Solved

SCCM Reporting

Posted on 2016-10-24
6
25 Views
Last Modified: 2016-11-18
Hey Folks, just a quick one, our client has asked us to identify a solution to categorise a PC e.g. assigned to one user, shared, etc to assist with deployment of security controls as per below:
• Improved asset security – if our client moves to a more highly mobile EUC fleet (i.e. mostly laptops / hybrid tablets) then the current method of asset management would not be adequate to ensure that our client can effectively control its assets.
• Improved group policy options – by ensuring that all our clients devices have a category defined (e.g. individual, shared – meeting room, shared – contact centre, shared – border etc), /our client would have the ability to apply group policy to specific category of devices.
is this possible using SCCM?
0
Comment
Question by:craigleenz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 17

Expert Comment

by:Mike T
ID: 41858721
Hi,

This sounds more like a job for basic Group Policy and AD design. It certainly has nothing to do with SCCM reporting. Reporting can only tell you detail about a machine and what software or hardware it has.
You can also report on settings and fix them, which is by using Compliance.

This means for example you can check if the cache size is set to 10GB on machines that are in the "Graphic Designers" OU, and both report and fix it if not.

SCCM has nothing to do with Group Policy options by itself. It can report settings by looking at the registry keys, but no reporting is "live" - only giving a historic view.

If you need a bit more help please explain in more depth because it's slightly confusing what you wrote above.

Mike
0
 

Author Comment

by:craigleenz
ID: 41861530
thanks Mike T, Basically our client is wanting to bill bussiness units for the amount of assets (IE: workstations/laptops/tablets) etc they own
0
 
LVL 17

Expert Comment

by:Mike T
ID: 41863193
Hi,

OK, that's simple enough. You need to run hardware inventory and can then use one of the inbuilt reports to show the machine headcount. By default inventory (aka HWInv) runs every 7 days. For charging usage of PCs that's probably too long, so you will need to increase the inventory frequency. Do this by creating a new custom Client Settings policy, add Inventory and set the frequency to daily. This will be fine, network wise, as new scans are only deltas. You can make it more often than that if you really want to, but daily ought to be fine.

Mike
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 

Author Comment

by:craigleenz
ID: 41863199
Thanks Mike, the issue now is identifying where these assets are in the environment at present?
Workstations are built, but we have no control whose desk they actually end up on
0
 
LVL 17

Accepted Solution

by:
Mike T earned 500 total points (awarded by participants)
ID: 41863533
Hi - that's a far bigger problem and strictly outside of SCCM control! The only way to physically trace machines is by network port. This would then mean tracking MAC addresses and comparing what appears on each switch and knowing the switch 5, port 4 means Floor 2, desk 37.

Either that, or have someone walk around with a clipboard every day. I've seen that happen and am now observing the network method. SCCM can help with gathering the MAC addresses I guess but that's where it ends.
0
 
LVL 17

Expert Comment

by:Mike T
ID: 41892670
This problem is only partially solvable by IT. It's more a physical issue that requires asset management.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question