SCCM Configmgr collection report how to check Group policy file updated or not for X days

This gives list of machines where the group policy database file not updated .Before creating the SCCM web report,software inventory has to be enabled for GPO file secedit.sdb file which will is available in  %windir%\security\database.

collection(WQL):

select SMS_R_SYSTEM.ResourceID

,SMS_R_SYSTEM.ResourceType

,SMS_R_SYSTEM.Name

,SMS_R_SYSTEM.SMSUniqueIdentifier

,SMS_R_SYSTEM.ResourceDomainORWorkgroup

,SMS_R_SYSTEM.Client

from

SMS_R_System inner join SMS_G_System_SoftwareFile

on SMS_G_System_SoftwareFile.ResourceID = SMS_R_System.ResourceId

where

SMS_G_System_SoftwareFile.FileName = “secedit.sdb”

and DATEDIFF(dd,SMS_G_System_SoftwareFile.ModifiedDate,GetDate()) > 15

Now you have to figure out why it is not updating Smile

SCCM Report(SQL):

select a.Name0 ,cs.UserName0 [Last loggedin],os.Caption0 [OS]
, CONVERT(VARCHAR(12),b.ModifiedDate,107)As "GPO Date Last Applied"
from v_R_System a
join v_GS_SoftwareFile b on b.ResourceID=a.ResourceID
join v_GS_OPERATING_SYSTEM OS on Os.ResourceID=a.ResourceID
join v_GS_COMPUTER_SYSTEM CS on cs.ResourceID=a.ResourceID
where b.FileName='secedit.sdb'
and DATEDIFF(dd,b.ModifiedDate,GetDate()) >15
order by b.ModifiedDate

Leave a Reply