Steve G. Posted July 21, 2014 Report post Posted July 21, 2014 (edited) I've been tasked to generate some reports that will show update compliance. The thing that is not easy for the requestor to appreciate readily is that our enterprise has thousands of computers and there are thousands of updates in question. So, how can such information be presented in a spreadsheet in a practical, digestible fashion? I could try to generate a report that shows all the computers and then puts their compliance stats next to them (updates #, required #). Or I could try to generate an even more elephantine report with all deployed updates and their compliance stats (computers installed #, computers required #, unknown #, compliance %). Doesn't look like there's a canned report that does either of these for me. The absence of a canned report gives me the suspicion that I'm missing out on a proper way to skin the cat. Our SCCM environment haven't utilized either update lists or configuration baselines, so would these be of help? Thanks! EDIT: Just to clarify, I am talking about overall compliance for updates, not a single specific update or deployment. Edited July 21, 2014 by Steve G. Quote Share this post Link to post Share on other sites More sharing options...
Peter van der Woude Posted July 21, 2014 Report post Posted July 21, 2014 Can't you just use the buildin report of Compliance 1 - Overall compliance. With that report you can see the overall compliance of a software update group to a collection. Quote Share this post Link to post Share on other sites More sharing options...
BrianGW Posted July 21, 2014 Report post Posted July 21, 2014 I have been looking for a reliable report as well. I was using the Compliance 1 - Overall Compliance report for a long time until I started to have problems with my servers showing as non compliant or compliance unknown. I would check the server and it would appear as though the server was actually compliant. I would try to force a state message but that would not resolve the issue. After submitting a Microsoft ticket, they told me that the Overall Compliance reports works off of WSUS and not the actual deployments I made. They told me to utilize States 3 - States for a deployment and computer. However, I question whether or not that is the correct report as well. I would love to hear other people weigh on this as well. Quote Share this post Link to post Share on other sites More sharing options...
Steve G. Posted July 21, 2014 Report post Posted July 21, 2014 Can't you just use the buildin report of Compliance 1 - Overall compliance. With that report you can see the overall compliance of a software update group to a collection. The overall compliance report works off of an update list. So essentially, I'd have to build a massive update list with every update. I suspect that if I made it something broad like all Windows 7 updates, I'd wind up hitting the same kind of cap I run into with software update groups in SCCM 2012. Worse still, if it is similar to the Overall Compliance report in 2012, then it's just as impractical. What that particular report does is show compliance as a binary state. Computers are either compliant (because they have every update in the specified SUG) or non-compliant (because they are missing even just one). The user can then drill into the report by clicking on individual computers to see all the updates in the universe that are applicable to it (even those not deployed to the SUG), with asterisks in the "Approved", "Installed", and "Required" columns. This does not seem to be an effective means for an admin to provide management with a snapshot view of update compliance. Quote Share this post Link to post Share on other sites More sharing options...
