SCCM Patch Compliance Reports

Updated: 2013-11-20 – Fixes for rdl files and 2012 report, I’ve edited the RDLs but I have no infrastructure currently to test on so feedback is welcome.

I was watching SCCM Guru Episode 9 with Garth Jones, when I saw in his powerpoint presentation two reports for patch compliance that I liked the look of. So I decided to see if I could emulate the reports, I will say here having only seen the final product in his slide my reports will look similar to his, and may even share code, however I have not seen ANY of his code so any similarities here are purely coincidental and not me just copying his code and taking credit.

Report 1: MissingUpdatesByCollection – This report will list the counts of missing updates for all systems in a collection where the updates are listed in the specified update list. This report is set to link to the MachineVulnerabilityReport to provide the ability to drill down. It is worth editing the collections query for this report as currently it is set to show all XP, all Servers and all 2003 servers, which depending on your site be a rather large amount of machines. You may also want to edit the report name field for the link if you rename these reports.

Report 2: MachineVulnerabilityReport – This report will list the missing updates for a specific system where the updates are listed in the specified update list.

As always if you know of any improvements that could be made to the reports or notice any bugs please leave a comment.

Reports

• SU - MachineVulnerabilityReport.rdl (4668)

– Now Includes Count error Fix, Thanks to Russ

• SU-MachineVulnerabilityReport2012.rdl (2284)

– Submitted by Max in Comments section, Untested by me if someone can confirm it works it would be appreciated.

• SU - MissingUpdatesByCollection.rdl (4834)