?
Solved

SCCM Reporting

Posted on 2016-10-24
6
Medium Priority
?
28 Views
Last Modified: 2016-11-18
Hey Folks, just a quick one, our client has asked us to identify a solution to categorise a PC e.g. assigned to one user, shared, etc to assist with deployment of security controls as per below:
• Improved asset security – if our client moves to a more highly mobile EUC fleet (i.e. mostly laptops / hybrid tablets) then the current method of asset management would not be adequate to ensure that our client can effectively control its assets.
• Improved group policy options – by ensuring that all our clients devices have a category defined (e.g. individual, shared – meeting room, shared – contact centre, shared – border etc), /our client would have the ability to apply group policy to specific category of devices.
is this possible using SCCM?
0
Comment
Question by:craigleenz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 18

Expert Comment

by:Mike T
ID: 41858721
Hi,

This sounds more like a job for basic Group Policy and AD design. It certainly has nothing to do with SCCM reporting. Reporting can only tell you detail about a machine and what software or hardware it has.
You can also report on settings and fix them, which is by using Compliance.

This means for example you can check if the cache size is set to 10GB on machines that are in the "Graphic Designers" OU, and both report and fix it if not.

SCCM has nothing to do with Group Policy options by itself. It can report settings by looking at the registry keys, but no reporting is "live" - only giving a historic view.

If you need a bit more help please explain in more depth because it's slightly confusing what you wrote above.

Mike
0
 

Author Comment

by:craigleenz
ID: 41861530
thanks Mike T, Basically our client is wanting to bill bussiness units for the amount of assets (IE: workstations/laptops/tablets) etc they own
0
 
LVL 18

Expert Comment

by:Mike T
ID: 41863193
Hi,

OK, that's simple enough. You need to run hardware inventory and can then use one of the inbuilt reports to show the machine headcount. By default inventory (aka HWInv) runs every 7 days. For charging usage of PCs that's probably too long, so you will need to increase the inventory frequency. Do this by creating a new custom Client Settings policy, add Inventory and set the frequency to daily. This will be fine, network wise, as new scans are only deltas. You can make it more often than that if you really want to, but daily ought to be fine.

Mike
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:craigleenz
ID: 41863199
Thanks Mike, the issue now is identifying where these assets are in the environment at present?
Workstations are built, but we have no control whose desk they actually end up on
0
 
LVL 18

Accepted Solution

by:
Mike T earned 2000 total points (awarded by participants)
ID: 41863533
Hi - that's a far bigger problem and strictly outside of SCCM control! The only way to physically trace machines is by network port. This would then mean tracking MAC addresses and comparing what appears on each switch and knowing the switch 5, port 4 means Floor 2, desk 37.

Either that, or have someone walk around with a clipboard every day. I've seen that happen and am now observing the network method. SCCM can help with gathering the MAC addresses I guess but that's where it ends.
0
 
LVL 18

Expert Comment

by:Mike T
ID: 41892670
This problem is only partially solvable by IT. It's more a physical issue that requires asset management.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question