Month: September 2017

ConfigMgr Report for Antimalware Policies

Posted on Updated on

Let’s say for a moment that your organization uses SCCM for management of Windows Defender Antivirus (WDAV in Windows 10, Server 2016) or System Center Endpoint Protection (SCEP for legacy platforms).  Currently in SCCM (1706 or older) the only out-of-box mechanism to identify and report upon the antimalware policies being applied to a computer is through the SCCM console, such as in the image below.

ConsoleAntimalwarePolicies

What if the organization has a separate team or individual that needs that data – but you don’t want to provide them with the SCCM console?  You give them a report of course!  This quick guide will show you key things to do to obtain that info. The key steps are:

  1. Identify the SQL views being referenced by the SCCM console.
  2. Grant read permission of the SQL view to the SRSS reporting service account.
  3. Create the SRSS report.

Step 1: Identify the SQL views being referenced by the SCCM console.

  1. In the SCCM console, open the Antimalware Policies tab on the computer record
  2. Open the site server log SMSProv.log (and scroll to the end)
  3. Find the correlating “Execute SQL=” query to identify the SQL view(s) being used

    FindSQLqueryView

Step 2: Grant read permission of the SQL view to the SRSS reporting service account.

  1. Identify the service account being used by SCCM for SRSS reporting
    Tip: navigate to Administration > Security > Accounts, then locate the account being used for “ConfigMgr Reporting Services Point”
  2. Open SQL Management Studio (with a user account that has permissions to modify SQL permissions) and select the SCCM database
  3. Run the following GRANT command against the SCCM database
GRANT SELECT ON [dbo].[vSMS_G_SYSTEM_AmPolicyStatus] TO "DOMAIN\user"

GrantSQLview

Step 3: Create the SRSS report.  First off, there are many different ways that you can design the report.  To mimic what the SCCM console does, I usedan existing report with a selection box for the Computer Name, then just modified the executing query.

    1. Used report “Computer information for a specific computer” as an example baseline for selecting the computer name for a variable.
    2. Create a new report (using SQL Report Builder) to mimic the above report with the appropriate Data Source, Data Set(s), and Parameters

      AntimalwareReportBuilder

    3. Modified the SQL query to use the following code
SELECT APS.Name, APS.Priority, APS.LastMessageTime, @variable AS 'Computer Name'
FROM vSMS_G_SYSTEM_AmPolicyStatus as APS
JOIN v_R_System as SYS on APS.MachineID = SYS.ResourceID
WHERE SYS.Name0 = @variable
  1. Test execute the report to confirm the results
    Tip: in Report Builder, click the Run button on the Home tab
  2. Save, finish, and report!

AntimalwareReportResults

Advertisement

This entry was posted in ConfigMgr, How-To and tagged , , .

Windows 10 News You Can Use – September 2017

Posted on Updated on

Win10News

First and foremost, the next update of Windows 10, the Fall Creators Update, will be available worldwide October 17. With the Fall Creators Update (aka RS3, aka v1709) we are introducing some fun, new ways to get creative. As part of the update we will deliver an evolution to the photos experience that will let you tell your story like never before using photos, videos, and 3D effects; enhancements in gaming, security, accessibility, and immersive new experiences made possible by Windows Mixed Reality. All of this innovation will be brought to life by a range of beautifully designed, and feature rich modern devices available from our hardware partners this holiday.
https://blogs.windows.com/windowsexperience/2017/09/01/create-and-play-this-holiday-with-the-windows-10-fall-creators-update-coming-oct-17

Deployment & Management
  1. Learn how Windows 10 can support your compliance with the European Union (EU) General Data Protection Regulation (GDPR) as well as approaches, recommended practices and techniques to support your GDPR compliance journey. https://www.microsoft.com/en-us/download/details.aspx?id=55765
  2. This new demo from Microsoft Mechanics walks you through common usage scenarios for Windows Analytics Update Compliance, a cloud-based solution that provides you with an inventory of the devices in your organization, the version of Windows installed on each device, the update status of each device, and antimalware assessment for Windows Defender Antivirus-enabled devices. https://blogs.technet.microsoft.com/windowsitpro/2017/08/10/new-demo-windows-analytics-update-compliance
  3. The Microsoft Intune team is excited to announce the ability to deploy Office 365 ProPlus applications to Windows 10 devices from the cloud with Intune. https://blogs.technet.microsoft.com/enterprisemobility/2017/08/10/deploying-office-365-proplus-with-microsoft-intune
  4. Preview of the Microsoft Store for Business PowerShell module.  Use the module to view purchased items, manage licenses, perform bulk operations. https://docs.microsoft.com/en-us/microsoft-store/microsoft-store-for-business-education-powershell-module
  5. Connect with members of the product engineering teams who will be on hand to answer your questions and listen to feedback about Upgrade Readiness, Update Compliance, Device Health, and how these services can help you reduce the costs associated with deploying, servicing, and supporting Windows 10. https://myeventurl.azurewebsites.net/events/Details/276

Security
  1. Is your staff handling your corporate data with care? Window Information Protection helps Microsoft IT know when employees are sending corporate data to non-corporate locations—and it helps people protect sensitive content and corporate assets. On Wednesday September 6th, learn how Windows Information Protection works to provide data security in our highly mobile and collaborative business culture, and prepare to deploy, configure, and manage it for data loss prevention in your environment. https://www.microsoftevents.com/profile/form/index.cfm?PKformID=0x22413939980
  2. Microsoft is pleased to announce the final release of the recommended security configuration baseline settings for Windows 10 “Creators Update” also known as version 1703, “Redstone 2,” or RS2. https://blogs.technet.microsoft.com/secguide/2017/08/30/security-baseline-for-windows-10-creators-update-v1703-final
  3. How Microsoft’s IT uses Windows Defender Antivirus.
  4. New Microsoft documentation on Windows Defender Application Guard. https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-application-guard/wd-app-guard-overview
  5. Windows Defender Exploit Guard (WDEG) which will complete our journey to incorporate all of the security benefits of EMET directly into Windows. This effort was significantly influenced by two insights that came up most frequently in our survey data, customer support calls, and conversations with EMET stakeholders and security enthusiasts. More than anything else, our customers have expressed that they want (1) a user-friendly UI for configuring mitigation settings and (2) a way to protect their legacy apps on Windows 10. https://blogs.technet.microsoft.com/srd/2017/08/09/moving-beyond-emet-ii-windows-defender-exploit-guard
  6. Microsoft explores the machine learning techniques that have transformed Windows Defender ATP into a formidable solution for spotting all kinds of breach activity in the enterprise network. https://blogs.technet.microsoft.com/mmpc/2017/08/03/windows-defender-atp-machine-learning-detecting-new-and-unusual-breach-activity
  7. Windows 10 protects against tech support scams, no matter the vector. https://blogs.technet.microsoft.com/mmpc/2017/08/07/links-in-phishing-like-emails-lead-to-tech-support-scam

Productivity
  1. Windows 10 Pro for Workstations is a high-end edition of Windows 10 Pro, comes with unique support for server grade PC hardware and is designed to meet demanding needs of mission critical and compute intensive workloads. https://blogs.windows.com/business/2017/08/10/microsoft-announces-windows-10-pro-workstations
  2. Windows 10 Tip: Five ways to personalize notifications on your PC. http://blogs.windows.com/windowsexperience/2017/08/28/windows-10-tip-five-ways-personalize-notifications-pc
  3. Windows 10 Tip: Three ways to get started with OneNote. https://blogs.windows.com/windowsexperience/2017/08/21/windows-10-tip-three-ways-get-started-onenote
  4. Windows 10 Tip: Turn text into timelines in PowerPoint. https://blogs.windows.com/windowsexperience/2017/08/14/windows-10-tip-turn-text-timelines-powerpoint
  5. Available later this year, a collaboration between Microsoft and Amazon will allow you to access Alexa via Cortana on Windows 10 PCs, followed by Android and iOS in the future. Conversely, you’ll be able to access Cortana on Alexa-enabled devices like the Amazon Echo, Echo Dot and Echo Show. https://blogs.microsoft.com/blog/2017/08/30/hey-cortana-open-alexa-microsoft-amazons-first-kind-collaboration

 

This entry was posted in News You Can Use, Windows 10.