What kind of report setup do you guys use when reporting on deployed patches?

Insofar as our patching strategy, what I have set up in the environment right now is as follows:

A daily detect job finds all missing patches, emails a report to the tech responsible for patching during that cycle.
A deployment job deploys all missing patches.
A post-deployment detect job finds all missing patches, emails a report to the tech.

The tech then has to manually compare the two, because the report in question cannot filter for a given patch label.  The way the report filters are set up are as follows:
  • Label Names = "* Servers - All (SL)"
  • Detect Status = "NOTPATCHED"
  • Label Names = "* 2016-08 Server Patches (2)"
This report is a duplicate of the pre-packaged "For a group of devices, what patches are installed" report, with the exception of changing the variables in the first two fields and adding the third, yet it does not work.

What I get is a report that shows ALL patches missing.  The "* 2016-08 Server Patches (2)" label contains a static group of patches that we manually approved, and only shows critical patches (we don't apply the "important" ones), yet the report shows every missing patch; both critical and important.

Has anyone found a workaround for this?  Or is anyone else not experiencing this same issue?

Alternately, is there a way to show patch severity in the report?
0 Comments   [ - ] Hide Comments


Please log in to comment

There are no answers at this time
Answer this question or Comment on this question for clarity