I created this report to replace several other reports that i force feed our site admins on a weekly basis:-)
The report is designed to be an e-mail report, sent out once a week that gives them a quick overview of whats going on at their site(collection).
This report have 3 sections ,Computer Details(OS,Model and Inactive Clients), Endpoint Protection and Windows Update.
I decided to focus on these 3 tings in the first version of this report. There are probably hundred of other things i could have put in the report that would have been useful ,but can't have everything in one report.
 |
| Collection Summary Report |
(Right Click the Collection --> Properties -->Alerts Tab --View this Collection in the Endpoint Protection Dashboard)
The report is divided in 3 sections ,Computers ,Endpoint Protection and Windows Update.
Computers:
The OS and Model chart should be pretty self explanatory ,but on the boxes on the right is meant to give some information on how many of the clients are inactive.
Endpoint Protection
The two graphs show Antivirus pattern age and Engine version.
The list in the middle give a quick count of malware detected in the collection the last 14 days.
The boxes on the right shows summarized endpoint data ,how many endpoint clients in collection ,how many inactive clients and how many clients that are "at risk".
You can click the plus sign in the At Risk box to show a list of clients and whats wrong with them.
Windows Update
Windows Update shows you Compliant vs Non-Compliant pie chart and a Last scan graph. while the boxes on the right shows deployment and scan errors.
The Deployment and Scan Error Boxes can be clicked to bring up a details list ,giving some info on the problem.
There's a tool-tip on the error codes that tries to resolve the error code.
The query for the Compliant vs Non-Compliant might not be what you expect it to be ,it's tuned to show what the site admins should worry about.
If you look at the where statement bellow I'll explain the reasoning behind this query.
- We only look at the status "need update" ,if a client haven't evaluated an update yet and don't know if it needs it or not(unknown state) we just assume it'll be OK.
- We only look at updates with severity of "low" or higher ,unclassified updates don't count:-)
- We only look at deployed updates. If I haven't deployed the update they don't need to worry about it.
- We don't care about expired and superseded updates!
- We don't count update newer that 14 days ,giving the us a "graceperiod" where the clients can install the update before they're considered non-compliant.
WHERE a.status = 2 AND b.severity >= 2
AND b.daterevised < dateadd(day,-14,getdate())
AND b.isDeployed = 1 AND b.isExpired = 0 AND b.isSuperseded = 0
This can be tweaked to match your SLA.
If you don't have an SLA just ask yourself this ,how long after you've deployed an update before you expect that all clients have it installed. if the answer is 30 days ,set the grace-period to 30 days:-)
If you don't have an SLA just ask yourself this ,how long after you've deployed an update before you expect that all clients have it installed. if the answer is 30 days ,set the grace-period to 30 days:-)
The Grace-period and minimum Severity is easily changed in the report. The if you need to change the other things you have to edit the query.
If you don't like the Grace-period concept,just set it to zero:-)
