Configuration Manager’s Automatic Deployment Rules are the ‘killer app’ that makes the product one of the most powerful tools for software updates. However, with that power and flexibility comes complexity that can be daunting for the uninitiated. In this post I try to brain-dump the lessons I had to learn when coming up to speed in the hope that it might help others.
When looking to prove that Configuration Manager was actually patching devices I quickly found the built-in reports lacking. I looked at existing solutions but I wanted something just stupidly simple that I could send to management and be informative at that level. At the same time I wanted to be able to drill-down so that administrators could identify and resolve any issues. Here’s what I came up with … let me know what you think in the comments section.
There’s lots of ways to define compliance but if/when you move to the cumulative update model the biggest question is simply: do I have the latest cumulative update applied. You’d think that’d be easy to report on but it gets messy quickly. Here I’ve released my first shot at it.
It has not been a good year for hardware manufacturers or the companies that slap parts together to create end-user devices. Apparently when they write drivers the put safety first and security was somewhere on the second page. Here’s how I’ve been trying to handle this. If you have a better way, I’d love to hear it.