IT Management Suite

Hi,

I have a requirement where I want to analyse patch compliance differently for my servers to my client endpoints. On my endpoints I want to analyse for a wide range of MS products as well as the OS. but for my servers I just want to analyse for the OS. Given the first need I have selected all the MS products I have and want to analyse against  in the PMimport list for my clients, but these also then get used when I am scanning my servers and give me non compliance on my servers for products and applications that I'm not interested in. 

So how do I set up to scan for a different set of MS Products for my servers than my clients or.....
How do i set up my reporting so that I exclude those MS Products that I don't to report on when reporting on my servers?

Any advice?

------------------------------
Hannah
------------------------------

Hi,

It is not possible to scan for a different set of products on servers and client endpoints using a single Notification Server.  There is a single data file for each Notification Server constructed from the metadata that has been downloaded to that Notification Server..

If I understand your scenario correctly, it's really not important what gets scanned for on each computer.  The desire is to calculate compliance for servers and endpoints based on a different set of products..  In theory, that can be accomplished by filtering the products included in the compliance calculation, regardless of which products were scanned for on each computer.  There is really no "harm" in scanning for non-essential products on computers because the scan does not have a significant impact on performance.

You could presumably get the data you desire by developing a custom report and adding conditions to your SQL to limit the products included in the compliance calculation.  However, that may not be very convenient.

We are working on an enhancement for the next release of ITMS that will enable the compliance by computer report to be filtered based on severity level.  I believe that enhancement will enable the report to be filtered by Custom Severity.  If that's the case. you may be able to assign Custom Severity levels to individual bulletins indicating whether it applies to Servers, Endpoints, or Servers and Endpoints.  While not as convenient as being able to filter by product, it seems like it could be a viable workaround.

Original Message:
Sent: Jul 11, 2022 09:31 AM
From: Hannah Massie
Subject: Reporting Patch compliance differently for servers and endpoints

Hi,

I have a requirement where I want to analyse patch compliance differently for my servers to my client endpoints. On my endpoints I want to analyse for a wide range of MS products as well as the OS. but for my servers I just want to analyse for the OS. Given the first need I have selected all the MS products I have and want to analyse against  in the PMimport list for my clients, but these also then get used when I am scanning my servers and give me non compliance on my servers for products and applications that I'm not interested in.

So how do I set up to scan for a different set of MS Products for my servers than my clients or.....
How do i set up my reporting so that I exclude those MS Products that I don't to report on when reporting on my servers?

Any advice?

------------------------------
Hannah
------------------------------

HI Mike, 

Thanks for the reply and I kinda knew the answer. The question arose from differences in reports from Windows Update and Altiris. As you say its not what you scan thats so important - but what you report. I put this up here just in case someone had been smart enough to do the report filtering already they were willing to share

I already have created reports that provide filtering by severity. 

Hannah
Original Message:
Sent: Jul 14, 2022 01:42 PM
From: Mike Grueber
Subject: Reporting Patch compliance differently for servers and endpoints

Hi,

It is not possible to scan for a different set of products on servers and client endpoints using a single Notification Server.  There is a single data file for each Notification Server constructed from the metadata that has been downloaded to that Notification Server..

If I understand your scenario correctly, it's really not important what gets scanned for on each computer.  The desire is to calculate compliance for servers and endpoints based on a different set of products..  In theory, that can be accomplished by filtering the products included in the compliance calculation, regardless of which products were scanned for on each computer.  There is really no "harm" in scanning for non-essential products on computers because the scan does not have a significant impact on performance.

You could presumably get the data you desire by developing a custom report and adding conditions to your SQL to limit the products included in the compliance calculation.  However, that may not be very convenient.

We are working on an enhancement for the next release of ITMS that will enable the compliance by computer report to be filtered based on severity level.  I believe that enhancement will enable the report to be filtered by Custom Severity.  If that's the case. you may be able to assign Custom Severity levels to individual bulletins indicating whether it applies to Servers, Endpoints, or Servers and Endpoints.  While not as convenient as being able to filter by product, it seems like it could be a viable workaround.

Original Message:
Sent: Jul 11, 2022 09:31 AM
From: Hannah Massie
Subject: Reporting Patch compliance differently for servers and endpoints

Hi,

I have a requirement where I want to analyse patch compliance differently for my servers to my client endpoints. On my endpoints I want to analyse for a wide range of MS products as well as the OS. but for my servers I just want to analyse for the OS. Given the first need I have selected all the MS products I have and want to analyse against  in the PMimport list for my clients, but these also then get used when I am scanning my servers and give me non compliance on my servers for products and applications that I'm not interested in.

So how do I set up to scan for a different set of MS Products for my servers than my clients or.....
How do i set up my reporting so that I exclude those MS Products that I don't to report on when reporting on my servers?

Any advice?

------------------------------
Hannah
------------------------------