Patch Management Solution

 View Only

  • 1.  Customize Patch "Compliance by Computer" + Automation Policy

    Posted Mar 26, 2013 04:16 PM

    I have done some research and have see several different approaches to this problem.  My goal is to clone the "Windows Compliance by Computer" report and create one report for all Workstations (or Windows XP, 7) and another for all Servers (Windows 2003, 2008, etc).  Once each report is created I'll attach it to a automation policy.  

    I have successfully edited some minor parameters such a Release_Date_From and have successfully setup a automation policy.  My issue is how to tweak the cloned report for either OS types or workstations or servers?  

    Methods I've tried are editing the Report Parameters, Operating_System but under the default value how would I include more than 1 OS?

    I also read about using the FilterCollection parameter, as I do have filters that match my criteria but have not managed to get this to work.  Can you use created filters in this parameter?

    Any guidance for any of these questions would be appreciated.

    Rick

     

     

     

     

     

     

     



  • 2.  RE: Customize Patch "Compliance by Computer" + Automation Policy

    Posted Mar 26, 2013 04:46 PM

    I think the Patch reports are based on stored procedures rather than straight SQL code, so for any major customisation you'd have to find the stored procedure code and mess with that.

    Can you find a report that has already got a Filter as a parameter?



  • 3.  RE: Customize Patch "Compliance by Computer" + Automation Policy

    Posted Mar 26, 2013 06:54 PM

    I did see some ideas on creating a new store procedure but this method would possible change with following updates to the stored procedures....and more importantly I'm not a SQL expert.  

     

    I did find this How To with relation to canned reports and changing the FilterCollection: 

    http://www.symantec.com/docs/HOWTO42228 

    Basically it communicates that if you get the GUID of another filter you can replace the default, which is "All Windows Computers with Software Update Plug-in Installed", to another filter.

     

     

     



  • 4.  RE: Customize Patch "Compliance by Computer" + Automation Policy

    Posted Mar 27, 2013 11:30 AM

    OK the above link worked creating new filters and using the GUID to replace the default in the report.

    Is there a way to sort the report by compliance?

    Is there a way to remove computers that are 100% compliant?

    Is the only way to resolve the two questions by changing the stored procedure or is there another method?

    Thanks for help or direction with any of these questions,

    Rick

     



  • 5.  RE: Customize Patch "Compliance by Computer" + Automation Policy

    Posted Mar 28, 2013 02:36 PM

    OK final result.  I ended up using stored procedures as suggested.

    Using a combo of these posts.

     

     

    Filters

    http://www.symantec.com/docs/HOWTO42228 

    Create 2 filters to included "All Windows Computers with Software Update Plug-in Installed" and then exclude Servers on one and Workstations on another.  Cloned the Computer By Compliance report and using the above link and using the GUID from the new filters I successfully filtered the report by server and workstation.

    I then used the below steps to allow me to sort the report by compliance and Active updates:

    Stored Procedures (2 different posts same stored procedure)

    http://www.symantec.com/connect/blogs/patch-compliance-report-only-includes-updates-contained-policies

    http://www.symantec.com/connect/downloads/windows-targeted-update-compliance-computer-itms-71-sp2

    I then edited the stored procedure to sort by compliance instead of computer (simply changed the entry "ORDER BY [Computer Name]" to [Compliance]

    Voila