This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

MS Patches Needed Per Server

In SCCM 2010, I was able to create a dashboard/report which listed which patch was needed per server which I could organize and give to the admins for installation.  Since SCCM 2012 moved to SSRS, my report wouldn't transfer.

We've since purchased Patch Manager and I currently have the newest 2.0 version installed; how do I create this report, or does it already exist?  Thanks!

  • Greetings Heath.

    If you enable client reporting to the SUP as discussed in this blog article, you can then run a daily WSUS Inventory and use the Computer Update Status report to geneate this information. You can filter by one or more machines, export that filtered view to Excel, and then email the Excel report to the appropriate sysadmin(s).

    Alternatively, you could create customized reports by machine name and schedule/email those reports automatically.

  • Ok, I've got my data coming in and the report setup, but what column do I need to key off of to get the MS patches that are not installed?  I've got the security bulletin set to is not empty and the not installed field set to > 0, but my results cannot be true.  I've got some of the updates listed multiple times per server and some showing up under servers which I know has the update installed. 

  • Ok, I've got my data coming in and the report setup, but what column do I need to key off of to get the MS patches that are not installed?

    Well, that really depends on what report you've created and which columns you're using. My original suggestions was to start with the Computer Update Status report, in which case it would be a simple as filtering in the Report Viewer to suppress the entries for the updates already installed.

    I've got the security bulletin set to is not empty and the not installed field set to > 0, but my results cannot be true.

    I would suggest first determining the correct filters to use by using the Report Viewer, and then once you've determined that it's a simple matter to apply those filters to a report definition. Also, the "Not Installed" column is not the one you want to be using to filter the updates that are installed.

    I've got some of the updates listed multiple times per server

    This is flat out impossible, in a properly declared report definition, so we're probably going to have to look at what you're actually looking at to sort that out. If you could either paste a screen image or attach a PDF showing these "updates listed multiple times per server" we can work from that.

    and some showing up under servers which I know has the update installed.

    Which is entirely possible if the report declaration is not proper for what you're trying to retrieve and you're not actually reporting on updates that are Installed.

    So let's start here:

    1. Run the Computer Update Status report.
    2. Open the filter dropdown for the Update Installation State (Friendly Name) column and uncheck the "Installed" value.
    3. Sort or group by the Computer Name column if you wish.
    4. Review the results.
  • Ok, I got it worked out.  You were right about the "Installed" value.

    I was able to make use of the appropriately named, "Computer Update Status Approved Updates Not Installed" and then use the "Computer Update Status With Details" datasource to get my report created.

    I found out the reason I was getting the duplicates, which turned out to be duplicates of the Service Bullitins.  These can be assigned for multiple OS's and versions but retain the same SB number...that's where my duplicate SB's were coming in.

    Thanks for pointing me in the right direction!