Updated Updated Server Inventory Report

Several months ago I posted a server inventory report. During a recent true-up, we discovered that some of the servers were reporting twice the number of processors!!! Not a good thing with SQL servers. The issue is turns out is Hyper Threading. If it’s enabled you’ll see twice the number of CPUs. The current quick fix is to add a column indicating if Hyper Threading is enabled.

If your HW Inventory, under Processor, simply check “Is Hyperthread Enabled”. When inventories start coming in, they will report back a 1 (enabled) or 0 (disabled or N/A) in the PROCESSOR_DATA table and v_GS_Processor view.

For reporting, I used:
ISNULL(v_GS_Processor.IsHyperThreadEnabled0, 39909) AS ‘Hyper Threaded’

This way, if an inventory hasn’t come in on a device it 1) won’t error out the report, and 2) reports 39909 which is my l33t type for “ERROR”. It’s a good way to get the server folks to tell me when their SCCM Clients are broken…

Don’t Forget about 3rd Party Apps

One of the things I like to do when I’m working a compliance assessment is put up some custom reports. I have a few that are slowly getting up here. Here’s an good example of a new environment that I’m looking at using my 3rd Party report.

This particular organization does a pretty good job, but there are about 50 systems that are not up to date, and that works out to 2% of systems not patched or 98% compliant. Sounds pretty good, yeah? Nope.

In my book 50 undocumented vulnerabilities is 50 to many. Sometimes there are good reasons that the latest software isn’t installed on a system; application compatibility being the biggest. The organization should have someone that knows 1) What needs to be installed 2) What isn’t up to speed and 3) Why it’s not up to speed. The first thing I always as is ‘Why doesn’t box X up to date on Software Y’, and I usually get blank looks like ‘how am I supposed to know what box X is or what it’s status is?’.  Or ‘Patch Y, wow that’s old I quit looking at it.’

And that is usually where I point my findings.  Not at the 2% non-compliance, but at the processes which allow non-compliance to continue for far too long.

TopicType & StateID from v_StateNames for my reference

This is a reference table from v_StateNames, click the header for the table.

(more…)

Improved SCCM 2012 SRSS Microsoft Updates Compliance Report

Updated 13 Nov.

So I still wasn’t happy with the last compliance report I created.  I wanted something that I didn’t have to bounce around to a lot of screens in, but still gave me a solid summary which was easily filtered just to the machine or set of machines I wanted.  For a summary I’m just interested in a broad compliance figure, but I want to b able to drill down for additional information.  I also want it to show me missing patches even if they aren’t approved, this way I can catch anything I’ve missed and also review missing updates to see if we need them.

So the first step was to generate the summary for a specific machine.  I got most of this code from Garth Jones,  he’s a wizard when it comes to queries so if I’m looking for something he’s usually my first stop.

(more…)

SCCM 2012 Client Troubleshooting

In an earlier post I put up a script to re-install the SCCM client and rebuild the repository.  Sometimes the problem is a little bit deeper.  Here is a sticky dump of all the problems / solutions that I have come across.

NOTE: I can’t guarentee these will work in your environment, or even break stuff.  But from my experience this has all been successful for me.

(more…)