4 Replies Latest reply on Jan 14, 2014 12:05 PM by HMote

    MS Patches Needed Per Server

    HMote

      In SCCM 2010, I was able to create a dashboard/report which listed which patch was needed per server which I could organize and give to the admins for installation.  Since SCCM 2012 moved to SSRS, my report wouldn't transfer.

       

      We've since purchased Patch Manager and I currently have the newest 2.0 version installed; how do I create this report, or does it already exist?  Thanks!

        • Re: MS Patches Needed Per Server
          Lawrence Garvin

          Greetings Heath.

           

          If you enable client reporting to the SUP as discussed in this blog article, you can then run a daily WSUS Inventory and use the Computer Update Status report to geneate this information. You can filter by one or more machines, export that filtered view to Excel, and then email the Excel report to the appropriate sysadmin(s).

           

          Alternatively, you could create customized reports by machine name and schedule/email those reports automatically.

          1 of 1 people found this helpful
            • Re: MS Patches Needed Per Server
              HMote

              Ok, I've got my data coming in and the report setup, but what column do I need to key off of to get the MS patches that are not installed?  I've got the security bulletin set to is not empty and the not installed field set to > 0, but my results cannot be true.  I've got some of the updates listed multiple times per server and some showing up under servers which I know has the update installed. 

                • Re: MS Patches Needed Per Server
                  Lawrence Garvin

                  Ok, I've got my data coming in and the report setup, but what column do I need to key off of to get the MS patches that are not installed?

                  Well, that really depends on what report you've created and which columns you're using. My original suggestions was to start with the Computer Update Status report, in which case it would be a simple as filtering in the Report Viewer to suppress the entries for the updates already installed.

                  I've got the security bulletin set to is not empty and the not installed field set to > 0, but my results cannot be true.

                  I would suggest first determining the correct filters to use by using the Report Viewer, and then once you've determined that it's a simple matter to apply those filters to a report definition. Also, the "Not Installed" column is not the one you want to be using to filter the updates that are installed.

                  I've got some of the updates listed multiple times per server

                  This is flat out impossible, in a properly declared report definition, so we're probably going to have to look at what you're actually looking at to sort that out. If you could either paste a screen image or attach a PDF showing these "updates listed multiple times per server" we can work from that.

                  and some showing up under servers which I know has the update installed.

                  Which is entirely possible if the report declaration is not proper for what you're trying to retrieve and you're not actually reporting on updates that are Installed.

                   

                  So let's start here:

                  1. Run the Computer Update Status report.
                  2. Open the filter dropdown for the Update Installation State (Friendly Name) column and uncheck the "Installed" value.
                  3. Sort or group by the Computer Name column if you wish.
                  4. Review the results.
                    • Re: MS Patches Needed Per Server
                      HMote

                      Ok, I got it worked out.  You were right about the "Installed" value.

                       

                      I was able to make use of the appropriately named, "Computer Update Status Approved Updates Not Installed" and then use the "Computer Update Status With Details" datasource to get my report created.

                       

                      I found out the reason I was getting the duplicates, which turned out to be duplicates of the Service Bullitins.  These can be assigned for multiple OS's and versions but retain the same SB number...that's where my duplicate SB's were coming in.

                       

                      Thanks for pointing me in the right direction!

                      1 of 1 people found this helpful