One of the lesser known features of Patch Manager is its ability to supplement the reporting capabilities of Configuration Manager. What makes Patch Manager the choice of interest is not what it does, but how it does it, to wit, predefined report templates and an easy to use report builder. This functionality, though, is not immediately available for use right out-of-the box; it requires some additional options configurations inside Configuration Manager. In this article we’ll show you how to turn on the client reporting to the Configuration Manager Software Update Point (SUP) so that you can get update compliance data using the Patch Manager reporting system.

 

In a WSUS standalone environment the Windows Update Agent automatically reports state information to the WSUS server. However, in the Configuration Manager environment, this automatic reporting is suppressed, and the only state information reported comes from the Configuration Manager Agent to the Configuration Manager Management Point server.

To enable the clients in a Configuration Manager environment to report state information to the SUP, you’ll need to modify the configuration of the SUP component in the Configuration Manager console.

 

Enabling WSUS Reporting Events in Configuration Manager 2012

CM2012 SUP Component Configuration.png

In the Configuration Manager 2012 console:

  1. Select the Administration workspace.
  2. Select the Site Configuration node.
  3. Select the Site from the list of sites in the details pane.
  4. Open the Configure Site Components menu.
  5. Select Software Update Point to launch the SUP component properties dialog.

CM2012 SUP Reporting Events Option.png

     6. Select the Sync Settings tab, and in the WSUS reporting events section at the bottom of the dialog, select the option Create all WSUS reporting events.

Enabling WSUS Reporting Events in Configuration Manager 2007

CM2007 SUP Reporting Events Option.png

In the Configuration Manager 2007 console:

  1. Navigate through the Site Database -> Site Management -> Site -> Site Settings tree.
  2. Select the Component Configuration node.
  3. Select the Software Update Point Component entry from the list of components in the details pane.
  4. Right click and launch the Properties dialog.
  5. Select the Sync Settings tab, and in the WSUS reporting events section at the bottom of the dialog, select the option Create all WSUS reporting events.

Client Behavior

The clients will upload their state information to the SUP database during their next scheduled Software Updates scan. How long this will take depends on the frequency you have configured for Software Updates scans. At most it should take no more than a full day. Alternatively, you can use the Client Management tools in Patch Manager to force your clients to perform a Software Update scan immediately, or at a scheduled time.

Configuring a WSUS Inventory Task for Configuration Manager Environments

PM Launch WSUS Inventory.png

While you’re waiting for the clients to upload their state information to the SUP, you can configure Patch Manager to perform a WSUS Inventory when those uploads have completed.


Drill into the Update Services -> SUP node of the Patch Manager console, right-click, and select WSUS Inventory to launch the inventory configuration dialog. Use the default options, and configure the task to run at a time and frequency appropriate to your needs. Typically, this would be a daily task run during non-working hours.

 

Using WSUS Reporting

Once the WSUS Inventory task has completed, you can use the reports and datasources in the Patch Manager MMC console to access the client-reported state information. The best place to start is the Computer Update Status report, which is a general report for all clients and all updates showing the installation state for each update on each client. Updates identified as "NotApplicable" are automatically suppressed from this report, so the report focuses only on the installable updates and whether or not they are installed.

Finding WSUS Reports in Patch Manager console.png

Make special note that in a Configuration Manager environment, there are no update approvals, so you might wish to remove the Approval State column from your reports since it has no meaning.

 

For more information about creating the WSUS Inventory task and using the Patch Manager WSUS reports, please review these resources: