Patch Compliance Reporting Solution
Purpose
To provide clients with professional-looking patch management reports that they can confidently trust. These reports are based entirely on the cumulative update solution and a custom table.
Reports Included
| Content | Type | Function |
|---|---|---|
| Report - Patch Compliance - CU Audit - All Machines | Report | Displays a comprehensive summary of all machines at a specific client and their respective patch status. |
| Report - Patch Compliance - CU Audit - Servers | Report | Displays a comprehensive summary of all servers at a specific client and their respective patch status. |
| Report - Patch Compliance - CU Audit - Workstations | Report | Displays a comprehensive summary of all workstations at a specific client and their respective patch status. |
Associated Content
Automate Content
| Content | Type | Function |
|---|---|---|
| Script - Create Views for Patch Compliance Report | Script | This script creates all the necessary items in the database to ensure the Patch Compliance Reporting Solution functions correctly. |
Additional Content
| Content | Type | Function |
|---|---|---|
| Patch Compliance Reporting SQL Import Attachment | Document | Implementation instructions on how to import these patch compliance reports into a partner's environment. |
Dependencies
These reports are dependent on the following items:
- Report Center being installed and configured
- Script - Create Views for Patch Compliance Report
- Solution - Latest Installed Cumulative Update
Implementation
-
Ensure the Solution - Latest Installed Cumulative Update is imported and up to date in the environment. The audit script must be running regularly for this report to show accurate data.
-
Import the following script from the ProSync Plugin:
-
Run the Script - Create Views for Patch Compliance Report on any machine to create the views necessary for this solution. After running the script once, it can be deleted from the environment.
-
Follow the instructions outlined in the Patch Compliance Reporting SQL Import Attachment document to import the reports into the report center.
-
Reload the system cache:
-
After the reports have been imported, they can be viewed instantly by going into the Report Center --> Report List --> View the reports mentioned in this document:
To view them from the Right-Click menu (Reports --> Health --> Patch Compliance - CU Audit - XXXX), the control center must be restarted before they become visible. If the partner does not need to access them right away, this is typically not an issue.
FAQ
Q: How is the data calculated on these reports?
A: Each machine is given a compliance score depending on how far out of date the machine is or if it is EOL. The criteria are outlined below:
- Current (Up-to-date) machines: These are machines that have a cumulative update installed that is less than 45 days old. These are given a 100% compliance score.
- Warning (Nearing out-of-date) machines: These are machines that have a cumulative update installed that is between 45–90 days old. These are given a 75% compliance score.
- Error (Out-of-date) machines: These are machines that are between 90–120 days old. These are given a 25% compliance score.
- Error (Extremely Out-of-date) machines: These are machines that are greater than 120 days since the last cumulative update was installed. These are given a 10% compliance score.
- EOL machines are given a 0% compliance score.
At the end, all the machines are totaled and averaged to get the main percentage on the front page.
Q: I am seeing one of my machines reporting a very high age since the last cumulative update has been installed. Where should I start troubleshooting?
A: I have outlined some steps that can be taken to troubleshoot why you may be seeing out-of-date machines:
- Open the Computer Management screen of the affected device --> Navigate to the Patching screen --> Look for the latest month's cumulative update.
- If you cannot find the latest cumulative update, try running the Script - Patch Manager - WUA Settings Validation and scan for patches again. If that does not work, further troubleshooting will need to happen manually on the machine.
- If the latest cumulative update is visible, look for any failure messages on that main screen or when selecting the Patch Job tab.
- If there are no job logs, there is likely a configuration issue with the assigned patch policy that must be investigated.
- If you see a failure during the maintenance window, investigate the mentioned error code.
- If you still do not see any issues reported, open Patch Manager (Automation --> Patch Manager) --> Click the monitor icon at the top left to access the device screen --> Find the machine in question and select it --> You should see patch information populate at the bottom --> Select the Patch History tab and look for any failures with the latest cumulative update.
- Investigate any failures.
- You can also view the Groups tab to confirm the setup of the patch policy if you need to validate that.
Q: I've tried everything and I can't get the latest cumulative update to install. Manual installation from the Microsoft Update Catalog does not work, repair scripts do nothing, and Windows Update consistently fails. What can I try next?
A: If this is a workstation, you can try to update to the latest feature update or even a preview build of a feature update. Typically, feature updates consist of a full OS reload while saving data, which can often fix these types of issues.
- If all else fails, an OS upgrade from Windows 10 to 11 may work, but if it is already on Windows 11, you must perform a reload of the machine to get patching to function.
- If this is a server, I do not have many additional things to try other than upgrading/reloading the server.
Q: What does it mean when a machine has 'No Audit Information' provided?
A: The cumulative update data is audited from the Solution - Latest Installed Cumulative Update should be running against all agents every 7 days. If you see machines in this list, they are most likely offline frequently. If not, you can try running the script manually against the machine and report any errors to ProVal Technologies for further investigation.
Potential Problems
If you see the following error when opening one of the reports, it means at least one of the views or the custom table is missing and cannot be referenced. If they are all present, verify that you have full permissions to the table and views.
