Search the Community
Showing results for tags 'Compliance'.
-
Hello, I'm looking on how to create a custom report based on the default report of 'Compliance 1 - Overall Compliance' however I'm looking to just select the update group and then have predefined collections to report against, something like this: Collection Compliance (%) Not Compliant (%) Compliance Unknown 4 69.23% 5 80.00% 6 95.00% 7 86.96% 8 95.00% 10 95.24% 11 91.30% 12 87.50% 13 82.61% 14 90.91% 15 81.25% 16 76.19% 17 70.00% 18 55.00% 19 77.78% 20 65.00% 21 76.19% 22 82.35% 23 87.50% 24 80.00% 25 85.71% 26 78.57% 27 86.69% 28 69.23% 29 72.73% 30 38.46% 31 30.77% any ideas how I can achieve this? I'm not familiar with SQL reporting unfortunately.. :(
-
Hi! I'm trying to get compliance going because of an ongoing audit on our servers. One of the requirements is that a certain GPO is applied. I figured I'd query the ROOT\RSOP\COMPUTER namespace for RSOP_GPO. This class has the GPO name and it's enabled/disabled state. I tried my WMI query and below powershell snippet returns me the GPO's that are listed in a GPRESULT on the server. $query = "Select name,enabled from RSOP_GPO where enabled = true" $namespace = "ROOT\RSOP\COMPUTER" Get-WmiObject -Query $query -Namespace $Namespace | select name,enabled I then created a CI with the following settings Setting type: WQL query Data type: string Namespace: ROOT\RSOP\COMPUTER Class: RSOP_GPO Property: name WQL query WHERE clause: enabled = 'true' The hard part is getting the rule to comply. I tried the following rules: "one of: GPO name", "Contains: GPO Name", "Equals: GPO Name". When I look up the report on my client I can see that the GPO rule is non-compliant I get the following results. expression current value rule type Contains GPO Name Default Domain Policy Value Contains GPO Name Local Group Policy Value Contains GPO Name Some other GPO Value Contains GPO Name Another extra GPO Value Strange thing is though that the GPO I'm querying against isn't in the list but I know for certain that it's applied and active. I don't really know how to advance from here on out so I was hoping any of you guys had an insight I'm missing. Thanks in advance!
-
Hi All is there any report to get the compliace status for software update deployments for a single computer? I know the is compliance 5 to get the status by update to 1 computer and the Management 5 to get the deployments to 1 computer but I want is to get the deployment status for 1 computer Hope someone here can help on this Regards
-
- reports
- compliance
-
(and 1 more)
Tagged with:
-
Hello, We are currently running SCCM 2012 R2 in our environment. We are running a Primary Site server with Endpoint protection and started using OSD. So far it has been a challenge but the guides here and on other online resources have been a tremendous help. We now want to leverage SCCM's capabilities to help us identify rogue software as well as try and make sure that our environment PC's are using a safe version of Java, Adobe Flash, Adobe Reader, etc. Could SCCM help us with this? Also once that software is identified would we be able to uninstall the rogue software and install a correct version of Java, Adobe Flash, etc. If so could someone with more experience provide some insight as to how I would configure something like this? Thank you!
-
Would anybody happen to know what may be causing my packages to sit at 0.0% compliance once deployed to any specific collection? Applications deploy within 20 minutes, so there's no issues there. I need a specific package that references a .bat file togo out and uninstall ALL Java on a specific collection, but the package that contains the .bat file, will not deploy. It's been "deployed" longer than the software cycle so that's not what Im waiting for. Zero errors on DP. Also, would any of you knowledgable helpful folks be able to shed some light on scripting the deployment of the .bat file via Appplication that install Java 8u51? I've tried it multiple ways, but no success? Thank you in advance for all your support.
- 2 replies
-
- package
- application
-
(and 3 more)
Tagged with:
-
Evaluate Configuration Baseline Remotely
Rafik posted a question in Desired Configuration Management
Hi Friends, i have big problem i need to evaluate configuration baseline remotely not manual and it not working by ConfigMgr Console Extention tools as below- 2 replies
-
- compliance
- desired
-
(and 1 more)
Tagged with:
-
So I have a scenario that I work at a college full of computer labs that have a basic load on all of the machine with some variations in each lab. For example while all of the labs will have MS Office not all of them have Autocad. Anyways I was wondering if there was anyway that I could use SCCM's Compliance feature to make the right software was installed in the right labs, and if a machine was missing something, then in remediation it would autoload said missing software? John
- 5 replies
-
- Compliance
- Application
-
(and 1 more)
Tagged with:
-
Hi guys, I'm wanting to create a custom compliance report based on the "Compliance 1 - Overall Compliance" report but also have the 'Date Installed' as a field in the report. The Overall Compliance report gives me everything except when the software update was installed. Has anyone done this successfully? Any help is appreciated. Thanks.
- 4 replies
-
- compliance
- microsoft
-
(and 3 more)
Tagged with:
-
I'm trying to generate a custom report in SCCM 2012 R2 but am having a bit of trouble getting things working. The report needs to show all Security Updates that have been Deployed but are still showing as Required on servers. I would like it to have a separate entry for each applicable security update and the server that it is applicable to. When I've been searching for how to do this, a lot of people have said that the report will be so big that it won't be usable, but this is for a vulnerability remediation tracking document and it's exactly the format that we need. For the most part, our environment is patched up to date, so the report should have about 1000 lines. Here is an example of what I'm looking for from a formatting perspective.
-
Hi, I'm having difficulty understanding when a configuration baseline deployed to a user collection evaluates, and re-evaluates. I've setup 3 configuration items to configure Internet Explorer and added to a baseline, checking and remediating the following registry keys: 1. HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ AutoConfigURL = Company PAC File 2. HKLM:\Software\Policies\Microsoft\Internet Explorer\Control Panel Proxy = 1 3. HKLM:\Software\Policies\Microsoft\Internet Explorer\Control Panel AutoConfig = 1 According to the TechNet article here (http://technet.microsoft.com/en-us/library/hh219289.aspx) baselines deployed to a user will be evaluated at logon, however from my testing I can't see this happening. On the deployment I configured the evaluation to run every 15 minutes from the deployment creation, however the client doesn't actually evaluate. Compliance is enabled within the client settings, and running a Machine Policy retrieval (set to run every 15 minutes anyway) pulls down the compliance setting but reboots / logon's don't force it to run and evaluate. I can force the evaluation to run by opening the client from the control panel app and selecting the baseline to evaluate, however I would like this to run at every logon, and wondered if (when deployed to a user collection) there is a periodic re-evaluation? Thanks, Doug
-
SCCM Software License Management with Slickey License Manager
Tony_Dewhurst posted a question in Asset Management
Firstly, if you intend to rely, solely, on ConfigMgr for software license management & compliance – think again! According to Microsoft this functionality within the suite has its limitations. Microsoft admits to these ‘limitations’ within the ConfigMgr Asset Intelligence Documentation (http://technet.microsoft.com/en-us/library/gg681998.aspx) Asset intelligence is a feature in ConfigMgr that utilizes special hardware inventory classes, a set of reports and a catalog that is periodically updated by Microsoft. The section of the documentation which describes the limitations is below: Legal Limitations The information displayed in Asset Intelligence reports are subject to many limitations and the information displayed in them does not represent legal, accounting, or other professional advice. The information that is provided by Asset Intelligence reports is for information only and should not be used as the only source of information for determining software license usage compliance. The following are example limitations involved in inventorying installed software and license usage in the enterprise by using Asset Intelligence that might affect the accuracy of Asset Intelligence reports: Microsoft license usage quantity limitations The quantity of purchased Microsoft software licenses is based on information that administrators supply and should be closely reviewed to ensure that the correct number of software licenses is provided. The reported quantity of Microsoft software licenses contains information only about Microsoft software licenses acquired through volume licensing programs and does not reflect information for software licenses acquired through retail, OEM, or other software license sales channels. Software licenses acquired in the last 45 days might not be included in the quantity of Microsoft software licenses reported because of software reseller reporting requirements and schedules. Software license transfers from company mergers or acquisitions might not be reflected in Microsoft software license quantities. Nonstandard terms and conditions in a Microsoft Volume Licensing (MVLS) agreement might affect the number of software licenses reported and, therefore, might require additional review by a Microsoft representative. Installed software title quantity limitations Configuration Manager Clients must successfully complete hardware inventory reporting cycles for the Asset Intelligence reports to accurately report the quantity of installed software titles. Additionally, there might be a delay between the installation or uninstallation of a licensed software title after a successful hardware inventory reporting cycle that is not reflected in Asset Intelligence reports run before the client reports its next scheduled hardware inventory. License reconciliation limitations The reconciliation of the quantity of installed software titles to the quantity of purchased software licenses is calculated by using a comparison of the license quantity specified by the administrator and the quantity of installed software titles collected from Configuration Manager client hardware inventories based on the schedule set by the administrator. This comparison does not represent a final Microsoft conclusion of the license positions. The actual license position depends on the specific software title license and usage rights granted by the license terms. However, should you wish to use the Asset Intelligence feature for License Management regardless of its limitations, the following steps will need to be completed. A CSV file containing all license information will need to be created. A sample CSV License file is here:Not all fields need to be completed, however the following fields are mandatory; Name, Publisher, Version and EffectiveQuantity. All dates within this CSV need to be in the US format i.e. mm/dd/yyyy. Name & Version must match what is in the ConfigMgr DB – I (or another ConfigMgr Admin) can sort this. This CSV needs to then be imported into ConfigMgr; Open the console and navigate to Assets And Compliance -> Asset Intelligence. Right click on Asset Intelligence and select Import Software License. Run through the wizard ensuring you select General License statement when given the choice. Software Licenses can then be reported on. Navigate to Monitoring -> Reporting Run the report named License 15A – General License Reconciliation Report This will show you a basic report containing license count, usage and more importantly the difference between them both Is this reliable? No! Could you use this as evidence during a compliance audit? Definitely not. Is it real-time? No, it can be days, weeks or even months out of date. What other options are there? There are a multitude of discovery tools available on the market, including tools from 1E, Snow, LicenseDashboard etc – these all range in price, but from our experience, 15-20GBP per client per annum is the norm. These tools generally ‘plug-in’ to ConfigMgr and make use of Asset Intelligence, Software Metering and their own DBs to give you a bigger picture of your licensing within the enterprise. Toolsets: 1E AppClarity: http://www.1e.com/it-efficiency/software/appclarity-software-asset-management/ Snow License Manager / Inventory: http://snowsoftware.com/website1/1.0.1.0/12/2/ LicenseDashboard: http://www.licensedashboard.com/ If, like many enterprises, you are in the process of moving towards a new Windows 7 platform along with a new implementation of Configuration Manager 2012 – take this as an opportunity to get hold of your licensing and manage it correctly. Knowing where software is installed can now become a business process rather than a technical investigation – and its easy! ConfigMgr 2012 also offers Software Metering – i.e. Is software deployed but not being used? We can determine this easily, and with a bit of simple SQL Querying we can automate the removal of the application. The one issue which still blights most enterprises is how to prevent deployment of applications when no licenses are remaining. In an ideal world, this wouldn’t be an issue, as the whole software approval process would look something like this: User requests a licensed application Service Desk passes the call to relevant parties; Whoever deals with software license purchasing to check license availability, costs etc IT Department to potentially ‘push back’ and ask for business justification and potentially suggest other software (Maybe a viewer is a better option?) Users manager to approve the ‘need’ for the software and potentially, the costs to his/her departmental budget CMDB guys to record software asset deployment Once the Service Desk has the required approval, the call is passed to ConfigMgr Administrator or Infrastructure guys to either (for example): Approve request from ConfigMgr Console Add the user to the relevant AD group for deployment. If, when the call gets to 2a/b/c there are no licenses left, and the users manager approves the cost then more should be purchased prior to the call being forwarded to next person/department. No manual installs should ever take place. Unfortunately, the above process is nearly always flawed. Another issue which impacts most enterprises is the recovery of licenses from lost, stolen or broken machines, or users who have left the company – its usually a dirty process which in most case is left to luck, and crossed fingers. There is a tool available on the market which can prevent deployment of applications if no licenses are available, easily recover licenses from lost, stolen or broken machines and even from users who have left the company. It can even help bring existing software installations under control. Slickey License Manager (http://www.slickey.com) can be easily implemented and work alongside ConfigMgr and/or any discovery tool. If you need would like to see a demo of Slickey contact us today to book a demo. Disclaimer: This is an advertisement with permission from windows-noob.com.