I ran a system supporting 3000 endpoints over half of which were very remote users and sites. We therefore ran a very typical patch rollout process - we released to a small test group, then to local systems, then to remote systems and finally to business critical systems. This helped minimise issues and enabled us to react quickly if when we did find them.
For each master patch policy I needed to know for the current list of targets (test, + phase 1, + phase 2, + phase 3) what the roll out status was, which had been received and delivered, which installed, which failed and the error message. I ended up writing a report that provided this, though it was quite difficult due to the structure of the sub policies and tables involved.
In the end I could select a particular patch policy and which status I wanted to look (fail, success, all, etc.) and it would give me the current status report. for each computer and each relevant patch package currently targeted by that policy.
It was the only way I could see of successfully monitoring the roll out process. Unfortunately I no longer have access to that report!
Original Message:
Sent: Apr 05, 2024 06:41 PM
From: Ma
Subject: Report that Shows Status of Installed Patches on Targeted Computers
Sorry for the vague title.
I've been pushing out different patches (i.e. Chrome) and I recently received information from others that these patches haven't been pushed to all the targeted computers. I'm looking at the Windows Software Update Delivery report (Software -> Patch Management -> Remediation Status) and noticed that some of the previous patches that I did isn't on this report, while other patches don't show at all. Is this the correct report that I should look at to see if a patch has been installed? If it is the correct report, how long does it keep the historical data about patches that was pushed out? If it isn't is there one that can show which patches have been installed on targeted computers?