Windows Patching Report

Am trying to get a dashbaord together to report on Windows Patching compliance to see if there are any security updates that we may/may not have/missing.

Is there a way of getting this information using SquaredUp?

What tool do you use to manage your patching?

The crux is you can either utilize the existing SCOM Discoveries for Windows Operating System which can show you the version installed:

Or you can utilize SquaredUp’s integrations to pull the data from the tool that manages your patching, depending on what that tool allows you to pull out.

Thanks for the quick response. Is there any way of seeing this at a higher level?

As an example our set of SQL databases servers we can see which are not compliant with the latest patched version of SQL and highlights it as “Product Version Compliance”.

I am trying to find something similar with Windows patching, to ensure we have the latest KBs installed and which servers could be missing that.

Absolutely - You can use the Matrix tile to show a list of objects and their properties.

Scope to the class that the properties are discovered for:

Or for SQL, you may want to choose the MSSQL on Windows: DB Engine class (if your using the version agnostic MPs):

And then utilize the properties in the json, as per this article:

You’ll need to drilldown into the objects you’ve scoped in, then view Monitored Entity to gain the property names.

Example for the OsVersion property:

[ { "_type": "celltile/status", "config": { "display": { "cellWidth": "30%", "labelTemplate": "{{properties.principalName}}" } }, "title": "Status" }, { "title": "OS Version", "_type": "celltile/text", "config": { "display": { "contentTemplate": "{{properties.osVersion}}" } } } ]

The properties need to be added in camelCase.

Thanks for that, really useful.

So with the SQL Patching compliance it says SQL version is X when it should be Y with Y being the most recent.

Does the Windows Compliance Patching have anything similar.

For example, running the JSON I can now see that Server version is X which is great but when new patches come out each month, we want to ensure the servers are then flagged as not the latest.

Basically does SquaredUp/SCCM offer a similar process to the way SQL compliance is done?

SquaredUp is only ever the visualization on top of what SCOM collects. You can build monitors to detect when a version does not match the latest version available. This requires an amount of SCOM authoring.

You can, however, do some simple custom labels on the matrix tile to highlight when something does not match the expected result.

KB for custom labels:

And some examples here:

SCCM should give you reporting for this, though it’s not my area of expertise. You can use the same SQL queries or PowerShell tiles to visualize the information using SquaredUp integrations.