If you
manage, as usually, client patching with SCCM 2012 SP1 it’s very useful create an
opportune collection to identify client that, with hardware inventory, has
already installed the last Microsoft Patch.
On windows
XP the query to use it’s the following:
Client with last patch installed
select
SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client
from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on
SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where
SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName like "%KB2846071%"
Client with last patch not installed
select
SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client
from SMS_R_System inner join SMS_G_System_OPERATING_SYSTEM on
SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId where
SMS_R_System.Client = 1 and SMS_R_System.ClientType = 1 and
SMS_R_System.ResourceId not in (select SMS_R_System.ResourceID from
SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on
SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where
SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName like "%KB2846071%") and
SMS_G_System_OPERATING_SYSTEM.CSDVersion = "Service Pack 3"
With
Windows Vista/7/8 client and 2008/2012 Server you need to make the following
change to client Settings
(enabling an opportune WMI Class
http://community.spiceworks.com/scripts/show/82-windows-update-agent-force-script-email-results-version-2-6?page=6 )
http://community.spiceworks.com/scripts/show/82-windows-update-agent-force-script-email-results-version-2-6?page=6 )
The collection with installed the last patch
has the following syntax:
select
SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client
from SMS_R_System inner join SMS_G_System_QUICK_FIX_ENGINEERING on
SMS_G_System_QUICK_FIX_ENGINEERING.ResourceId = SMS_R_System.ResourceId where
SMS_G_System_QUICK_FIX_ENGINEERING.HotFixID like "%kb2829530%"
To create an opportune Collection without the
followed patch not installed:
select
SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client
from SMS_R_System where SMS_R_System.Client = 1 and SMS_R_System.ClientType = 1
and SMS_R_System.ResourceId not in (select SMS_R_SYSTEM.ResourceID from
SMS_R_System inner join SMS_G_System_QUICK_FIX_ENGINEERING on
SMS_G_System_QUICK_FIX_ENGINEERING.ResourceId = SMS_R_System.ResourceId where
SMS_G_System_QUICK_FIX_ENGINEERING.HotFixID like "%kb2829530%")
A patch
workflow it could be to populate the collection modifyng the last KB microsoft
that you want to push, install the patch
(I use the following script on SCCM
without WSUS installed on SCCM Server http://community.spiceworks.com/scripts/show/82-windows-update-agent-force-script-email-results-version-2-6?page=6).
After the
patching you can schedule an Hardware Inventory. Later the collection with
patch installed it would be populate so you can have an immediate patching
feedback
