SCCM – Software Updates Compliance Reports

Here’s a report that I’ve created to obtain the compliance status for the software updates. The first report will allow you to get the information for selected update classifications and for a specific collection. Then the second report, give you the ability to drill down for a specific computer and get the detail by computer as well as the % of compliance based on the selected classification(s).

Here are some screenshots of this reports;

Software Updates – Collection Status

img141

Software Updates – Computer Status

142

You can also expand the result by classification to get the detail.

143

Also note that the targeted count don’t include the updates which are already installed.

So if you’d like to use them, the only thing you need it’s to download those .RDL files, import it and changed the datasource for the appropriate one.

– Software update – Compliance Status By Collection

https://docs.google.com/file/d/0ByVMhVXdDQn4ak1URDE0NnhwWTg/edit?usp=sharing

– Software update – Compliance Status By Computer

https://docs.google.com/file/d/0ByVMhVXdDQn4MkNOSlhGR3pvRFU/edit?usp=sharing

Advertisements

22 thoughts on “SCCM – Software Updates Compliance Reports

  1. EugeneOS

    Thank you. Excellent reports.
    Is it possible to include Compliance gauge into Compliance Status by collection report? This will greatly help to have a birds eye view on the collection.

  2. Jacky Chua

    your report to useful , can I ask how to show all the updates in one report ?
    can I see all the update classification example :- Critical Updates, Security Updates , Service Packs, Update Rollups and Updates. because in your report only can choose one update , under the filter value.

  3. Mike

    Hi,
    I have downloaded the RDL files, upload them to the SQL Server Reporting Services portal on my SCOM SQL server, Open them with Report Builder, and changed datasource to my “Data Warehouse Main” source.
    However when executing a report I get error.
    —————————-
    Query execution failed for dataset ‘Update_Classification_DS’. (rsErrorExecutingCommand)
    —————————-
    An error has occurred during report processing. (rsProcessingAborted)

    Can you give me a tip what I do wrong?
    BR
    Mike

  4. Claus

    Thank you, thank you, thank you for sharing

    They where exactly what I was searching for. Can not understand why MS do not have report showing missing update per client account but only per software update.
    Your Security update Compliance Overview report is pure gold.

    Can you assist me in adding the maintenance window as a column in the report. This would make my server QA so easy as never before.

  5. Bao

    First of all, I love the Status by Collection report awesome details. Thank you for sharing.

    Is there anyways you could change the Update Classification to Update Group instead?

  6. David

    Nicely Done. I would love to have this do one more thing and that is to be able to limit to a software update group. Reason is, say I give this report to a server remediation team, I would like to have it only show the missing software Updates from the SUG so they can only install and the updates missing from the Software Update Group.

  7. David

    Nicely done I would like to see if it would be possible to have the first report limited to a Software Update group. So in the drill down “Computer Detail” report I can only see the updates missing from the fisrst report limited to a Software Update Group.

  8. Cory

    How could you show the collection version, but only show what is deployed to the collection only and not what else is required. Example. We have our servers up to date as of June 2015 so I want compliance for only what is deployed. Thoughts?

    • Simon Brouillard

      Well, what you can do for that is change the collection parameter to only return values that are targeted by this SUG. In my case, as my group as more 1000 updates and it’s only use for compliance rather than deploying updates, that’s not a requirement.
      Let me know, if that make sense for you? So basically, you will only get updates in a SUG that target your collection servers

  9. Cory

    Yes it makes since, but I don’t know which part of the query is only the SUG that are applied compliance. Thoughts?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s