7 Replies Latest reply on Feb 11, 2011 11:23 AM by vhcprophet

    Reporting on Patching Status

    Rookie

      All,

       

      I am relatively new to LanDesk.  I am coming from an SMS and HFNetCheck background for patching software.  I believe I have my head around LanDesk's take on the patching process except for reporting.  I am on LanDesk 9.0.2.3 so I have the new reporting  that was added in the latest SP release.

       

      I have gone through all of the canned reports and I dont see some that meet my specific needs.  One example is that we keep binders for specific clients and in there a report of the servers for that client with the patches that are install on those systems and still required.  Is there an easy way to report on this from LanDesk?  I have seen the report "Deteced Vulnerabilities" and grouped by device.  I see there is an option to group or specify by "Locations" for the AD patch the computer account resides in.  Is there a way to have a custom "Location" group?  Say for example I need to run this report on a select number of systems and dont want but only the systems I need to report on.

       

      Also, how is everyone else reporting and following up on their patching?  If I patch 1000 systems and I have 30 failures, the most efficient way is to go to each and look at the log individually from the console of why it failed?

       

      If I want to just pull a report on say this year's patches of MS11-001 and MS11-002 and show all systems that are missing these patches individually, how could I do that?  I know I could go to each one and do a "affected computers" and try to compile things that way.  I see there is the "Detected Vulberabilities" report where you can choose Locations, Severity and Vulnerabilities, but the vulnerabilities are not all that easy to digest through and no MS numbers are associated and no search option.  So finding out the KB number and scrolling through all of the vulnerabilities to try and match that kb number up really the way to go?  Any help is appreciated!!

        • 1. Re: Reporting on Patching Status
          Rookie

          142 views and no replies!  I know people are using LanDesk for patching!

          • 2. Re: Reporting on Patching Status
            Rookie

            Know the feeling I have had post with multiple views and no response

             

            To see what patches are NEEDED on a device here's an example:

            "Computer"."Security and Patch Definitions"."Vulnerability ID"  =  "MS11-001_VISTA"  OR  "Computer"."Security and Patch Definitions"."Vulnerability ID"  =  "MS11-002"  OR  "Computer"."Security and Patch Definitions"."Vulnerability ID"  =  "MS11-002_VISTA_WIN2008_WIN7"  AND  "Computer"."Security and Patch Definitions"."Patch Currently Installed"  = "0"

            OR

            "Computer"."Security and Patch Definitions"."Vulnerability ID"  =  "MS11-001_VISTA"    OR    "Computer"."Security and Patch Definitions"."Vulnerability ID"  =  "MS11-002"    OR    "Computer"."Security and Patch Definitions"."Vulnerability ID"  =  "MS11-002_VISTA_WIN2008_WIN7"  AND  "Computer"."Security and Patch Definitions"."Detected"  =  "1"

             

            To see what patches are INSTALLED on a device here's an example:

            "Computer"."Security and Patch Definitions"."Vulnerability ID"  =  "MS11-001_VISTA"  OR  "Computer"."Security and Patch Definitions"."Vulnerability ID"  =  "MS11-002"  OR  "Computer"."Security and Patch Definitions"."Vulnerability ID"  =  "MS11-002_VISTA_WIN2008_WIN7"  AND  "Computer"."Security and Patch Definitions"."Patch Currently Installed"  =  "1"

             

            0 = NO 1 = YES

             

            Then you can bring this query into a report and chart as needed

             

            Troubleshooting failures can be a little difficult at times There may be multiple reason for a failure so looking at the logs is always a good place to start

            Another good place to look is in the Inventory Record

            %NODE% Custom Data - Security Scan - Pending File Rename Then you may see data in the Value box This folder will not be there unless the device needs to be rebooted Sometimes that could be blocking the patch install

             

             

            Hope it helps

            • 3. Re: Reporting on Patching Status
              Rookie

              Pat,

               

              Thank you very much for the reply!  I was quite excited to see one.  Forgive my lack of knowledge being new to LanDesk, but with the following do I need to create a new query in LanDesk with the information you provided below?  I dont see a way to provide a SQL query into the create a query wizard.  Even when trying to select the options one by one in the create a query wizard, the Security and Patch Definitions is not an available item.

               

              So I am not sure how to actually proceed to use the query you provided.  Again I appreciate the assistance.

              • 4. Re: Reporting on Patching Status
                Rookie

                You may want to consider calling Support

                 

                I don't know how your CORE is configured but if you are NOT retaining history for patches then you wil not see anything for I listed

                But take a look in Patch and Compliance - Click Down Arrow near Create a Task icon - SELECT Gather Historical Information

                That will allow you to retain the data for patches installed and NOT installed and query against it

                 

                I usually just go to My Queries and under an appropiate folder do New Query then take the selections provided above for any patch I need to know more information about

                 

                I don't want to tell you to do something and your core is not configured that way

                 

                I am still on 88 and heading towards 9 at the end of the month

                 

                The process is quite similar with both seups however RBA can also be stopping you from seeing what you want/need to see 

                 

                Good Luck

                • 5. Re: Reporting on Patching Status
                  Rookie

                  Thanks for the reply.  I did the gather historical information but I still dont see those listed in the query wizard.  I will reach out to support.  Thanks again for the assist.

                  • 6. Re: Reporting on Patching Status
                    Rookie

                    Sorry I may have mis led you.  The query I built ws from 88

                    In 9 you need to look in the inventory under Patch and Compliance Definitions

                     

                    The values I had indicated for INSTALLED or DETECTED still pertain

                    Best of Luck!

                    • 7. Re: Reporting on Patching Status
                      Rookie

                      I actually had just found that, guess the placement and labeling changed. Looking through it now.  Ths seems to work well for one patch, but following up say on patches that were just released for this month with 10+ patches released....not exactly the best.  Thanks again for your help!

                       

                      What I really wanted was a report that would show something like the following that I could run based upon a group or query of specific systems:

                       

                      ServerA name

                       

                      Patches still required listed

                       

                      ServerB name

                       

                      Patches still required listed