Patch management is an important function so in this issue I’ll feature some of the questions I’ve been asked during discussions about the new ZENworks Patch Management dashboard.
Q: On the new patch management dashboard I can see how many devices are compliant but does this show how many have applied the patch policies?
A: The compliancy dashlet doesn’t have a relationship with the patch policies, it’s an independent graph that shows if the device is compliant according to the measures you can set within the Patch Management configuration.
Q: Can I create dashlets with Patch Compliancy for different vendors?
A: The dashlet configuration does allow you to create dashlets for the different platforms but doesn’t have filter options for the different vendors. You could create a dashboard for this with ZENworks Reporter.
Q: My patch policies are designed so that everything is patched within a month. How can I verify that this is happening properly?
A: There are two ways to look at this, you can verify the patch policy status or you can verify the patch status of the devices.
To check the policy status, you need to look at the patch policy details and look at the bundle status, but it will be a time-consuming exercise. Unfortunately, ZCC doesn’t give a proper overview of the patch status and ZENworks Reporter isn’t very helpful as it doesn’t have any patch policy details as part of the ZENworks Domain.
It’s possible to create some custom database queries to get the patch policy status but after working with a few customers we have found that looking at the patch status is a lot easier and much more efficient.
OK, so let’s look at how to use ZENworks reporter to get a proper report with the patch management status.
Within ZENworks Reporter create a new ad-hoc report and select the ZENworks Domain. After this select the Patch Management data as the source of your report. Then select a Table for the report and add the data we would like to see - in my sample report I’ve just selected the “Patch Name” and “Released on”. The next step is to group things based on the Device Name.
In the report we need to filter out the data that we are actually interested in. The first thing to filter on is the “Patch Device Status” so that the only patches shown are those not patched. The second filter to use is the Release date where we can filter out patches that have been released within the last month. For this we add “Release On” as a filter and set the filter to before a relative date of MONTH-1. If needed additional filters can be added, such as a selection of Vendors that the report needs to show.
If all devices are patched properly, nothing will be shown in the report! You can schedule the report to run every week and specify that a notification is send out if the report does contain any results. With this you will be notified automatically if devices aren’t patched up to your patch criteria.
This article was first published in OHM Issue 42, 2018/3, p39