Discussion:
wsus 3.0 sp2 reports
(too old to reply)
Special Access
2010-05-04 00:57:27 UTC
Permalink
Raw Message
I was reading online today and found a way to create a custom view for
updates, which gives me what "approved" updates are needed by what
computers. (approved with or without inheritance)
Thank you, Lawrence... your instructions are perfect, easy to follow
and (even for me) worked first time out.

Is there a way (without using the API) to get a repot that shows what
computers need what updates? I can (and have) exported the above
report into Excel and manipulated it but I know that will become very
time consuming.

The WSUS admin only approves the individual group for the patch that
is required (servers, workstations, x64, wsus, sql are examples of our
groups), so the "all-approved" built-in report doesn't seem to work
well. What I found online earlier today on the custom update filter
view was great, and I was hoping the computer groups had something
similar...

Mike
Lawrence Garvin [MVP]
2010-05-04 13:45:13 UTC
Permalink
Raw Message
Post by Special Access
Is there a way (without using the API) to get a repot that shows what
computers need what updates?
All of the standard WSUS reports show what updates are needed by each of the
computers selected for the report.

Perhaps I'm misunderstanding the question?
--
Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2010)

My Blog: http://onsitechsolutions.spaces.live.com
Microsoft WSUS Website: http://www.microsoft.com/wsus
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
Special Access
2010-05-05 01:42:31 UTC
Permalink
Raw Message
On Tue, 4 May 2010 08:45:13 -0500, "Lawrence Garvin [MVP]"
Post by Lawrence Garvin [MVP]
Post by Special Access
Is there a way (without using the API) to get a repot that shows what
computers need what updates?
All of the standard WSUS reports show what updates are needed by each of the
computers selected for the report.
Perhaps I'm misunderstanding the question?
My fault... further explanation:
The reports do show all "needed" updates, but not just the "approved"
updates. I work for a gov't contractor and we are only allowed to
install patches from MS if they are also an IAVx. This means they
don't always install every "needed" update, only those that are also
IAVx. Goes against my thinking, as I don't believe that MS will take
out those non-IAVx patches when they make the next service pack, but
that decision is made WAY above my pay level.

This means the custom view I now have, thanks to your instructions,
shows me only those "approved" patches with the computers that need
them. What would be helpful would be a report that showed the
computers that need the "approved" updates. Otherwise I have to take
the custom report, export it and manipulate it in Exel (not that I
haven't already done that but...) And one of the labs is
"configuration controlled", meaning I have to document each and every
*anything* that gets installed (exception is AV definition updates) on
the computer, so that report in the form of "this computer needs these
approved patches" would be perfect.

Mike
Harry Johnston [MVP]
2010-05-05 05:12:07 UTC
Permalink
Raw Message
Post by Special Access
The reports do show all "needed" updates, but not just the "approved"
updates. [...]
If you go to the Reports view, you should see "Update Tabular Status for
Approved Updates" and "Computer Tabular Status for Approved Updates". These
should do exactly what you want.

These options also allow you to generate summary and detailed reports if tabular
doesn't suit you, you can change the report type before running it.

Of course, these reports won't help you if a security update has accidentally
been left unapproved, but you knew that already. :-)

Harry.
--
Harry Johnston
http://harryjohnston.wordpress.com
Special Access
2010-05-06 01:46:22 UTC
Permalink
Raw Message
On Wed, 05 May 2010 17:12:07 +1200, "Harry Johnston [MVP]"
Post by Harry Johnston [MVP]
Post by Special Access
The reports do show all "needed" updates, but not just the "approved"
updates. [...]
If you go to the Reports view, you should see "Update Tabular Status for
Approved Updates" and "Computer Tabular Status for Approved Updates". These
should do exactly what you want.
These options also allow you to generate summary and detailed reports if tabular
doesn't suit you, you can change the report type before running it.
Of course, these reports won't help you if a security update has accidentally
been left unapproved, but you knew that already. :-)
Harry.
Tried those, Harry. They seem to only work if the "approval" has been
inherited from the top. If you have a single group approved for a
single patch (x64 server 2003 patch only approved for the x64 server
group, not for the workstation or x86 server group, for example) they
don't show in either of those reports. Or at least that has been my
experience with 3.0 sp2.....

Mike
Harry Johnston [MVP]
2010-05-06 05:46:09 UTC
Permalink
Raw Message
Post by Special Access
Post by Harry Johnston [MVP]
If you go to the Reports view, you should see "Update Tabular Status for
Approved Updates" and "Computer Tabular Status for Approved Updates". These
should do exactly what you want. [...]
Tried those, Harry. They seem to only work if the "approval" has been
inherited from the top. If you have a single group approved for a
single patch (x64 server 2003 patch only approved for the x64 server
group, not for the workstation or x86 server group, for example) they
don't show in either of those reports. Or at least that has been my
experience with 3.0 sp2.....
Ah. I hadn't quite realised this yet, but only the approvals (including
inherited approvals) on the specific group you select for the report are taken
into consideration. So if you generate a report for the All Computers group,
only updates that are approved for All Computers are included in the report.

In your situation, you would need to generate a separate report for each group.

Harry.
--
Harry Johnston
http://harryjohnston.wordpress.com
Special Access
2010-05-07 00:30:53 UTC
Permalink
Raw Message
On Thu, 06 May 2010 17:46:09 +1200, "Harry Johnston [MVP]"
Post by Harry Johnston [MVP]
Post by Special Access
Post by Harry Johnston [MVP]
If you go to the Reports view, you should see "Update Tabular Status for
Approved Updates" and "Computer Tabular Status for Approved Updates". These
should do exactly what you want. [...]
Tried those, Harry. They seem to only work if the "approval" has been
inherited from the top. If you have a single group approved for a
single patch (x64 server 2003 patch only approved for the x64 server
group, not for the workstation or x86 server group, for example) they
don't show in either of those reports. Or at least that has been my
experience with 3.0 sp2.....
Ah. I hadn't quite realised this yet, but only the approvals (including
inherited approvals) on the specific group you select for the report are taken
into consideration. So if you generate a report for the All Computers group,
only updates that are approved for All Computers are included in the report.
In your situation, you would need to generate a separate report for each group.
Harry.
I'll have to take another look at that as I thought we had tried each
group in addition to the "all computers" and had to sort to see the
"install" need versus the "not approved" need list. I have no problem
looking again, I have been proven incorrect before (smile)

Mike
Special Access
2010-05-12 00:07:48 UTC
Permalink
Raw Message
On Thu, 06 May 2010 17:46:09 +1200, "Harry Johnston [MVP]"
<***@scms.waikato.ac.nz> wrote:

<snip>
Post by Harry Johnston [MVP]
Ah. I hadn't quite realised this yet, but only the approvals (including
inherited approvals) on the specific group you select for the report are taken
into consideration. So if you generate a report for the All Computers group,
only updates that are approved for All Computers are included in the report.
In your situation, you would need to generate a separate report for each group.
Harry.
Harry, (and Lawrence)
This worked... seems they were always starting the report at the
"all computers" level. This gives me the information needed for the
management report. Now to get the only 3.0 sp1 server left upgraded
to sp2 and we can almost claim completion!

Thanks!!
Mike

Loading...