In Part 1 of this series we created an Update List and Deployment Management Task, in Part 2 we targetted the Deployment Management Task and Verified that it worked visually and using logs, now we will analyse our compliance level for the Update List using built in Reports in ConfigMgr.
Note: To see Technet's page about Software Compliance please see here
Compliance 1 - Overall Compliance
The first thing we want to establish is how many computers in a specific collection are compliant for the Update List we created. This will give us a good idea of how our patching is going. Knowing which computers are compliant (or not) will enable us to ascertain the effectiveness of our patching regime. Please also note, that all reports here are are done in a Lab environment where many of the computers in the respective collections are virtual machines that may not be powered on or even exist any more...
Expand the Reporting Node in configmgr and select reports, on the right pane enter Compliance in the Look For field and press enter. Select the Compliance 1 - Overall Compliance report.
Right click on the report and choose Run
When the report appears we will need to enter some data
So lets click on the Value button to the right of the input box and select a value, in this case we will select our Windows XP Security Updates - March 2010 update list from the list of update lists available.
Do the same for our Collection ID (choose the collection we targetted...)
Once done, click on Display to display the report.
When the report appears you can see how many computers are compliant (or not) for that Update List, in the example below, 2 computers are compliant (it's a Lab).
If you want to get more info about the computers in the report, click on one of the arrows to drill down further into the report.
Once the computers are listed you can get even more details by clicking on the arrow to the left of the computername
Once that report appears you can further sort that report by colums, so click on bulletin ID twice to sort the new bulletin ID's
Now we can see that the March Updates we selected originally in Step 3 of this post are installed and therefore not required.
Now go back and look at all your Non-Compliant and/or Compliance State Unknown systems to see what they report, what they are missing and why.
In the next Part of this series, we will look at some more compliance reports for our Update List.
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
In Part 1 of this series we created an Update List and Deployment Management Task, in Part 2 we targetted the Deployment Management Task and Verified that it worked visually and using logs, now we will analyse our compliance level for the Update List using built in Reports in ConfigMgr.
Note: To see Technet's page about Software Compliance please see here
Compliance 1 - Overall Compliance
The first thing we want to establish is how many computers in a specific collection are compliant for the Update List we created. This will give us a good idea of how our patching is going. Knowing which computers are compliant (or not) will enable us to ascertain the effectiveness of our patching regime. Please also note, that all reports here are are done in a Lab environment where many of the computers in the respective collections are virtual machines that may not be powered on or even exist any more...
Expand the Reporting Node in configmgr and select reports, on the right pane enter Compliance in the Look For field and press enter. Select the Compliance 1 - Overall Compliance report.
Right click on the report and choose Run
When the report appears we will need to enter some data
So lets click on the Value button to the right of the input box and select a value, in this case we will select our Windows XP Security Updates - March 2010 update list from the list of update lists available.
Do the same for our Collection ID (choose the collection we targetted...)
Once done, click on Display to display the report.
When the report appears you can see how many computers are compliant (or not) for that Update List, in the example below, 2 computers are compliant (it's a Lab).
If you want to get more info about the computers in the report, click on one of the arrows to drill down further into the report.
Once the computers are listed you can get even more details by clicking on the arrow to the left of the computername
Once that report appears you can further sort that report by colums, so click on bulletin ID twice to sort the new bulletin ID's
Now we can see that the March Updates we selected originally in Step 3 of this post are installed and therefore not required.
Now go back and look at all your Non-Compliant and/or Compliance State Unknown systems to see what they report, what they are missing and why.
In the next Part of this series, we will look at some more compliance reports for our Update List.
Share this post
Link to post
Share on other sites