This is been my days lately.
Check if my whole servers are patched, giving management teams compliance reports, and so on.
Lots of online examples, this, yes, is just another one.
Disclaimer: Modify the T-SQL query and VBScript for the specific HotFixID's - in my case are for 2003-2016 windows servers.
So, SCCM query to check out the servers missing the Ransomware fix :
SELECT dbo.v_R_System.Name0 AS 'Computername', v_R_System.Full_Domain_Name0, dbo.v_UpdateInfo.Title AS 'Updatename', dbo.v_StateNames.StateName, dbo.v_Update_ComplianceStatusAll.LastStatusCheckTime, dbo.v_UpdateInfo.DateLastModified, dbo.v_UpdateInfo.IsDeployed, dbo.v_UpdateInfo.IsSuperseded,
dbo.v_UpdateInfo.IsExpired, dbo.v_UpdateInfo.BulletinID, dbo.v_UpdateInfo.ArticleID, dbo.v_UpdateInfo.DateRevised,
catinfo.CategoryInstanceName as 'Vendor',
catinfo2.CategoryInstanceName as 'UpdateClassification'
FROM dbo.v_StateNames
INNER JOIN dbo.v_Update_ComplianceStatusAll
INNER JOIN dbo.v_R_System ON dbo.v_R_System.ResourceID = dbo.v_Update_ComplianceStatusAll.ResourceID
INNER JOIN dbo.v_UpdateInfo ON dbo.v_UpdateInfo.CI_ID = dbo.v_Update_ComplianceStatusAll.CI_ID ON dbo.v_StateNames.StateID = dbo.v_Update_ComplianceStatusAll.Status
INNER JOIN v_CICategories_All catall on catall.CI_ID = dbo.v_UpdateInfo.CI_ID
INNER JOIN v_CategoryInfo catinfo on catall.CategoryInstance_UniqueID = catinfo.CategoryInstance_UniqueID and catinfo.CategoryTypeName='Company'
INNER JOIN v_CICategories_All catall2 on catall2.CI_ID=dbo.v_UpdateInfo.CI_ID
INNER JOIN v_CategoryInfo catinfo2 on catall2.CategoryInstance_UniqueID = catinfo2.CategoryInstance_UniqueID and catinfo2.CategoryTypeName='UpdateClassification'
INNER JOIN v_CH_ClientSummary on v_CH_ClientSummary.ResourceID = v_R_System.ResourceID
WHERE (dbo.v_StateNames.TopicType = 500)
AND (dbo.v_StateNames.StateName = 'Update is required')
AND (dbo.v_R_System.Name0 IN (
SELECT TOP (100) PERCENT SD.Name0 AS 'Machine Name'
FROM dbo.v_R_System AS SD INNER JOIN
dbo.v_FullCollectionMembership AS FCM ON SD.ResourceID = FCM.ResourceID INNER JOIN
dbo.v_Collection AS COL ON FCM.CollectionID = COL.CollectionID LEFT OUTER JOIN
dbo.v_R_User AS USR ON SD.User_Name0 = USR.User_Name0 INNER JOIN
dbo.v_GS_PC_BIOS AS PCB ON SD.ResourceID = PCB.ResourceID INNER JOIN
dbo.v_GS_COMPUTER_SYSTEM AS CS ON SD.ResourceID = CS.ResourceID INNER JOIN
dbo.v_RA_System_SMSAssignedSites AS SAS ON SD.ResourceID = SAS.ResourceID
WHERE (COL.Name like 'All Windows Servers')
)
)
AND ((catinfo2.CategoryInstanceName like 'Critical%' ) OR (catinfo2.CategoryInstanceName like 'Security%' ))
AND dbo.v_UpdateInfo.ArticleID in ('4012214','4012212','4012213','4012598')
AND v_CH_ClientSummary.ClientActiveStatus = 1
ORDER BY dbo.v_R_System.Name0
And, a SCCM configuration item VBScript (some servers don't have powershell...! yes, there're a few ...!) :
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_QuickFixEngineering",,48)
Set objFSO=CreateObject("Scripting.FileSystemObject")
Set wshNetwork = WScript.CreateObject( "WScript.Network" )
strComputerName = wshNetwork.ComputerName
For Each objItem in colItems
If objItem.HotfixID = "KB4012214" or objItem.HotfixID = "KB4012213" or objItem.HotfixID = "KB4012212" or objItem.HotfixID = "KB4012598" then
wscript.echo "Compliant"
End If
Next
So, now just make a configuration baseline or add this configuration item to your existing configuration baseline.
Hope this helps you guys out.
No comments:
Post a Comment