Garrett804 Posted March 10, 2015 Report post Posted March 10, 2015 So the reason your compliance numbers are so low is because your ADR's are adding the new updates they find to an existing group which is causing the group to constantly have to re-evaluate. Depending on the activity on your clients and how often they are on the network as well as how often you are running your compliance checks it takes some time to get the numbers back. One way to do the ADR's would be to run them once per month and have them create a new group everytime they are ran. This will leave the old group with its compliance numbers so that it won't re-evaluate on you. Once a quarter or 1/2 year or full year you can take the groups and combine them down to a single group covering a larger time period. For instance I take my update groups once they reach 85% compliance and merge them into a bigger group for the entire quarter and then finally the entire year. (with the amount of updates lately though this is more difficult to merge due to the cap of 1000). I haven't moved the November and December 2014 into the year group yet because of the updates limit per group. You can see my ADR group which is the Microsoft Forefront Endpoint one has low compliance because of the constant changes to the group and it having to re-evaluate constantly. Basically the same situation that you are having. Quote Share this post Link to post Share on other sites More sharing options...
Kops Posted March 20, 2015 Report post Posted March 20, 2015 Thanks for the reply Garrett, interesting thoughts. What you've said might explain a few things.. We have an ADR for Critical/Security updates only that runs every day, and adds to an existing software update group (to avoid creating new groups everyday) - this is the one with the low compliance. I've now created another ADR to run every second wednesday for regular windows updates and to create a new group each time, so I'll monitor how that reports compliance and see how that goes. If I report out of Monitoring > Reports, the compliance numbers actually look great. It just seems to be in the Software Update Group area that shows them very low. Quote Share this post Link to post Share on other sites More sharing options...
Garrett804 Posted March 20, 2015 Report post Posted March 20, 2015 The way to tell your entire environment compliance would be to go to Software Library > Software Updates > Software Update Groups. The compliance numbers there are for the entire environment regardless of deployment. To see the compliance isolated to a deployment then you'd have to run a report based on a given collection of machines as you are probably already doing. Quote Share this post Link to post Share on other sites More sharing options...
