValidateMDA.exe UpdateDatabase.xml -console -installed -missing
The following is an example of console output.
Version: 1.0.0.7
INSTALLED UPDATES
=======================
Update #1:
Identity: Package_1_for_KB941568~31bf3856ad364e35~x86~~6.0.1.0
Keyword: KB941568
Release Date: 12-2007
Install Date: 12-18-2007
State: Installed
...
NOT APPLICABLE UPDATES
=======================
Update #40:
Identity: Package_for_KB931768~31bf3856ad364e35~x86~~6.0.1.5
Keyword: KB931768
Release Date: 2007-05
State: Absent
Update #44:
Identity: Package_1_for_KB931174~31bf3856ad364e35~x86~~6.0.1.1
MS Confidential Information - Distributed under NDA Page 6 of 9
Keyword: KB931174
Release Date: 2007-04
State: Superseded
MISSING UPDATES
=======================
Update #18:
Identity: Package_for_KB933360~31bf3856ad364e35~x86~~6.0.1.0
Keyword: KB933360
Release Date: 2007-09
State: Absent
Console, Text, XML, Installed and Missing Switches
The following example outputs all the installed, not applicable and missing MDA Milestone 3 required
updates for 2007 to the console, a text file and an xml file.
ValidateMDA.exe UpdateDatabase.xml –console –text result.txt –xml
result.xml -installed -missing
The following is an example of xml output (an example of console and text file output can be found in
the previous example). The same information output to the console is output to the text and xml files
specified.
Important ValidateMDA will include a Result element in the XML output when run in audit mode that
includes the complaint or non-complaint result of the scan. For example
<Result>Complaint</Result>. This is not included in the example below because ValidateMDA
is not being run in audit mode.
<MDA>
<Version>1.0.0.7</Version>
<Installed>
<Update>
<Identity>Package_1_for_KB941568~31bf3856ad364e35~x86~~6.0.1.0</Identi
ty>
<Keyword>KB941568</Keyword>
<MDAReleaseDate>2007-12</MDAReleaseDate>
<InstallDate>12-18-2007</InstallDate>
MS Confidential Information - Distributed under NDA Page 7 of 9
<State>Installed</State>
</Update>
<!-- ... -->
</Installed>
<NotApplicable>
<Update>
<Identity>Package_1_for_KB941229~31bf3856ad364e35~x86~~6.0.2.2</Identi
ty>
<Keyword>KB941229</Keyword>
<MDAReleaseDate>2007-11</MDAReleaseDate>
<State>Absent</State>
</Update>
<Update>
<Identity>Package_1_for_KB931174~31bf3856ad364e35~x86~~6.0.1.1</Identi
ty>
<Keyword>KB931174</Keyword>
<MDAReleaseDate>2007-04</MDAReleaseDate>
<State>Superseded</State>
</Update>
<!-- ... -->
</NotApplicable>
<Missing>
<Update>
<Identity>Package_for_KB933360~31bf3856ad364e35~x86~~6.0.1.0</Identity
>
<Keyword>KB933360</Keyword>
<MDAReleaseDate>2007-09</MDAReleaseDate>
<State>Absent</State>
MS Confidential Information - Distributed under NDA Page 8 of 9
</Update>
</Missing>
</MDA>
Console, Text, XML, Installed, Missing, From and To Switches
The following example produces the same output as the previous example, but is restricted to MDA
Milestone 3 required updates released in January and February of 2007.
ValidateMDA.exe UpdateDatabase.xml –console –text result.txt –xml
result.xml -installed –missing –from 2007-01 –to 2007-02
Audit Switch
The following example produces the same output as the previous example but uses the –audit switch
which automatically adds the –from, -to, -installed and –missing switches. Like the previous example,
this example is restricted to MDA Milestone 3 required updates released in January and February of
2007 (the audit date in this example is 05-01-2007 which is found in csup.txt on the system being
scanned).
ValidateMDA.exe UpdateDatabase.xml –audit –console –text result.txt –
xml result.xml
Offline Switch
The –offline switch must be used when ValidateMDA is run offline, for example in the Microsoft
Windows Pre-installation Environment (Windows PE). The –offline switch takes the boot drive letter and
the path to the Windows directory on the computer as input.
The following are important notes to consider when using the offline switch.
The –offline switch can only be used when ValidateMDA is run offline in WinPE.
The cbscore.dll, wcp.dll, cbsmsg.dll and dpx.dll files must be included in the same folder as
ValidateMDA when using the –offline switch.
ValidateMDA will only run offline from a Windows Vista version of WinPE.
You must use the same architecture version of ValidateMDA as the architecture version of WinPE.
For example, the x86 version of ValidateMDA with the x86 version of WinPE.
The following example produces the same output as the Console, Text, XML, Installed, Missing, From
and To Switches example above but run in offline mode.
ValidateMDA.exe UpdateDatabase.xml –console –text result.txt –xml
result.xml -installed –missing –from 2007-01 –to 2007-02 –offline c:\
c:\windows
MS Confidential Information - Distributed under NDA Page 9 of 9