Software update groups in Configmgr 2012 simplifies lot of administrative work ,which simply  contains list of updates (must be downloaded before you add any updates) merged to single deployment (can have multiple deployments for single software update group).

Coming to the subject line, It is necessary (during cleanup activity) to find software updates that are downloaded but not in any software update group (I said software update group but not deployment group ..there is little difference with these two).

If you want to get software updates that are downloaded but not in any deployment group ,you can refer Stephen blog here.

so how do I write SQL query here  ? I used sub-selected query to get the updates .

1) first get list of software updates that are downloaded and part of software update groups 

2) filter the software updates that are not in First query.

So here is the complete SQL Query for you:

If you are smart enough in SQL,you can use this SQL ,to create different reports like updates not member of particular software update group or list all updates from specific software update group etc.

select ui.Title, ui.ArticleID, ui.BulletinID,
case when ui.IsSuperseded=0 then 'No' else  'Yes' end as [IsSuperseded],
case when ui.IsExpired=0 then 'No' else  'Yes' end as [IsExpired]
FROM v_updateinfo ui
INNER JOIN V_UpdateContents uc ON uc.CI_ID=ui.CI_ID
WHERE ui.CI_ID NOT IN (SELECT upd.CI_ID from vSMS_CIRelation as cr
INNER JOIN fn_ListUpdateCIs(1033) upd ON upd.CI_ID = cr.ToCIID
INNER JOIN V_UpdateContents CC ON cc.CI_ID=upd.CI_ID
INNER JOIN v_AuthListInfo AL ON al.CI_ID =cr.FromCIID
where CC.ContentProvisioned='1')
AND uc.ContentProvisioned='1'
AND (ui.CIType_ID=1 OR ui.CIType_ID=8)
GROUP BY
ui.Title, ui.ArticleID, ui.BulletinID,ui.IsSuperseded,ui.IsExpired
order by 2

If you need further information about the Patch URL,Description etc,you can get it from view v_updateinfo.

In Configuration manager 2012,the update limit per update-deployment group has been increased (hard limit) to 1000 where was in Configmgr 2007,it was just 500 updates.More information about the hard limit and further questions ,worth reading the blog post by Kevin http://blogs.technet.com/b/server-cloud/archive/2012/02/20/managing-software-updates-in-configuration-manager-2012.aspx 

The hard limit is --the list of software updates what you see in software update group from Configmgr console but not how what is downloaded to the source path.(I figure this in below SQL query)

With above reference,the max hard limit that deployment group can contains only 1000 updates ( am sure, no one reaches there due its to package size and replication issue over to the DP’s) but how to I track this information ? check each software update group from Configmgr 2012 console to know its count ? and I cannot do this every time when needed .

Here is the SQL query (you can create nice SSRS Report as well ) .to get count of software updates from each SUP Group.

with the below SQL query (output) ,I see 2 different things 1) Software updates available in Deployment Group and 2) Downloaded updates from the software updates available in Deployment group.

Why there is count mismatch ? Very simple.A single software update can have 2 or more content information which you can see it from the software update properties.

For ex: Cumulative Security Update for Internet Explorer 11 for Windows 7 (KB3021952) will have 2 content information ,both are required to download for deployment to the source path.

SQL Query:

select AL.Title [SU Group], count(DISTINCT upd.CI_ID ) 'Software updates Count',
count(upd.CI_ID ) 'Content downloaded Count'
from vSMS_CIRelation as cr
INNER JOIN fn_ListUpdateCIs(1033) upd ON  upd.CI_ID = cr.ToCIID AND cr.RelationType = 1
INNER JOIN v_CIToContent CC ON cc.CI_ID=upd.CI_ID
INNER JOIN v_AuthListInfo AL ON al.CI_ID =cr.FromCIID
where CC.ContentDownloaded='1'
GROUP BY
AL.Title
ORDER BY 1

Happy checking  

Recently ,I have got a request from the business unit manager on the reboot of computers due to patch management (applicable to Applications as well) .The Custom client device setting ‘ Display temporary notification to the user ' (shown below) set with 480 minutes across the enterprise workstations but specific department (ex: Engineering), not happy with this setting  due to the nature of their business. So ,we have agreed to have custom reboot settings .

Creating Custom device settings and applying it onto collection is not that much difficult but the deal here is,creating a device collection using user department.

Once we have this collection,we can create device client settings and make sure this has higher priority over the other Client device settings that has similar setting applied to all workstations.The higher the priority (Low number is applied first than higher number) will be applied onto clients. You can also use resultant set of policies to check the client device settings for particular client from SCCM device collection.

How to create Device collection using Department attribute :

Before creating collection ,make sure you have department attribute added to the active Directory user discovery properties.

Device Collection:

Create new collection,select the limiting collection,edit the Query ,paste the following query .(change the department Name) .When you click Ok,you may get errors but just ignore them.Collection works good.

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,
SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,
SMS_R_SYSTEM.Client from SMS_R_System JOIN SMS_UserMachineRelationship ON SMS_R_System.Name=SMS_UserMachineRelationship.ResourceName
JOIN SMS_R_User ON SMS_UserMachineRelationship.UniqueUserName = SMS_R_User.UniqueUserName
WHERE   SMS_UserMachineRelationship.Types=1 AND SMS_R_User.department0 like "Engineering"

Being as SCCM Configmgr administrator,your primary aspect is to maintain health of your sccm clients for application deployment,software updates,inventory etc. Questions often come up in forums ,email list asking for ,list of computers not contacted the server since X days (25) or how do I know the clients who’s policy request is old or days since last communication is more than X days older.

From the Configmgr Console,we can see the client activity like policy request,heartbeat DDR,hardware scan ,Management point etc as shown in below picture.

How do I present this information into SSRS report for further troubleshooting ? Creating report ,exporting results and working /troubleshooting clients who’s communication is older than x days would be easier.

The client activity information is stored in view called vWorkstationStatus in SQL DB.So I use this view to join with collection views to get desired results.

I have SQL Query to retrieve this information but not in SSRS Report. I usually run the SQL Query in SQL Management studio but I thought of creating SSRS report to get this information against specific collection.

Below is SQL query ,if you want to create powershell grid view. (This query is filtered to get clients if LastPolicyRequest request is more than 25 days and collection).

SELECT ws.Name, ws.UserName,ws.LastMPServerName,
CONVERT ( varchar (26) , ws.CreationDate , 100) CreationDate,
CONVERT ( varchar (26) , ws.LastDDR , 100) LastDDR,
CONVERT ( varchar (26) , ws.LastPolicyRequest,100) LastPolicyRequest,
CONVERT ( varchar (26) , ws.LastHardwareScan,100) LastHardwareScan,
ws.SystemRole,
DATEDIFF ( DAY , ws.LastPolicyRequest , getdate() ) 'Days Since Last Communication'
FROM  vWorkstationStatus ws
JOIN dbo.v_FullCollectionMembership vfcm ON vfcm.ResourceID = ws.ResourceID
JOIN dbo.v_Collection vc ON vc.CollectionID = vfcm.CollectionID
WHERE vc.Name=’Your collection Name'
GROUP BY ws.Name, ws.UserName,ws.CreationDate,ws.LastMPServerName,ws.LastDDR,
ws.LastPolicyRequest,ws.LastHardwareScan,ws.SystemRole
HAVING (datediff(dd,max(ws.LastPolicyRequest),getdate()-25) >0)

In SSRS Report, I have made 2 parameters as prompts 1) Collection Name and 2) Number of days .

Below is SSRS report how it looks like?

Download the RDL File from TechNet here ,upload report to your SSRS Reports folder ,change the Data source and runt the report.

Questions appeared on https://social.technet.microsoft.com/Forums/en-US/b9940352-7382-462d-8ef9-8c7a1483a29f/sccm-client-last-communication-report?forum=configmanagerdeployment

https://social.technet.microsoft.com/Forums/office/en-US/5b21299a-d91a-43bd-bae7-dc02c09a8694/how-to-create-a-collection-based-on-days-since-last-communications?forum=configmanagerapps

https://www.reddit.com/r/SCCM/comments/3l67e8/help_with_custom_report/

Microsoft is bringing exciting features into Configuration manager product and making things more and more easy in all aspects to manage the infrastructure.Last month (September 2015) ,Microsoft has introduced new features into Configuration manager (expecting it would be called 2016 )technical preview 3 (Version 1509 ) called ‘Updates and servicing (this replaces the need to install separate service packs, cumulative updates, or Extensions for Microsoft Intune)’ and New look /update for Software Center (Apps that are published to users will be available in software center as well).

On October 14th 2015 ,Microsoft released another update for Configuration manager Technical Preview 3 with version 1510 (YYMM ,easy to remember unlike previous versions) with new capabilities :

• Windows 10 servicing
• Wipe and retire for on-premises mobile device management

You can install this update (1510) on Technical preview 3 with Version 1509 or earlier versions also. You do not need to install 1509 before installing 1510.

Windows 10 servicing:

In this release, you can view the state of Windows as a service in your environment, create servicing plans to form deployment rings and ensure that Windows 10 current branch systems are kept up to date when new builds are released, and view alerts when Windows 10 clients are near end of support for their build of Current Branch or Current Branch for Business.

Wipe and Retire for on-premises mobile device management:

System Center Configuration Manager Version 1510 adds support for remotely wiping and retiring devices for on-premises mobile device management (MDM).

I have already updated my Configmgr TP3 to September month released version 1509 using update servicing feature.

Before you update to the latest version (if you are on 1509 or earlier versions),make sure you have internet connection as it downloads the entire content before it starts updating your site to 1510 version.

If you are starting from scratch to install Configuration manager technical preview 3 ,you must download the TP3  version from here ,install it like other Configuration manager 2012/TP3 versions with all the prereq ,once you are done with that ,continue to update to latest version using steps below.

Open the console,Administration\Cloud services\Updates and Servicing

Updated version 1510 for TP3 not yet shown in the console which could be that,My SCCM having issues with internet. Check log DMPDownloader.log (as this is for Cloud services) from your Configmgr logs directory.

By default,it is scheduled to sync every 7 days to get latest updates.

Now we will force to sync by restarting SMS_Executive or simply restarting the SMS DMP Download manager component from Monitoring node\site hierarchy\component status .I will simply restart the component instead of restarting the sms exec service.

Start monitoring the DMPDownloader.log . You can see that,download has been initiated and store the content under folder  E:\SCCM\EasySetupPayload\.

All the updates are being saved to Easysetuppayload folder.Size of this downloaded content (TP3 version 1510) is around 1.6GB

Status for this update in the console should now be changed to available from downloading . Run the prereq check (if you want,you can ignore this and directly go to install update pack step)

To know the status ,go to monitoring ,look at site servicing status for the prereq check

after a while ,you would see something like this

now start the update pack installation:

you can monitor the update status from monitor\update servicing status

After a while,you will see ,it is installed successfully .

Console is still opened in my lab ,so I went to see the version of the console ,it immediately prompted window to upgrade it to new version.So click Yes,it will close the console and upgrade to new version.

After the console upgraded, the evaluation period reset to 60 days from the previous leftover days and also you see the new feature called Feedback (didn't notice if it was part of previous version) which takes you to Microsoft user voice portal to listen your feedback about this product for new ideas to incorporate into this product http://configurationmanager.uservoice.com/forums/300492-ideas

Console Version :5.0.8315.1000

With this Update (1510),new feature introduced called windows 10 servicing into software library node .more to be tested on this feature.

Clients that are part of preproduction collection will receive the policy about the new SCCM client and will be installed automatically .

Login to the the client PC that is part of pilot collection ,should have new version 5.0.8315.1000.

that’s it for now and more about the features introduced with this TP3 update in next blog.

There are instances (you might want to get list of required patches by server ,so can download and install in DMZ who do not have internet or for patch compliance checking for specific computer and many) , where you might be searching for list patches of required by specific computer/computers and generally ,we look at default reports if there is any report which can give me the required information.

If you look at default reports,there is no exact report give you the list of patches required by specific computer with targeted,required,when was it released and other information.

You can use below SQL Query to run  from SQL SERVER MANAGEMENT STUDIO or use this in your SSRS Reports with parameter for computer name.

This query has been customized to present the Month posted,Title of the patch,Targeted to the client,Required ,KB URL,Date posted and deadline if there is any.

Note: This Query is filtered with Severity (Security and critical)  from view v_UpdateInfo.

SQL Code:

select CAST(DATEPART(yyyy,ui.DatePosted) AS varchar(255)) + '-' + RIGHT('0' + CAST(DATEPART(mm, ui.DatePosted) AS VARCHAR(255)), 2) AS MonthPosted,
ui.bulletinid [BulletinID],ui.articleid [ArticleID], ui.Title,
    Targeted=(case when ctm.ResourceID is not null then '*' else '' end),
    IsRequired=(case when css.Status=2 then '*' else '' end),
    ui.InfoURL as InformationURL,
    ui.dateposted [Date Posted] ,
    Deadline=cdl.Deadline
    from V_UpdateComplianceStatus  css
    join v_UpdateInfo ui on ui.CI_ID=css.CI_ID
    left join v_CITargetedMachines  ctm on ctm.CI_ID=css.CI_ID and ctm.ResourceID = css.ResourceID
    INNER join v_CICategories_All catall2 on catall2.CI_ID=css.CI_ID
    INNER  join v_CategoryInfo catinfo2 on catall2.CategoryInstance_UniqueID = catinfo2.CategoryInstance_UniqueID
    and catinfo2.CategoryTypeName='UpdateClassification'
    JOIN dbo.v_R_System AS vrs ON vrs.ResourceID = css.ResourceID
       outer apply (
       select Deadline=min(a.EnforcementDeadline)
       from v_CIAssignment  a
       join v_CIAssignmentToCI atc on atc.AssignmentID=a.AssignmentID and atc.CI_ID=css.CI_ID
       ) cdl
   WHERE vrs.Name0='Win7X64-001' and
   ui.Severity IN (8, 10) --this is for security and critical updates
  AND css.Status=2  --for required
ORDER BY 1

I posted the same query on TechNet forums ,more info https://social.technet.microsoft.com/Forums/en-US/8fe96532-d9ef-48f2-a356-6e1195d9273e/report-of-what-updates-are-needed-by-server?forum=configmanagergeneral#7185a84e-afab-47d2-82bd-7418e02dd75f

While Creating SSRS reports for configuration manager ,I use lot of expressions through the report definition. These expressions (formula filed) are used frequently in reports to control content and report appearance. Expressions are written in Microsoft Visual Basic, and can use built-in functions, custom code, report and group variables, and user-defined variables. Expressions begin with an equal sign (=) syntax.

These expressions can be used in reports to present data like calculate values for parameters, queries, filters, report item properties, group and sort definitions, text box properties, bookmarks, document maps, dynamic page header and footer content etc.

SQL Expressions Optimizes the report performance,used to speed up the report from the complicated selections.You cannot use Expression to connect MORE THAN 1 DATA SET in your Report.

In this blog post,I would like to show you some of the expression (like syntax) examples which I use in most of the my Configmgr reports.

You can Use thee simple expression directly on the design surface, in a dialog box, or in the Properties pane, or you can edit it in the Expression dialog box, just as you would with any expression.

Print Date—>How do you print the report execution date

="Printed on " & Globals!ExecutionTime

Total Report Runtime (Sec)—>Calculate the total execution time of report
="Total Run time (in Sec): "& System.DateTime.Now.Subtract(Globals!ExecutionTime).Seconds

Report Executed by—Print the UserID who executed the report
="Report Run by: "& User!UserID

Altering the row colors (BackgroundColor property on Text Box )—>Change the background color for alternate lines instead of having single color across all rows
=IIF(Rownumber(nothing) mod 2, "Transparent", "Silver")

How to show parameters (prompts) in report—> You wanted to bring the parameter value into the report for Ex: collection Name to be printed on the report
=Parameters!CollID.Label

To show the values in UPPERCASE—> To print all the values in UpperCase
=UCASE(Fields!FieldName.Value)

Convert text to Proper case—> To print the first letter of the word to be in UpperCase
=StrConv(Fields!FieldName.Value, VbStrConv.ProperCase)

If you want to replace NULL with other value—>replace the NULL with other values
=iif(Fields!FieldName.Value = nothing, "No Value",Fields! FieldName.Value)

How to set colors in Pie Chart instead of Random Colors based on the output (Example taken is patch compliance , Color property on Text Box  ):
=SWITCH(Fields!Patch_Status.Value = "Compliant", "Green",Fields!Patch_Status.Value= "Non-compliant", "Yellow",Fields!Patch_Status.Value = "Compliance state unknown", "Red")

you can also use IIF condition (Values greater than or equal to 10 display with a green background, between 1 and 9 display with a Yellow background, and less than 1 display with a red background.):
=IIF(Fields!status.Value >= 10, "Green", IIF(Fields!status.Value >= 1, "Yellow", "Red"))

Combining more than one filed using concatenation using (& vbCrLf & ):
=Fields!CollectionID.Value & vbCrLf & Fields!CollectionName.Value

The Right, Len, and InStr functions are useful for returning a substring, for example, trimming DOMAIN\username to just the user name. The following expression returns the part of the string to the right of a backslash (\) character from a parameter named User:
=Right(Parameters!User.Value, Len(Parameters!User.Value) - InStr(Parameters!User.Value, "\"))

How to display text prior to the selected values (Ex:Collection ID or Name):
="Collection Name: "& Parameters!CollID.Label

How to use If condition to return the value if that matches (example to check if client is installed or not return True or False):
=IIF(Fields!Client.Value =1, True, False)

If the date value is more than week ,display red color ,else Green (This is needed when checking the hardware inventory date of client):
=IIF(DateDiff("d",Fields!LastHWScan.Value, Now())>7,"Red","Green")

How to display page number and total pages in report in footer:
=Globals.PageNumber & " of " & Globals.TotalPages

How to display name of the reprot in the footer or body in each page:
=Globals.ReportName & ", dated " & Format(Globals.ExecutionTime, "d")

Page breaks—>place a page break at the end of a specified number of rows instead of, or in addition to, on groups or report items.:

=Ceiling(RowNumber(Nothing)/25)

Recommended Reading

 https://msdn.microsoft.com/en-us/library/ms345237.aspx

https://msdn.microsoft.com/en-us/library/ms157328.aspx?f=255&MSPPError=-2147217396

Microsoft released Technical preview 4 (TP4) for Configmgr Vnext ( System Center Configuration Manager and Endpoint Protection ) .The previous technical preview was Technical preview 3 with updated version 1510 (YYMM). Microsoft haven’t updated the TechNet documentation with capabilities available with this release (TP4) for now but soon to be updated here on https://technet.microsoft.com/library/dn965439.aspx.

This technical preview must be installed as new installation on server box with all the prerequisites met .Upgrading to SCCM Configmgr Vnext TP4 from a previous version of SCCM Configmgr Vnext TP3 is not supported. Upgrading from TP4 4 to a later version of SCCM Configmgr Vnext also not supported. For this Technical Preview 4, up to 10 clients can be managed. Only a standalone primary site is supported; secondary sites are not supported.

The Technical Preview is intended for use only in a lab environment due to its limited build which expires after 60 days and cannot be used in a production environment.

The Build version with TP4 released is: 5.0.8325.1000

Client Version: 5.0.8325.1000

Hoping to see some excitement features which are raised through configuration manager voice user support.

Download SCCM Configmgr Vnext Technical Preview 4 From https://www.microsoft.com/en-us/evalcenter/evaluate-system-center-configuration-manager-and-endpoint-protection-technical-preview?i=1

A direct link to download Technical preview 4 is available here

Will update the installation document and features soon in next post.

After the release of Configmgr V1511,really busy setting up the new lab,upgrading the stuff from Configmgr 2012 R2 SP1 to SCCM Configmgr V1511 (In Place) and doing things with it.

This post is about,what are the SQL views in SCCM Configmgr V1511 that helps you to write custom SSRS /SQL queries.

As you know,there are lot many changes/updates in newly released Configmgr  V1511 from its previous version I.e Configmgr 2012 R2 SP1 ,along with it,there are also newly added SQL views that help you to generate reports for the newly added features.So for this,we need to have that information in hand when writing custom reports else you will stuck and spend lot of time in getting what you need.

I use this SQL views documentation spreadsheet a lot when writing the custom SSRS Reports and I always make this as reference for any such custom reports and it help a lot without searching here and there for    ex: where does the information stored about IP address or software update scan ,task sequence package information or software update scan results etc.

Download SCCM Configmgr V1511 SQL views documentation from TechNet Gallery here .

I have color coded (Black color Bold) the SQL views that are added newly in Configmgr V1511 from Configmgr 2012 R2 for your information.

Happy SSRS/SQL Reporting .

Few months ago,I posted blog on How to get list of missing/Required software updates for specific computer which helps to identify if a PC is 100% complaint or not for list of available patches(metadata) from SCCM,but that report gives you overall missing patches from SCCM DB irrespective of whether they are part of any software update groups or not.

Since the previous report do not have any limitation to apply on specific software update group,lot of guys commented on the blog post to have filter with software update group so that,they can apply the PC to specific software update group to know the compliance level.

This report is all about that ,to get the list of missing/Required software updates for particular PC from specific Software update group.

Report looks like this:

Download the RDL report from TechNet Gallery here, upload to your Configmgr SSRS Reports,change the data source and run it.

Note: I have tested this report both in Configmgr 2012 R2 SP1 and Configmgr V1511 ,it works fine.

There are couple of posts on TechNet blog and other forums asking for ‘Is there any report that list all updates with compliance status for specific collection’ ? Read it once again ,A software update compliance report that list all updates whether Targeted, Installed, Missing for specific Collection. A collection may contain X number of clients and each client may produce Y Number of patches for sure from your Configmgr environment with compliance status . So when you generate report with this requirement,you know how many rows do you get ? X (number of clients)* Y (number of patches).

Assume X=200 Clients and Y =100 Patches (till date) ,the report consists of 200* 100=20,000 rows.

So if you are going to generate report for management to show ,what is the compliance status (this is not really compliance status required for Management) with this requirement,Are they going to read it ? How does it matter to them,if particular computer is missing XX number of patches .Management wants to know if the PC is compliant or not .

You should not encourage for such unrealistic requests,if they are going to ask you,tell them ,what they are going to get .Garth has blogged similar kind of requirement How to perform basic Software Audit ,read it here http://www.enhansoft.com/blog/how-to-perform-a-basic-software-audit

So ,how do you perform basic software update compliance audit ? There are variety of reports available by default in Configmgr with category  Software Updates - A Compliance.

if your management asked for any patch compliance report, get them overall compliance status of each machine from specific collection for specific update (this will get overall compliance from specific software update group only) or compliance status for each machine from specific collection (this will generate report with all updates in your Configmgr).

There are lot of patch compliance reports on my blog with different requirements ,so have a look at them ,download the RDL file ,edit the RDL file using your favorite Tool(Report builder or BI or Visual studio etc) ,

edit the RDL file,copy the code into SQL server management studio ,do adjustments what is needed for you and get back the query to SSRS Report.

The recommended procedure /best practice is ,try to use the existing default reports or reports posted on my blog for compliance status per collection OR Per OU etc and start looking at computers that are NON-Compliant (if at least one patch is required by Client,it report as Non-Compliant)  and start troubleshooting the non-Compliant PC rather generating unnecessary date.

If you still want to generate such report, here is the SQL query for you .All you need is ,just change the collection ID  and run it from SQL Server management Studio.

select
vsv.Netbios_Name0 [PC Name],
CAST(DATEPART(yyyy,ui.DatePosted) AS varchar(255)) + '-' + RIGHT('0' + CAST(DATEPART(mm, ui.DatePosted) AS VARCHAR(255)), 2) AS MonthPosted,
ui.BulletinID,
ui.ArticleID,
ui.Title,
UpdateClassification=cls.CategoryInstanceName,
Targeted=(case when ctm.ResourceID is not null then '*' else '' end),
Installed=(case when css.Status=3 then '*' else '' end),
IsRequired=(case when css.Status=2 then '*' else '' end),
Deadline=CONVERT ( varchar (26) , cdl.Deadline , 100),
ui.dateposted [Date Posted],
ui.InfoURL as InformationURL
from V_UpdateComplianceStatus  css
join V_UpdateInfo ui on ui.CI_ID=css.CI_ID
join V_CICategoryInfo_All vnd on vnd.CI_ID=ui.CI_ID and vnd.CategoryTypeName='Company'
join V_CICategoryInfo_All cls on cls.CI_ID=ui.CI_ID and cls.CategoryTypeName='UpdateClassification'
join v_ClientCollectionMembers ccm on ccm.ResourceID=css.ResourceID
JOIN dbo.v_R_System_valid vsv ON vsv.ResourceID = css.ResourceID
left join V_CITargetedMachines   ctm on ctm.CI_ID=css.CI_ID and ctm.ResourceID = css.ResourceID
outer apply (
select Deadline=min(a.EnforcementDeadline)
from V_CIAssignment  a
join V_CIAssignmentToCI atc on atc.AssignmentID=a.AssignmentID and atc.CI_ID=css.CI_ID
) cdl
where ccm.CollectionID='PS100018'
order by ui.Title

Output of the SQL Query:

This is quick post on How to check Client is member of what collections and display its Maintenance window .

Maintenance Window information for collections are stored in view called v_ServiceWindow .Here is the excel spreadsheet that I always make it as reference for any custom queries always help to find right view. http://eskonr.com/2013/10/download-sccm-configmgr-2012-r2-sql-views/

You can use the below SQL Query to run it from SQL management studio or use it in SSRS Reports.

Change the PC name in marked in bold letters.

select fcm.CollectionId, coll.Name [Collection Name],s.Name [MW Name],s.Description,s.StartTime,s.Duration
from dbo.v_R_System sys
join dbo.v_FullCollectionMembership FCM on sys.ResourceID = fcm.ResourceID
join dbo.v_Collection coll on Coll.CollectionID = fcm.CollectionID
left join v_ServiceWindow S on s.CollectionID=fcm.CollectionID
Where sys.Name0 ='WIN10X64-003'

Full Details : https://social.technet.microsoft.com/Forums/en-US/3a171c53-9ca4-4ecb-9ce6-5dfca19cdadc/query-to-get-server-name-which-collection-it-is-a-member-of-and-the-associated-maintenance-window?forum=configmanagergeneral

Another interesting report  on software update compliance which will really helps lot of people in their daily job . Did you ever receive any requests to report compliance status(in one line report) for bunch of clients for ex: specific collection ? Management or Security guys do not really care about what software updates the computer is missing and they always look for final results i.e Compliant or Non-Complaint .Only these 2 status matters for them to ensure the computers are fully patched.

Generally ,how do you check when such requests comes ? Look at default the compliance reports (Software Updates - A Compliance--Compliance 5 - Specific computer ) or other compliance reports?

There are 2 ways to tell if the client is complaint or not using the default reports.

1) You can run the report based on software update group for specific collection—Compliance 1—Overall Compliance

2) Compliance for specific computer--Compliance 5 - Specific computer 

Report 1) will give you only the status for specific software update group for specific collection but not for all software updates deployed to specific PC. A PC might have 100 software updates deployed and these software updates coming through multiple software update groups.it will be really challenging to find if PC is compliant for all the Deployed patches unless you have only one software update group.

Report 2) will give you list of all updates with targeted (approved) ,missing and installed but to tell if the PC is compliant for all the patches you see in the report takes time for you to filter the missing/required column and compare it with targeted patch. (Note:You only care about the Deployed patches but not all the updates required by PC,more about it will discuss soon).

Note: This post is strictly talking about software updates compliance but not for Endpoint Protection updates.

If you want to run the report 2) for bunch of PC’s ,you need to create custom report and it is not easy to say in one line,PC is Compliant for all the deployed patches.

So,how do I check quickly, if PC is compliant for all the targeted patches meaning,if I enter the Collection name into the Report,it should give me results of PC Name , How many Patches Targeted ,How many missing and Is Complaint or not ? For this report, I have also included other computer information like Last logged on User Name,Last Hardware Scan,Last Update Scan and what is the Update Scan result etc to identify the PC health.

So,How do I come to the conclusion to say ,PC is Complaint or not based on the Targeted PC’s and Missing PC’s ? Here is the logic I have used in the report if you want to know before editing the report .

If Count of Missing Patches =0 and Count of Target Patches=0 Then PC is Complaint

If Count of Missing Patches!=0 and Count of Target Patches!=0 then PC is Non-Complaint

If Count of Missing Patches!=0 and Count of Target Patches=0 then PC is Complaint

Before you proceed to download the report,you need to understand few things how this SQL query is written and what filters are used in the report to achieve the task.

Client becomes Non-Complaint only when there are updates needed by the PC otherwise ,we can say PC is Complaint. So my primary filter (where condition ) used here is to check if status=2 means Required/Missing from V_updateCompliancestatus. Based on this criteria,I will calculate the total number of patches deployed to the PC and how many are still needed by the PC.

You may wonder on the 3rd logic, how come the count of missing patches>0 and count of target patches=0 ? you really need to check with your admin who manages the SUP deployment ,why these updates are not deployed though, they are critical and security updates (this condition used in the query) .So we assume that, Client has verified the status for all the Deployed patches and it has nothing to do with the missing patches since you never deployed them and it is COMPLAINT.

All clear now ? if you still have questions,please report them via comments section .

Download the RDL file from TechNet Gallery here, upload the report into your Configmgr SSRS Reports ,change the Data Source and run the Report .

Try to run the report ,pick one PC which is Compliant and simultaneously use your favorite default /Custom reports to check if the PC is complaint for all the deployed patches.

How does the report look like ?

By default,when you install Configmgr Reporting services point role,it create lot of reports with NT AUTHORITY\SYSTEM  account and this information can be seen from log called ‘srsrp.log’ on your Site system server.If you look at srsrp.log,there will be lot of information tracked along with list of reports it created ,its path (web path) etc. If you want to find the rdl files for these reports(only for default ) ,browse <Configmgr Installation Drive>:\SMS_SRSRP\Reports . Some of the reports resides in these respective category folders ,they do not have proper naming for ex: I look at category ‘Software_Updates_-_A_Compliance’,reports are named with ‘report290,report291’ etc which are unclear and always go with Web Reporting. If you want to do some modifications/changes to the default reports,I would suggest to download the RDL file using your web browser ,edit it using your favorite reporting tools.

Coming to the Subject line ,How do I list all the Configmgr Default reports (created under System) and custom reports that are created by domain Users along with additional information like created by,Modified by,DataSource,Path and Report Description.  At times,it will be useful to check the reports created by Whom and see who modified those ,it can be either default reports or created by Someone (Custom).

SQL Code:

SELECT c.Name,CreatedBy = UC.UserName,

CreationDate = C.CreationDate,

ModifiedBy = UM.UserName,ModifiedDate,

DS.Name AS DatasourceName,

C.Description,c.path

FROM Reportserver.dbo.Catalog C

JOIN Reportserver.dbo.Users UC ON C.CreatedByID = UC.UserID

JOIN Reportserver.dbo.Users UM ON c.ModifiedByID = UM.UserID

LEFT OUTER JOIN ReportServer.dbo.SecData AS SD ON C.PolicyID = SD.PolicyID

AND SD.AuthType = 1

INNER JOIN ReportServer.dbo.DataSource AS DS ON C.ItemID = DS.ItemID

order by 1

As usual , I have created SSRS Report for this ,which is uploaded to TechNet Gallery Here ,Download the report,Upload to your Configmgr Report server ,change the datasource and run the report.

Once you have the report, you can sort the report by Either Created By or Modified by to know the custom reports or reports created by someone and modified by someone.

This report also helps you to identify how many reports are using specific datasource if you sort the report by Datasource Name.

Full Details https://social.technet.microsoft.com/Forums/en-US/53bb8f5c-0193-47a8-bd33-73c58802fbd5/is-there-any-way-to-find-out-all-custom-reports-in-sccm-2012?forum=configmanagergeneral

How does the report look like ?

Microsoft is doing fabulous job on System Center configuration manager product  by enhancing ,adding the new features ,update the existing features in the form of Technical preview’s before making them to Production version and they listen the ideas ,suggestions reported through Configuration manager User Voice https://configurationmanager.uservoice.com/forums/300492-ideas

A day before (18th Feb 2016) ,Microsoft released Configmgr 1602 (YYMM) for Technical Preview 4 which is latest version (Note : this is only for Technical preview but not for Current Branch V1511,Production version) with some exciting features and updates to the existing features that were in 1601.

One of the most exciting feature is ,You can now upgrade your Operating System running on Windows server 2008 R2 to Windows server 2012 R2 for Configmgr 1602 ,which means,you must first upgrade your Configmgr to Configmgr 1602 version and later do In-place Operating System Upgrade .

what's new in Configmgr 1602 Technical Preview 4 ?

• Windows 10 Team configuration settings
• Automatic creation of Microsoft Office mobile apps for iOS and Android - Microsoft Office mobile apps for iOS and Android are pre-created for customers using ConfigMgr integrated with Microsoft Intune
• Sync Policy button – The new Sync Policy button lets you run the Machine Policy Retrieval & Evaluation Cycle and User Policy Retrieval & Evaluation Cycle with a click of a button. Find it in the Software Center options tab under Computer Maintenance
• In-place upgrade of ConfigMgr Site Server’s operating system – Support for ConfigMgr Site Server’s in-place upgrade of operating system from Windows Server 2008 R2 to Windows Server 2012 R2
• iOS Activation Lock management – Capabilities including enabling, querying for the status, retrieving bypass codes, and performing an Activation Lock bypass on corporate-owned iOS devices

Updates to the existing features:

• Improvements to mobile device management
• Improvements to Software Center
• Improvements to Windows 10 Servicing

For more information about Technical preview updates ,installation notes etc. ,please read https://technet.microsoft.com/library/mt595861.aspx

For step by step guides,go through https://www.niallbrady.com/2016/02/18/system-center-configuration-manager-technical-preview-1602-is-now-available/

if you have any Ideas or suggestions or improvements that you want to see in Configuration manager, raise them through https://configurationmanager.uservoice.com/forums/300492-ideas and get them Implemented.

There was a question on the MyItform list ,asking for ‘is there a way to get superseded patch list’ for all windows 7 ,So thought of writing this blog post that helps others who are in similar needs.

If you want to know particular patch (ex:Cumulative Update for Windows 10 Version 1511 (KB3124200)) superseded by what software updates in SCCM/Configmgr ,you can simply browse Software Library /Software updates nodes,search with this title ,right click on the Software Update Properties ,Go to Supersedence Information ,You can see, this software update is superseded by (To replace ) also ,if this software update supersedes by any other update .

This method is easy if you want to check for specific software update but,what if you want to have a list of software updates that are superseded by what software updates ? 

In Configmgr ,Software update information is scattered across multiple tables/views and depends on your requirement ,you must choose right table to query the information.

For Writing the SQL Queries /SSRS Reports,always have these 2 as reference 1)Configmgr SQL views and 2)SSRS expressions

For our requirement, we will be retrieving the software update information from V_updateinfo and superseded information from v_CIRelation_all.

Based on the above 2 SQL views, I will be retrieving the Software updates that are superseded by what updates.

SQL Code:

select UI1.Title,UI1.IsSuperseded,ui1.BulletinID,UI1.InfoURL,
UI2.Title [S Title],ui2.IsSuperseded,UI2.BulletinID [S BulletinID],UI2.InfoURL [S InfoURL]
from v_CIRelation_all CA
left join v_UpdateInfo UI1 on CA.ReferencedCI_ID=UI1.CI_ID
left join v_UpdateInfo UI2 on ca.CI_ID=ui2.CI_ID
where RelationType=6
and UI1.title like '%Windows 10%'

If you want to list only windows 7 updates ,replaced 10 with 7 .if you want to list all Software updates irrespective of OS ,then simply comment using --

you can use this SQL Code to put in SSRS Reports with your customizations.

One of my Blog reader has posted a comment asking for ‘How to create Collection to pop-up clients from multiple Collections start with ABC% ‘ ? ABC is the Collection Name starts with.

If you want to create a collection to see all clients from different Collections and the Collection Name starts with ABC .How do you get this done ?

For this requirement, You Cannot use Include collection as this is not Dynamic .If you choose to go with Include collection (which is Static) ,you cannot get the clients from collections that will be created in the Future.

To get this task done, we will using concept called sub Selected Queries with IN condition.

Create a New Collection ,Limit the Collection to All systems, Add a Query Rule ,Edit the Query Statement and paste the following WQL into it.

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,
SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ResourceId in (
SELECT ResourceID from SMS_COLLECTION CO inner join SMS_FullCollectionMembership FCM
on FCM.COLLECTIONID=CO.COLLECTIONID and CO.Name like 'ABC%')

Where ABC is Name of the Collection that Start with ,for Ex: SU or Microsoft or Adobe etc.

Collections in Configmgr play a crucial role .If you want to do anything(can be software deployment,OSD ,Client agent settings,Software updates,compliance etc) in configmgr against clients,you a collection .

Being Configmgr administrator, it is always important to look at collection performance ,if they are scheduled well and do some maintenance like identifying collections that take longer time to update (collection evaluation viewer tool from Configmgr 2012 toolkit) or identifying the collections that update too frequently than expected etc.

This blog post will assist you to identify collections with count of direct membership rules and type of schedule and other important collection Queries which can be represented in Nice SSRS Report.

The below SQL Code is for Collections with count of Direct Membership rule and what type of Collection Schedule configured.

Usually for Collections with Direct membership rule, you really no need to configure any Schedule at all as they are one time created and do not require any update.

so ,you can simply run this SQL Code ,if the count of Direct membership rule is bigger and if any Schedule configured to get the RID of it.

Direct membership rule info stored in v_CollectionRuleDirect View ,For more information about SQL Views in Configmgr, refer this Excel spreadsheet

Schedule can be of anything listed below:

Scheduled
Incremental
Scheduled and Incremental

SQL Code:

select coll.CollectionName,crd.CollectionID,COUNT(crd.RuleName) [Direct rules],
Case when coll.RefreshType = 1 then 'Manual'
when coll.RefreshType = 2 then 'Scheduled'
when coll.RefreshType = 4 then 'Incremental'
when coll.RefreshType = 6 then 'Scheduled and Incremental'
else 'Unknown' end as RefreshType
from v_CollectionRuleDirect  CRD
inner join v_Collections Coll on CRD.collectionID=coll.SiteID
Group by crd.CollectionID,coll.RefreshType,coll.CollectionName
order by crd.CollectionID

SQL Code for All Collections with its Refresh Type:

Select (Case when RefreshType = 1 then 'Manual'
when RefreshType = 2 then 'Scheduled'
when RefreshType = 4 then 'Incremental'
when RefreshType = 6 then 'Scheduled and Incremental'
else 'Unknown' end) as RefreshType, count(SiteID) as Collections
from v_Collections
group by RefreshType

As you already aware that ,the new version of SCCM Configmgr ( V1511 and later ) uses an in-console service method called Updates and Servicing that synchronizes with the Microsoft cloud service to get updates which allow you to install from within the Configuration Manager console.  This process will get updates that are applicable to your infrastructure and version are downloaded and made available in the console.

To get the updates available in your configmgr console ,you need to have Site system role called ‘Service Connection Point’ .

The service connection Point is new site system role which is replacement for Microsoft Intune connecter that enables additional functionalities like
 To integrate Intune with System Center Configuration Manager On-premises Mobile Device Management
 Is used as a point of contact for devices you manage with
 Uploads usage data about your deployment to the Microsoft cloud service
 Makes updates that apply to your deployment available from within the Configuration Manager console

By default, Configmgr checks for new updates every 24 hours ,if you cannot wait until then ,you can simply go to console Administration > Cloud Services > Updates and Servicing,Check for Updates

With the recent release of Configuration manager version 1602 ,there is question keep coming up in TechNet and other forums that, they cannot see the updates in the updates and servicing node,though they have done all possible workaround to get the updates into the console.

They have service connection point installed, ONLINE (Connected to internet) ,tried automatic method within the console ,Restart SMS Executive service but still no Joy ,even they have looked at the CMUpdate.log ,all looks good ,content being downloaded to cd.latest folder .
If at all you have issue viewing the recent build version updates into the console ,you probably missing the RBA security permissions for the particular account.
So what permissions are need for this to work ?
User must be assigned a security role that includes the Read permission in the permission group Site, and the security scope All.

Points to be noted when doing in-console updates for Configmgr:

1. Always begin installing the updates with Top site (CAS—>Primary—>Secondary) if you have CAS ,else start with Standalone Primary Site.
2. Always install the updates during out of business hours (you can schedule the Service window to install the updates to have least effect to business operations).
3. When you have CAS which is installed with latest update (ex:1602) ,your primary sites will start the update automatically unless you do not have any service window else, it will wait for the service window and install for you.
4. Secondary sites will not be upgraded to automatically and you must manually update them within the configmgr console ,right click on the secondary site and choose upgrade.
5. After you are done with site upgrades ,the configmgr console will be prompted to upgrade to new version (uninstall the existing and install new ,open console automatically) and this happens to all end users when they try to launch the Configmgr console on their workstations connect to the Site.
6. It is good to select Ignore any prerequisite check warnings and install this update regardless of missing requirements while installing the updates . If you do not select this ,it is recommended to run the prerequisite check before the update install to make sure ,there are no warnings.
7. Prerequisite errors always stop the update installation. You must resolve errors before you will be able to successfully retry the update installation.
8. During the updates installation ,it also updates cd.latest folder which will be used during a Site recovery.
9. Until all sites in your hierarchy are upgraded to new build version ,your hierarchy will operate in mixed version mode.

References:

Updates for System Center Configuration Manager

1602 Update not available in console

Unable to bring system to 1602

SCCM 1511 - Updates and Servicing not working

Microsoft SQL Server view is a virtual table whose contents are based on the result from a SQL query. A view saved SQL Query which you can treat this as virtual table. A view consists of a set of named columns and rows of data. However, the contents of a view are not stored in the SQL database. The rows and columns of data come from tables or other SQL views referenced in the query that defines the view and are produced dynamically when the query is run. The query that defines the view can be from one or more tables or from other views in one or more databases.

When you install Configuration manager ,it creates lot of SQL views of following types:

• Views against static (unchanging) tables.
• Views that use data from tables with a dynamic (changing) schema.

For a dynamic schema, setup creates a number of SQL Server stored procedures that create the views. These stored procedures are run by Configuration Manager to refresh the views when the schema of underlying tables changes. Collection evaluation, discovery, and inventory data are examples of data for which new tables or new properties in existing tables might be created during the operation of a Configuration Manager site.

To create effective SSRS reports, you need to know the Configuration manager views available in SCCM Database to get the required data.

It is always helpful ,Handy and easy for you to write SSRS Reports ,if you know the value that you are looking (for ex: Network information) for is stored in which SQL view .

Through this blog post ,I would like to share the Excel spreadsheet that consists of Configuration manager 1602 (Current branch at the time of writing this blog post) views help you to identify the required information for your SSRS report.

I have also highlighted (Orange Color Background) the Views that are available only in 1602 but not in earlier versions (1511) of configuration manager so you know what’s new in 1602 current branch .

Due to the features/Updates added into Current Branch version 1602 ,the 4 interesting (atleast for me) SQL views added are listed below:

v_CollectionMemberClientBaselineStatus

v_CMConsoleUsageData

v_WindowsStoreForBusinessApps

vSMS_HealthAttestationDetails

I will write a another blog post explaining about these 2 newly added SQL views that really helps to find about SCCM Console usage and Client BaseLine Status.

Download the SQL View documentation for SCCM Configmgr 1602 from TechNet Gallery.

For Other Configmgr version, you can download the SQL Views from Configmgr 1511 , Configmgr 2012 R2 SP1, Configmgr 2012

References :

SQL Server Views in System Center 2012 Configuration Manager