none
Patch Compliance Report

    Question

  • Hello,

    I have been trying to get a report from SCCM that details what machine needs what patch applied. I am very new to SCCM reporting and have been having a real difficult time trying to figure this out.

    What I need is a report that essentially states "this patch, X, needs to be applied to these machines." Imagining the report layout, I would think something like this is what I am looking for:

    Bulletin ID  |  Computer  |  Severity  |  Release Date
    --------------------------------------------------------------------
    KB123456      Machine5      Critical       January 5, 2013
    KB123456      Machine9      Critical       January 5, 2013
    KB876987      Machine44    Important  January 5, 2013
    KB546373      Machine71    Moderate   February 9, 2013

    I've looked at a couple places on the 'net to give me some clues, but nothing seems to really be what I need. Here are a couple places I've been:

    http://pleasepressanykey.blogspot.com/2010/08/sccm-patchmgmt-custom-reports.html

    http://eskonr.com/2010/03/monthly-patch-statistics-reports-to-show-up-to-the-management-in-a-simplified-manner/

    https://login.live.com/login.srf?wa=wsignin1.0&wtrealm=social.technet.microsoft.com&wreply=https%3a%2f%2fsocial.technet.microsoft.com%2fForums%2fsystemcenter%2fen-US%2fb3ee44bc-bf6e-44c3-bdb1-4571830aa725%2fsccm-report-by-computer%3fstoAI%3d10&wp=MBI_FED_SSL&wlcxt=microsoft%24microsoft%24microsoft

    Any direction on this would be great!

    TIA



    Friday, August 30, 2013 5:12 PM

Answers

All replies

  • Hi,

    there is a built-in report, it's in the Software Updates category, it's named "Management 1 - Updates required but not deployed "

    This will give you a total view of your estate, and you can drill-down into specific updates etc.

    It's based on update scan/detection data that clients pass back to your site, so if a client isn't reporting in, you won't see the "required" updates.

    Also, the scan/detect is based upon the products and classifications that you have enabled on your SUP, so, if you haven't enabled a particular product/classification, that won't be scanned for, so won't be reported as "required".


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    Friday, August 30, 2013 11:32 PM
  • Thanks for the reply, Don.

    That is helpful, but unfortunately I can't use that report. It must be in the format I explained in my original question. That is - {machine name} {patches missing from that machine} {Severity} {Release Date}.

    Also, I just realized I added this thread to SCCM 2007 when it should have been in SCCM 2012 forums. I've re-posted the original question here: http://social.technet.microsoft.com/Forums/en-US/cc6a27d3-50c1-450d-a538-d304d0740bbd/patch-compliance-report

    Just in case someone wants to follow the progress of this thread.

    Thanks!

    Dale

    Wednesday, September 04, 2013 7:57 PM
  • not sure if there are any readily available reports that you are looking/ the format what you need.

    you may have to customize the reports with the existing report what you have posted above OR

    you can contact enhansoft for such kind of reports. they do provide various reports http://be.enhansoft.com/



    Eswar Koneti | Configmgr blog: www.eskonr.com | Linkedin: Eswar Koneti | Twitter: Eskonr

    Thursday, September 05, 2013 7:14 AM
  • I concur, there is not a canned report that will show me what I need. That's why I've been lookig to create my own (and getting even more frustrated each day with it).

    I'll look at the URL you've suppllied, Eswar, but does anyone have an idea of how to get this report created on my own?

    Thursday, September 05, 2013 9:02 PM
  • I have a blog entry for this for a per server basis. See if it helps

    http://blog.theinfraguys.com/2013/09/sccm-patch-compliance-listing-required.html


    Http://blog.theinfraguys.com | Please remember to click “Mark as Answer” on my answer if it helps. :)

    Friday, September 06, 2013 2:45 AM
  • I work for Enhansoft...

     

    I think Eswar meant to point you to our Software Update Reports. There is one there that is close to what you are looking for "Count of PCs Missing Software Updates by Classification".

    http://be.enhansoft.com/post/2013/04/10/New-Software-Update-SSRS-Reports.aspx

     


    http://www.enhansoft.com/

    Friday, September 06, 2013 8:49 PM
  • I’m trying to clean up old posts, Did you figure this out, if so how?


    http://www.enhansoft.com/

    Saturday, September 14, 2013 2:33 PM
  • Sorry for the delay on this thread. I've been out on vacation.

    No, I'm still looking for a solution. Vincez seems to have a good report, but I still need a list of machines in the enterprize that are missing patches.

    The solution Vincez has is good for a single machine, but I'm mandated to have a full list of machines from the enterprize.

    Monday, September 16, 2013 2:55 PM
  • Hi there,

    please refer to the below post I have just included

    http://blog.theinfraguys.com/2013/09/sccm-patch-compliance-report-for.html

    This will enable you to have the option to retrieve all machines or certain machine names by wildcard :)


    Http://blog.theinfraguys.com | Please remember to click “Mark as Answer” on my answer if it helps. :)

    Tuesday, September 17, 2013 12:25 AM