Detailed Software Audit

It seems there is an open feature request for this issue, but I’d like to see if there’s a workaround until it is implemented by Syncro.

What we’re seeking is the ability to run a Software Audit of ALL assets, but with the same information/data given on the Installed Apps tab of an individual asset. Basically would like to pull data from these machines directly if possible.

My best lead so far is to run a script to make a [CSV] list out of the HKLM:…\Uninstall* entries and email the raw data to myself, then run a local script to concatenate the bodies’ info to one CSV.

Clearly this is a bit ridiculous, any help would be appreciated.

That’s the best workaround I can think of, and it doesn’t seem like that much work. Could also have them all upload to the same location, perhaps an S3 Bucket or Azure blob, and then pull them from there and combine via a script. Since all data would be the same, it wouldn’t be hard at all to combine using a 2nd script.

May I ask once you have this data what the intent is? I am curious what you are attempting to achieve once you have a report or something with every asset’s software inventory being detailed.

Here are a few reasons for a Software Audit report across all customers.

  • Keep track of changes across the entire customer fleet. Change Management.
  • Look for sales/training opportunities.
  • Look for bad software creeping in, and the population of that bad software across the fleet.
  • Look for out of date versions of software, leading to further investigation to resolve.

andrewd put it well.

Mostly his 3rd and 4th bullet points, as our situation entails 50+ field technicians without a consistent internet connection.

It has been a problem for some time and for multiple reasons, but essentially they will need to temporarily download applications that the other companies we work with are more accustomed to. This is typically alright so long as it’s a trial or one-off, but most of the times the uninstalls don’t happen and aren’t reported.

That or out of date software tends to accrue, and some softwares change licenses after updating (like Java). In these cases, an update/downgrade is in order, and having details of which asset requires it is more valuable than the current high-level view of software install counts.

At least possibly to help point 3, you could also have the platform alert you for newly installed software. I suppose that could potentially cause a lot of noise depending on how often things are getting installed, but it’s at least something for the meantime depending on if/when Syncro decides this would be beneficial to report on.

This is what I was wondering if we’d see as the reasoning why. So for these items this feels more of a notification-based system to me, and this kind of thing traditionally falls under compliance/change management as you mentioned. However, change management isn’t typically handled with reports as this isn’t realistic at scale and that’s obviously a manual affair as well. So I wonder if we can break this into feature requests that would be more suitable to the cause. For example, we can alert on new software installations today, but I admit that’s not super useful on its own. Extending that to look for keywords would be tremendously helpful, though. For example, if you enforce the use of Chrome for specific clients, we could alert on Firefox, Safari, Vivaldi, etc. On the compliance side, you could potentially include keywords to ignore. So in the above example Chrome notifications would be suppressed on install.

In regard to outdated software, this is typically handled via third-party patch management, whether you use our implementation or something like Ninite.

To be clear, I am not opposed to looking into a software inventory report, I just like to aim toward more purposeful execution because in the long run it works into your businesses much better. Do you think we can be more targeted to automate this better?

I’m not looking for notifications, as we have that enabled for installs/uninstalls. Nor are we looking for automated patch management or the likes.

Essentially what I’m looking to achieve is an easier means of obtaining the ‘Installed Apps’, but for all assets. Figured the ‘Software Audit’ report that’s already available would have done something to this effect, but it only shows the count of assets with XYZ program and version installed. Creates a lot more work in trying to manage rogue software, even with ‘saved searches’.

Whereas if I had the ability to see the ‘Installed Apps’ for every asset, I could narrow by the XYZ program and actually see which systems have it. I feel like most of the leg work to achieve this has been done, but the current solution for a software audit through Syncro is too high-level with a lack of information.

I am still trying to understand the underlying use case better. If it’s just finding (known) software you don’t want, can you filter those out using Saved Asset Searches? Or are you saying you want to go through potentially hundreds (or even thousands) of app variants trying to identify every piece of (unknown) software, then navigate to each asset with said and script an uninstall or manually remediate?

Then I’m creating a saved search for every single unwanted program.

If I had all the data in one place, I could filter this down much quicker.

Seems that when I perform a saved search, I’m only shown the assets as well, so I’d have to verify the search worked each time. Take my search of “Visio” for example, there might be similar/matching versions of entirely different products — ie. Visio 2013 v.1.0 and Visio 2016 v.1.0. Even if I searched “Visio 2013”, I’d have to make a separate search for 2016 and so on.

Also, attempting to do this via script output from each asset would require the devices to be online in a timely manner, whereas an aggregate of Syncro’s ‘Installed Apps’ lists would at least provide us some data, even for devices that have been offline for some time, so that when we are audited by an external company for compliance, there is no stone left unturned.

Perhaps if this data set could be made available via the API, that might be helpful as well. Pull from the data Syncro already collects and stores whether the system is offline or not. Not sure if that would be an easier, faster workaround than reworking/creating a new report on Syncro’s end. Just an idea thrown out there.

Ok so I am understanding correctly if you had say 1,000 assets in your fleet, you are looking to create a report that aggregates all software inventory across those 1,000 assets that you would then scan over manually on some type of cadence looking through all of those items for anything unwanted? I’m just making sure I understanding the flow of how this would be used in your day to day.

If what I wrote above is accurate, how often would you expect to be doing this and how much time do you think you’d spend doing it each month?

I am still curious what we might come up with because the above sounds like a lot of work that needs to be automated in some fashion, at least to me.

I don’t see this as a day to day task.
Running a software audit report would be a tool used when trying to investgate customer reported but vaguely described problems (ie half of our 50 PCs are slow), or proactively looking for problem software, or in preparation for a IT review with a customer.

Notifications can only be setup if you know the name of the software in advance that you want to be notified about. Notifications about every app install is too much noise.
I don’t see how it is possible to aggregate Notifications over long time periods.
"In Dec 2022 I learn about a software app name that isn’t great to have, but in all the notification noise I didn’t notice it in the previous 6 months. Now which PCs have it, when was it installed so we can try and establish the user behaviour that led to the app installs. Perhaps a customer has a business process we are not aware of. "

Let me look though the list of all the customers that have AutoCad installed so I can pitch selling them Autocad, as I can buy from licenses for Auto Cad from my Disti.
Same for AV. No we don’t want those strange AV packages installed, which keep changing their name.
Same for printer software so I can then zero in on Assets to pitch toner fufillment or managed print.
Or simply, I run a software audit report and …ahhh, 10 customers have Fuji Xerox software installed, but we don’t have any MFPs listed as Assets because my techs haven’t done it. Lets fix that so we can then pitch/quote toner fufillment or managed print.

For me, this would be an excellent first step. The data is already in Syncro, in the Asset->Installed Apps tab.
If this data could be made retrievable by the API, then after that I’m happy to write my own reporting tool to get the data when I need it, and push it into a data store.

This is a good example, thank you for this.

This can be done now with Saved Asset Searches today.

Thanks, for that tip.
I’ve tried it, and yes using Saved Asset Searches creates a filtered list based on a text filter such as.

Now that I have that list in the Syncro WebGUI, how do I save/export that list so I can

  • give it to someone to work through and investigate the various opportunities?
  • when further narrowed down to a single customer, present that list to a customer for review/discussion?

BTW: A problem with using Saved Asset searches for this task is that the output doesn’t show the software names or versions in the results.
For example, I know that one of the PCs in the results has these versions. But to find the version info I need multiple clicks into the Syncro PC representation. This doesn’t scale for large numbers of PCs.

Two ways. You can use the Asset Audit Report and feed a Saved Asset Search into that, or you can use the Internal Report Builder’s list block for Assets and do it similarly there.

Thanks @andy, that works well in providing an output. I notice I can schedule such reports too.

However I cannot see the Application name or the Version numbers, therefore for wildcard searches for software using Saved Asset Searches doesn’t provide a “Detailed Software Audit”.

I feel like we are close, (we have Saved searches based on known app name queries, exporting in PDF and CSV, scheduling, etc)
but missing is the actual detail about the software.

Syncro collects this data and makes it viewable in the Asset->Installed Apps tab, but we cannot properly run queries/audits/export against it.

Yeah that’s as close as you’ll be able to get for now.