Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 689
  • Last Modified:

WSUS 3.0 - Report showing success rates of workstation patches,

Hi Experts,
I've been tasked with providing management with a report showing success rates of WSUS patches for our desktop fleet (3000 workstations)
What is the best/closet report I can provide them with using the WSUS reporting feature that can highlight this,
Many thanks in advance
0
craigleenz
Asked:
craigleenz
  • 5
  • 3
1 Solution
 
craigleenzAuthor Commented:
anything guys?
0
 
btanExec ConsultantCommented:
See if this help - After 24 hours, you can use the WSUS reporting feature to determine whether the updates have been deployed to the computers. To check the status of an update section (on "Update Status Summary report") from below
http://technet.microsoft.com/en-us/library/cc708475(v=ws.10).aspx

For accessing reporting feature of WSUS, you are required to install report viewer from Microsoft, not sure they have changed though as it is based on .net still @ http://www.microsoft.com/downloads/details.aspx?FamilyID=a941c6b2-64dd-4d03-9ca7-4017a0d164fd&displaylang=en
0
 
craigleenzAuthor Commented:
thanks for you response, however, I don't believe (based on articles I've been reading) that the report I'm wanting to produce for our client in possible using the native built in reporting in WSUS
probably a 3rd party tool or PowerShell could get me close,
I need a report summary showing a pie chart of how compliant all our workstations are, makes sense?
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
btanExec ConsultantCommented:
In forum, it shared that if you have Office Web Components installed on the reporting point, you can modify our reports to create those management graphs
https://social.technet.microsoft.com/Forums/systemcenter/en-US/866c686b-9662-4f1b-99f4-08922f7c84e3/snazzy-and-useful-patch-reports-lacking-in-sccm

This one used the script to crawl out the compliance check against update if you are interested
http://blogs.technet.com/b/wsus/archive/2008/06/20/baseline-compliance-report-using-public-wsus-views.aspx

then probably I suggest Solarwinds which has quite nice reporting stats which is useful for overall summary awareness http://www.solarwinds.com/patch-manager.aspx
OR Nessus is another candidate http://www.tenable.com/sc-dashboards/wsus-monitoring
0
 
craigleenzAuthor Commented:
sorry, none of these suggestion helped me,
0
 
craigleenzAuthor Commented:
the following power shell script resolved the issue for me
_________________________________________________________________________________________________________________________
function Connect-WSUS{
      param(
            [Parameter(Mandatory=$True,Position=1)] [string]$server
      )
      
      [void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
      $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($server,$False)
      $wsus
}

$wsus_server = "%servername%"
$wsus_target_group = "All_Workstations"
$report_file = "C:\scripts\wsus-ALL_Workstations_ByUpdate_Summaries.csv"

if (Test-Path $report_file) {Remove-Item -Path $report_file -Force}

$wsus = Connect-WSUS($wsus_server)

$group = $wsus.getcomputertargetgroups() | where-object {$_.Name -eq $wsus_target_group}

#build a new update scope, and limit our scope to only updates released to our target group.
$updatescope = New-Object "Microsoft.UpdateServices.Administration.UpdateScope"
$updatescope.ApprovedComputerTargetGroups.add($group)

write-host "getting updates approved for target group $wsus_target_group"
$updates = $wsus.getupdates($updatescope)

write-host "retrieved $($updates.count) updates"
write-host "Getting summaries " -NoNewline
$i = 0
$summaries = @()
foreach ($update in $updates) {
    $summary = $update.getsummaryforcomputertargetgroup($group)

    $properties = @{
        "UpdateID"=$update.Id.updateid;
        "Title"=$update.Title;
        "IsSuperseded"=$update.IsSuperseded;
        "KB"=$update.KnowledgeBaseArticles -join ';';
        "CreationDate"=$update.CreationDate;
        "NACount"=$summary.NotApplicableCount;
        "InstalledCount"=$summary.InstalledCount;
        "DownloadedCount"=$summary.DownloadedCount;
        "InstalledPendingRebootCount"=$summary.InstalledPendingRebootCount;
        "FailedCount"=$summary.FailedCount;
        "UnknownCount"=$summary.UnknownCount
    }
    $summaryobject = New-Object –TypeName PSObject –Prop $properties
    $summaryobject = $summaryobject | select Updateid,Title,IsSuperseded,KB,CreationDate,NACount,InstalledCount,DownloadedCount,InstalledPendingRebootCount,FailedCount,UnknownCount
    $i++
    write-host "." -NoNewline
    if ($i % 20 -eq 0) {write-host "$i/$($updates.count) done"}
    $summaries += $summaryobject
}

write-host "Now Outputting file : $report_file"
$summaries | export-csv $report_file -NoTypeInformation
0
 
btanExec ConsultantCommented:
thanks for sharing. on related for your interest, you can find PS script samples for
- Find Last Installed Update via Windows Update Using WSUS
- Find Last Installed Update via Windows Update Using Remote COM or PSRemoting

For further fields to extract from summaryobject, you can check out this blog too
0
 
craigleenzAuthor Commented:
none of the suggestion offered by other experts helped me,
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now