[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

SCCM Reporting

Posted on 2016-10-24
6
Medium Priority
?
32 Views
Last Modified: 2016-11-18
Hey Folks, just a quick one, our client has asked us to identify a solution to categorise a PC e.g. assigned to one user, shared, etc to assist with deployment of security controls as per below:
• Improved asset security – if our client moves to a more highly mobile EUC fleet (i.e. mostly laptops / hybrid tablets) then the current method of asset management would not be adequate to ensure that our client can effectively control its assets.
• Improved group policy options – by ensuring that all our clients devices have a category defined (e.g. individual, shared – meeting room, shared – contact centre, shared – border etc), /our client would have the ability to apply group policy to specific category of devices.
is this possible using SCCM?
0
Comment
Question by:craigleenz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 18

Expert Comment

by:Mike T
ID: 41858721
Hi,

This sounds more like a job for basic Group Policy and AD design. It certainly has nothing to do with SCCM reporting. Reporting can only tell you detail about a machine and what software or hardware it has.
You can also report on settings and fix them, which is by using Compliance.

This means for example you can check if the cache size is set to 10GB on machines that are in the "Graphic Designers" OU, and both report and fix it if not.

SCCM has nothing to do with Group Policy options by itself. It can report settings by looking at the registry keys, but no reporting is "live" - only giving a historic view.

If you need a bit more help please explain in more depth because it's slightly confusing what you wrote above.

Mike
0
 

Author Comment

by:craigleenz
ID: 41861530
thanks Mike T, Basically our client is wanting to bill bussiness units for the amount of assets (IE: workstations/laptops/tablets) etc they own
0
 
LVL 18

Expert Comment

by:Mike T
ID: 41863193
Hi,

OK, that's simple enough. You need to run hardware inventory and can then use one of the inbuilt reports to show the machine headcount. By default inventory (aka HWInv) runs every 7 days. For charging usage of PCs that's probably too long, so you will need to increase the inventory frequency. Do this by creating a new custom Client Settings policy, add Inventory and set the frequency to daily. This will be fine, network wise, as new scans are only deltas. You can make it more often than that if you really want to, but daily ought to be fine.

Mike
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 

Author Comment

by:craigleenz
ID: 41863199
Thanks Mike, the issue now is identifying where these assets are in the environment at present?
Workstations are built, but we have no control whose desk they actually end up on
0
 
LVL 18

Accepted Solution

by:
Mike T earned 2000 total points (awarded by participants)
ID: 41863533
Hi - that's a far bigger problem and strictly outside of SCCM control! The only way to physically trace machines is by network port. This would then mean tracking MAC addresses and comparing what appears on each switch and knowing the switch 5, port 4 means Floor 2, desk 37.

Either that, or have someone walk around with a clipboard every day. I've seen that happen and am now observing the network method. SCCM can help with gathering the MAC addresses I guess but that's where it ends.
0
 
LVL 18

Expert Comment

by:Mike T
ID: 41892670
This problem is only partially solvable by IT. It's more a physical issue that requires asset management.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question