Report on what machines a Patch is applied

Can someone help me figure out how I can report on a single or multiple patches in a way that shows the total number of devices that it has been applied to and missing? My question is different from whether or not a patch is applicable because it would no longer show as applicable after it’s applied. This is something that audit is requesting and I’m not able to find a way to produce this report for them.

For example, if Microsoft released an IE patch in September and now it’s November and I have 1000 Windows machines that BF manages, I’d like to see how many devices have had the patch applied and how many are outstanding.

Thanks,
Ankit

I’m not sure I understand how this question is necessarily different than whether or not a Fixlet that was applicable, is no longer applicable after its patch has been applied. Here’s a sample content report that I believe returns the data in question:

Note that you can add the ‘Applicable Computer Count’ and ‘Remediated Computer Count’ by selecting them in ‘Edit Columns’.

You can also drill down further into a specific Fixlet to see the actual machines that still need a given patch as well as those that have been remediated rather than just a count.

One comment I would add, is that you should enable a Client Setting if you wish for the client to continue evaluated older superseded content. See the thread at Supersedence handling change for Windows Patches

Otherwise, last month’s rollup packages will appear to be remediated even if the patches are not installed, due to the way a client will mark the update as non-relevant when the fixlet is marked as superseded.

Without evaluating superseded content, you cannot determine how far back the client is unpatched, only that it is missing the latest month’s (non-superseded) content.

1 Like

Thank you! That is helpful

This was exactly what we needed. I thought I replied to your post already but just saw I didn’t! Sorry!

1 Like