There is a sister report that provides the compliance of each Computer, rather than by each Fixlet.
Important! Always choose “All Computers” for the Computer Group drop list. That is fastest even for thousands of computers. Filtering by other options will slow the report significantly.
Installation:
Download the zip file ext-3.2.0-computercompliance16-asset12-fixletcompliance11.zip
Unzip to the BigFix Web Reports root directory, for example “C:\Program Files\BigFix Enterprise\BES Server\BESReportsServer\wwwroot”.
You should have a \wwwroot\ext-3.2.0 directory.
If the \ext-3.2.0 directory already exists, the easiest is to rename it first.
Create the report by going to the Reports link/tab in Web Reports.
Scroll to the bottom to find button “Import Report”
Browse to the Fixlet Compliance by Content v1.1.beswrpt
report file in the \ext-3.2.0 directory
It is in an XML format
Requirements:
The report works in both Web Reports version 7.2 and 8.0.
The charts require Flash Player 9.0 or above.
The export to Excel function requires Firefox.
Bug Fixes/Enhancements:
2010-08-05 v1.1 Added line 49 in compliance_by_fixlet.js that allows different treatment for computers with 0 applicable Computers
The Content droplist will retrieve all baseslines and sites available to the login Web Report user.
There are a few pre-defined selections:
All Microsoft Critical Fixlets
All Patches for Windows (English) critical Fixlets, excluding corrupted or superseded patches.
Microsoft Patches (Current Period)
Automatically calculates the Fixlets published from the Patch Tuesday to the Monday before the next period. Excludes all corrupted or superseded patches.
Microsoft Patches (Previous Periods)
Same as above but for 2 previous periods.
Custom Relevance Expression - Provides a free form entry to specify a Session Relevance that returns a list of Fixlet objects.
For example,
bes fixlets whose (name of it as lowercase starts with “ms09-065”)
This will return all Fixlets with names starting with MS09-065.
Computer Group Droplist Filter:
The Computer Group droplist will retrieve all computer groups available to the login Web Report user.
There are 2 few pre-defined selections:
All Computer
Straight forward retrieval of all computers. It is not a good idea to use this if there are too many computers. Always try with a smaller subset.
All Windows Computers
All computers with that has “win” in the operating system name.
Custom Relevance Expression - Provides a free form entry to specify a Session Relevance that returns a list of Computer objects.
For example,
bes computers whose (now - last report time of it < 7*day)
This will return all computers who have reported within the last week.
Compliance Grid:
The Compliance grid displays individual computer compliance status against all the Fixlets selected.
Meanings for the various columns:
Applicable
All the Computers that became relevant for this Fixlet at some point. Let’s assume that a new Fixlet is added to the BigFix system, note that Applicable will be zero because no Computers would have been evaluated as relevant. So the applicable count shows only results after the installation of the BigFix agent. Installed + Outstanding = Applicable.
Installed
Any Computers first detected as relevant, which are now remediated.
Outstanding
Computers that are still relevant.
Compliance
This percentage output is calculated with formula (Installed / Applicable) * 100.
The Export to Excel function uses a newer browser feature call Data URL. Unfortunately, the support across browsers is not consistent, and as this is written, it only works with FireFox or Safari.
Although the grid does paging, this is only a Client Side feature rather than true paging from the Server.
Some quick testing raised a question. We ran through the Current Period patches against a small test group of workstations. We noticed a patch (MS10-024) that applies only to MS Exchange which showed some weird “compliance” results.
I have updated the report to behave the same way as the other compliance report, which is to use “-” to indicate non-applicable for Fixlets that have no applicable computers.
Some people prefers 0 applicable to be 0% compliant.
Some people prefers 0 applicable to be considered 100% compliant.
I have added a variable in the report so that you can switch the behavior if desired.
Change line 49 in the JavaScript file compliance_by_fixlet.js to one of the following values:
The easiest way is to click on the Fixlet name or group of Fixlets (when grouped by MS bulletin) to get the details.
The details will include the download size.
The challenge that I have is that when the Fixlets are grouped by MS bulletin numbers, the download size will probably have to be a sum of all the Fixlets, and additional processing is required.
I have updated the report to behave the same way as the other compliance report, which is to use “-” to indicate non-applicable for Fixlets that have no applicable computers. Also incorporated the additional Content (Fixlet) filters created by Mark Macherey to the report. Thank you Mark for sharing.
how can we add patch size in detail tab of Fixlet compliance by content version1.1 ?
Lee, we are seeing some very strange behavior with this report. We updated to the latest version and are still seeing the problem. I don’t believe we have the issue before we updated to BigFix 8. The problem that we are seeing has to do with the Applicable and Installed columns. The values are way out of whack now. For instance we are seeing 2183 applicable and 2159 installed. Without going into details here, we don’t have that many clients. In the past, I thought those numbers were very reflective of actual client counts (assuming the patch applied to all our clients). Can you confirm?
when running this report i get Important Information Loading… in the edit source box. This remains there and never changes. any help would be appreciated. Thanks
Was wondering if it was possible to pass a last report time variable in the report. Example: Only display results for machines that have checked in within the last 7 days. This is helpful as it minimizes the confussion when presenting the data to audit and secuirty teams.