1 Reply Latest reply on Dec 7, 2013 11:59 AM by Lawrence Garvin

    Looking for Patch reporting


      Hello,  I am about 2 weeks into using Patch Manager.  I am looking for an on the fly report that will give me a list of computers in my domain and tell me which software is no up to date for each computer.  I have looked through the reporting section and tried to follow the guide to create a customer report, but that all looks at WSUS and I want to see all my third party software.  Thanks in advanced!



        • Re: Looking for Patch reporting
          Lawrence Garvin

          There are two ways you can approach this requirement.


          The first is that you can inventory the software that exists on your client systems and report based on what is actually installed. However, merely reporting on what is installed wil not necessarily convey whether the software is actually up to date. There are two available methods for performing a software inventory:


          • You can enable asset inventory collection via WSUS and leverage the WSUS Inventory Installed Software report that is contained in the Windows Server Update Services report category. To enable WSUS asset inventory collection, right click on the WSUS node, select Configuration Options, and enable the first option "Collect Extended Inventory Information". Please note that this option will significantly increase the size of your WSUS database, as well as the Patch Manager database. This asset inventory data is transferred into the Patch Manager database during the scheduled WSUS Inventory Task.
          • You can enable asset inventory collection via WMI using Patch Manager's Managed Computer Inventory capability. From the Managed Enterprise node (or other management group that may be defined), select your DOMAIN or WORKGROUP in the center pane, and then launch the "Schedule Inventory" task via the right-click context menu or the Actions Pane.


          It's also useful to understand the difference between these two inventory tasks.

          • The WSUS-based asset inventory task is a push task. The Windows Update Agent reports the asset inventory data to the WSUS server automatically as part of each detection event. Also worthy of note, the WSUS-based asset inventory task is an all-or-nothing situation; you cannot choose which items are inventoried.
          • The WMI-based asset inventory task is a pull task. The Patch Manager server initiates a connection to each individual system to collect asset inventory via WMI. In the pull operation, it is necessary that the target system is powered on and Patch Manager is configured with the correct credential to authenticate with the system. With the WMI-based asset inventory task, you can pick and choose which objects are inventoried from the client. You could even run multiple inventory tasks to inventory different clients for different objects.


          In some cases, the software inventory reports will identify the specific patch level of a product installed, if that product records that level of detail in Programs & Features.


          The second approach to this requirement is to publish third-party updates to the WSUS server. By publishing updates to the WSUS server, the Windows Update Agent will report status information on that update package (NotApplicable, Installed, NotInstalled). If you publish only the latest package, then you'll have simple information about which systems have installed it and which have not. If you wanted a more thorough report regarding specifically which versions are installed, for example, with JRE7, publish additional downlevel packages. Each client that has an instance of JRE7 installed will identify one of those various JRE7 packages as Installed, the older packages will be NotApplicable, and the newer packages will be NotInstalled. From there you can use the standard Computer Update Status report in the Windows Server Update Services Analytics report category to get detailed information about what is, and is not, installed on your systems.