The interest for Software Updates went from close to zero to a hundred over a weekend and suddenly you have managers demanding status reports on how well their're department are patched against WannaCry.
Normally when i create reports I use them myself for some time (sometimes months or years if i forget about it) to work out all most of the bugs before i release them.
Since this was a time sensitive issiue I published this report within hours after creating it. Fortunately it turned out to work fine, only some small issues with the Baseline CAB file not wanting to import on older systemens.
On Monday i started to create a report to find out if computers where patched or not.
First discovery was that "MS-17-010" was long gone and have been replaced by an bunch of new patches. (Think the list ending containing 27 patches, not including Vista, 2003 and XP)
I first tried to use the Software Update DB in Configmgr to find out if computers where patched or not, but ran into problems with supersedence and updates expiring. Basically when a update expires there is no way to tell if a computer have installed it or not, they will report "Update not Required" regardless if they had it installed or not.
The report sort of worked if you didn't expire the update immediately when they are superseded, but i decided to use Configuration Baseline and wrote a quick CI to check the if one of the patches where registered in win32_quickfixengineering or build number was higher than 15063(Creators Update)
Modifed the report to check the Baseline instead of Software Update Compliance and that seems to work perfectly.
Another good approach would have been to enable inventory of "win32_quickfixengineering" and use that.
I could also have included a CI for "SMBv1" in the Baseline to verify that the machines have it disabled.
Since May 17 is a holiday in Norway we still have a quite a few machines that haven't been checked yet.
have been running for a couple of days now and our compliance looks good.
|WannaCry Patch Compliance Report for one of our collections.|