> been applied. We have scanned with Retina, Foundstone and Qualys tools > which they all showed as "VULNERABLE", however when we scanned with Microsoft > Base Security Analyzer it showed as "NOT VULNERABLE". This was at first > confusing; one would think an assessment tool released by the original did you try exploit code to verify? that should dispel any ambiguity across scanner reports, it would be real easy to load your network hosts into a batch file or shell script and see how many "roots" you get. just a thought... eliminates alot of guesswork.. ( imo ) m.wood http://exploitlabs.com