Patch Compliance report using custom groups

Environment

This report was created using LDMS 9.0 SP3 and still appears to be working in 9.5 SP1.

Description

The report was created as an executive report to show at a glance the compliance level of devices against all patches in specific custom groups.  Criteria is set to a device requiring less than 5 patches and will also show devices that have not scanned within the specified amount of days.

This guide assumes basic knowledge on using the reporting tool and SQL.  Please let me know if I've missed any critical steps of information so I can update the document.

Report setup

Dataset Query SQL Code- This code was created to suit our own AD OU structure and may need changes to suit your environment.  Also by no means an expert with SQL so probably better ways to do this.

SELECT REPLACE(sq1.HighOU,N'domain.com.au/',N'') AS HighOU, SUM(sq1.Compliant) AS CompliantCount, SUM(sq1.NotCompliant) AS NotCompliantCount, SUM(sq1.NotScanned) AS NotScannedCount

FROM

(SELECT  LEFT(c.ComputerLocation, (CHARINDEX(N'/',c.ComputerLocation) + CHARINDEX(N'/',RIGHT(c.ComputerLocation, (LEN(c.ComputerLocation) - CHARINDEX(N'/',c.ComputerLocation)))))) AS HighOU --This line is breaking it down to high level OUs

                    , c.Computer_Idn

                    , Compliant = CASE WHEN (SUM(COALESCE(sq2.Detected,0)) <= 5 AND (DATEADD(day,10,c.VALASTSCANDATE) > GETDATE())) THEN 1 ELSE 0 END --Compliant criteria

                    , NotScanned = CASE WHEN (DATEADD(day,10,c.VALASTSCANDATE) < GETDATE()) OR c.VALASTSCANDATE IS NULL THEN 1 ELSE 0 END --Not scanned criteria

                    , NotCompliant = CASE WHEN (SUM(COALESCE(sq2.Detected,0)) > 5 AND (DATEADD(day,10,c.VALASTSCANDATE) > GETDATE())) THEN 1 ELSE 0 END --Non-Compliant criteria

FROM Computer AS c LEFT OUTER JOIN

          (SELECT d.Computer_Idn, d.Detected FROM CVDetectedV AS d

                    LEFT OUTER JOIN CustomGroupVuln AS g ON d.Vulnerability_Idn = g.Member_Idn

          WHERE g.CustomGroup_Idn IN (2050,2054,2053) -- Custom groups to compare devices against.

) AS sq2 ON c.Computer_Idn = sq2.Computer_Idn

WHERE

(          c.ComputerLocation NOT LIKE N'%DEV%' --PUT OU / DOMAIN EXCLUSIONS HERE

          AND c.ComputerLocation NOT LIKE N'TRAINING%'

          AND c.ComputerLocation IS NOT NULL

          )

GROUP BY LEFT(c.ComputerLocation, (CHARINDEX(N'/',c.ComputerLocation) + CHARINDEX(N'/',RIGHT(c.ComputerLocation, (LEN(c.ComputerLocation) - CHARINDEX(N'/',c.ComputerLocation)))))), c.Computer_Idn,c.VALASTSCANDATE

) AS sq1

GROUP BY sq1.HighOU

ORDER BY sq1.HighOU

*****************************

SQL returns a table like so but obviously with the OU groups will say your respective OU structure:

LAYOUT

Chart Types

Data Series Values

Colour Palette

Table Values

Disclaimer

Created for our environment so will most likely need editing to suit different AD structures. Please read the LANDesk Share It Disclaimer