It’s been a long time since I’ve seen anything spread like the WannaCry/EnternalBlue exploit has over the past 24 hours. And I like many other admins around the world have been pulling together reports and ensuring our estate is fully patched with Microsoft MS17-010, so to ensure the devastating damage done to the likes of the NHS, doesn’t spread further.
However, I’ve seen a few people asking how they can most easily pull these reports out of their SCCM infrastructure. So on that note..
This assumes you have an SCCM Reporting Point, and SCCM Software Update Point handling your updates.
Navigate to your Web Reporting Point and select Software Updates – A Compliance
Now select Compliance 2 – Specific Software Update
From the collection drop down list, select a collection you wish to check compliance against. In this case, I’m selecting my All Windows 10 collection.
Type in the relevant KB number (only the number) and hit View Report.
You can find the individual KB’s on the MS17-010 page.
In my case, i’m searching for Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB4013198).
Once the report has run, you will see an overview of its Installed status.
Selecting on the Name will drill you a level down..
Again, selecting Update is Required here will drill you down for more information.
Until finally you are presented with a list of your suspect machines. From here you can continue to drill down, or use the save icon at the top to export to Excel etc.
Keep in mind Updates are now Cumulative, so if Systems have a later CU installed then they too will be covered.