Software Update Dashboard: Now with 100% More Dashboard

Back in January I released a set of software update reports I called Yet Another Software Update Dashboard. This was a set of reports that I had built to monitor software update compliance for my organization. The name was a bit of a lie as there really wasn’t much of a dashboard in there. Sure, I broke down the compliance figures into sub-categories but that is not a real dashboard. When the MMSMOA team was foolish enough to give me a microphone and let me talk about update reporting I took that as an opportunity to remedy this.

I’m going to focus just on the changes I’ve made since the initial release. Refer to the original post for everything else: Yet Another Software Update Dashboard.

Dougnuts. Hmmmmmm doughnuts.

While I’m an exile to the US I am at heart a Canadian. Canadians have a love affair with doughnuts that most people don’t really understand. So I changed the pie charts to doughnuts. Honestly, I have zero preference between the two but for better or worse doughnuts give the impression of being more ‘modern’.

I’ve also gone through the reports and added alternating background colors to hopefully make things a bit more readable.

Workstation/Server Split

I stole this from some other example that I now unfortunately forget but I’m using v_GS_OPERATING_SYSTEM.ProductType0 to split the reports between the two. The overall compliance report still has graphs to break those down based on collections but I think it’s a worthwhile split at the highest levels.

New Report: Latest SUG for an ADR

This was one of the first reports I wrote. It allows you to specify an Automatic Deployment Rule (ADR) and it will list the updates in the latest Software Update Group the ADR created. I’m not sure the report has a ton of value, mostly because the titles for updates in WSUS/ConfigMgr aren’t all that descriptive. It does work however so I figured I might as well include it. If your leadership or team wants to know what patches you are releasing this month this is about as good as it gets. I specifically configured the parameters so that you can create a report subscription using just the name of the ADR.

New Report: Scan Report

The built in Scan Error report is plenty fine. However, I wanted something that fit into the set of reports that make up my dashboard so I’ve added it here. This also allows for drill down into the other reports that make up the whole solution. Here you can see that I have 18 devices (out of ~1300) in our lab that have failed to scan. Remember: if you’re not scanning then your not patching.

New Report: Installation Failures

There were already two reports in the original release that organize update installation failures by machine and by update. This report organizes it by the failure code itself so that you can easily see what kind of failures are most prevalent in your organization. Note that the figure in the header refers to the number of distinct systems. Since a system can have multiple failures that doesn’t match the total number of individual errors. However, it does give you some insight into what kinds of things might be going wrong. You can see in the example below that we are still facing timeout issues despite using my maintenance script to increase all cumulative updates to 60 minutes. You also see the result of my team deciding that our virtual machines only needed 30 Gb for their system drive leading to an unending parade of full disks.

Finally, A Honest to Goodness Dashboard

Ok, now we get to the heart of the thing. When I first envisioned my session at MMS talking about patching I had wanted to create a dashboard both in SSRS and in PowerBI and use them to discuss the merits of each. Time prevented that; both in terms of preparation and the session itself but it did push me to create a dashboard worth replicating in PowerBI. There’s not much here that needs explained. Everything is a link to the other reports that are part of this solution. The one thing I will mention is that clicking on the top level chart titles (ex. All Workstations) will change the dashboard to report on just those kinds of devices.

So there you have it, a real, honest-to-goodness dashboard this time. I have some other ideas for subreports but for now this ticks off all the major things I want to be able to see at a glance: overall compliance figures, installation errors, scan errors, and devices that don’t have the latest cumulative update.