Custom report, checking machines compliance. Best way to approach this?

[JacobE]

Hi all,

 

I've been tasked at work at setting something up, possibly a report which needs to do the following:

 

1) Check all machines for versions of specific software installed

2) Show machines which have incorrect versions of said specific software

 

The main objective being that we want to ensure that all machines are running the correct version of core applications (not that this should change but vendors may release an update, they may be a glitch which causes it to self update etc)

 

Also, we would like this report to run once a week and email us the results, is this possible?

 

Any help on the matter appreciated, my SQL skills are pretty dire so if anyone has some code I can throw into a report and begin customizing that would be great.

Thanks

Jake

[GarthMJ]

What is wrong with the built-in reports?

 

Yes, you can email the reports to yourself. http://youtu.be/sO0Y_IxdE8w

[JacobE]

What is wrong with the built-in reports?

 

Yes, you can email the reports to yourself. http://youtu.be/sO0Y_IxdE8w

 

Nothing, they just don't do what I'm asking unless I've missed one.

[GarthMJ]

What wrong with "count of all instances of software registered with add or remove programs"? This will give you exact what you asked for then you can drill down to get who have the software that you don't want.

[JacobE]

What wrong with "count of all instances of software registered with add or remove programs"? This will give you exact what you asked for then you can drill down to get who have the software that you don't want.

 

That report is great and I use it a lot during software true-up time, however I specifically want to be reported on machines that are not compliant to what we consider standard. I want it all summarised for applications X Y & Z not every single minuscule application/random file on each machine.

 

So I want the report to look something like:

 

Adobe Reader: 0

Adobe Flash: 0

Oracle Java: 5

Microsoft Office 2010: 0

 

I want to report to know that as I have the 'compliant' version of Java set to V1.0.6_39 that those 5 machines that have a different version, therefore it lists them and I know specifically which machines to target, without having to trawl through a big long report otherwise.

[GarthMJ]

Yes, this can be done but there are caveats that you must be aware of or design for. aka What happen when office is update to SP1 or SP2? What happens when a PC have two version of java installed or listed within ARP?

 

IMO, you will be updating the report monthly or more often than that. I would stay with the other report, it will be less work.

[JacobE]

Yes, this can be done but there are caveats that you must be aware of or design for. aka What happen when office is update to SP1 or SP2? What happens when a PC have two version of java installed or listed within ARP?

 

IMO, you will be updating the report monthly or more often than that. I would stay with the other report, it will be less work.

 

Ah I know it will be a lot of work, but my manager is pretty keen on getting something setup on a trial basis. I would do better to get him something working but a pain in the neck to show it can be done, then convince him its a waste of time overall rather than to not try at all.

[GarthMJ]

I would suggest starting with the report listed above and customize it.

 

IMO I would make sure that they know how much work it is for you to do this and make sure that they understand the caveats.

[JacobE]

Mini thread revival and update!

So going back to this, I looked into customizing reports but my SQL skills just aren't up to scratch! So after looking into this a bit more I'm exploring the configuration baseline possibility.

 

Initial tests look good and its pretty easy to setup, specifying against registry values/product codes I can then create a subscription to a report "Summary compliance of a configuration baseline for a collection" to run once a week and store it on a server somewhere, and from that create a scheduled task to email out said report out to myself and the team. Therefore we would know which machines are not compliant.

The key is making sure remediation is switched off so it doesn't enforce any changes for we would like to control that ourselves, and it keeps my manager happy...it'll also be pretty easy to maintain as core applications are not updated all that often.

 

Thought I'd add this in for anyone else looking for a similar solution.

 

TLDR - Use the configuration baseline for what it was designed for.

[GarthMJ]

It great that you have something working for you but IMO this will be a lot of work to maintain just like the reporting option above.

 

If this works for you, then great.

[JacobE]

Well I'm going to set in stone this is for core applications only so I avoid just that. Core applications get updated a couple of times a year, if that. So it won't be much to maintain