?
Solved

SCCM Reporting

Posted on 2016-10-24
6
Medium Priority
?
36 Views
Last Modified: 2016-11-18
Hey Folks, just a quick one, our client has asked us to identify a solution to categorise a PC e.g. assigned to one user, shared, etc to assist with deployment of security controls as per below:
• Improved asset security – if our client moves to a more highly mobile EUC fleet (i.e. mostly laptops / hybrid tablets) then the current method of asset management would not be adequate to ensure that our client can effectively control its assets.
• Improved group policy options – by ensuring that all our clients devices have a category defined (e.g. individual, shared – meeting room, shared – contact centre, shared – border etc), /our client would have the ability to apply group policy to specific category of devices.
is this possible using SCCM?
0
Comment
Question by:craigleenz
  • 4
  • 2
6 Comments
 
LVL 19

Expert Comment

by:Mike T
ID: 41858721
Hi,

This sounds more like a job for basic Group Policy and AD design. It certainly has nothing to do with SCCM reporting. Reporting can only tell you detail about a machine and what software or hardware it has.
You can also report on settings and fix them, which is by using Compliance.

This means for example you can check if the cache size is set to 10GB on machines that are in the "Graphic Designers" OU, and both report and fix it if not.

SCCM has nothing to do with Group Policy options by itself. It can report settings by looking at the registry keys, but no reporting is "live" - only giving a historic view.

If you need a bit more help please explain in more depth because it's slightly confusing what you wrote above.

Mike
0
 

Author Comment

by:craigleenz
ID: 41861530
thanks Mike T, Basically our client is wanting to bill bussiness units for the amount of assets (IE: workstations/laptops/tablets) etc they own
0
 
LVL 19

Expert Comment

by:Mike T
ID: 41863193
Hi,

OK, that's simple enough. You need to run hardware inventory and can then use one of the inbuilt reports to show the machine headcount. By default inventory (aka HWInv) runs every 7 days. For charging usage of PCs that's probably too long, so you will need to increase the inventory frequency. Do this by creating a new custom Client Settings policy, add Inventory and set the frequency to daily. This will be fine, network wise, as new scans are only deltas. You can make it more often than that if you really want to, but daily ought to be fine.

Mike
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 

Author Comment

by:craigleenz
ID: 41863199
Thanks Mike, the issue now is identifying where these assets are in the environment at present?
Workstations are built, but we have no control whose desk they actually end up on
0
 
LVL 19

Accepted Solution

by:
Mike T earned 2000 total points (awarded by participants)
ID: 41863533
Hi - that's a far bigger problem and strictly outside of SCCM control! The only way to physically trace machines is by network port. This would then mean tracking MAC addresses and comparing what appears on each switch and knowing the switch 5, port 4 means Floor 2, desk 37.

Either that, or have someone walk around with a clipboard every day. I've seen that happen and am now observing the network method. SCCM can help with gathering the MAC addresses I guess but that's where it ends.
0
 
LVL 19

Expert Comment

by:Mike T
ID: 41892670
This problem is only partially solvable by IT. It's more a physical issue that requires asset management.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question