Product Compliance

The product compliance feature helps you ensure that software used by clients, complies with corporate guidelines. Your organization might set product guidelines and standards. For example, there can be a requirement to use only a certain version of a product or there can be a guideline banning the use of an unauthorized product. Product compliance can help you ensure that software products that are installed on client computers comply with these guidelines.

Product compliance works with software inventory. Software inventory tracks software that is installed on client computers, and product compliance helps you detect which of that software complies with corporate software guidelines.

After you identify noncompliant software, you can use software distribution to upgrade the software or to distribute patches that bring that software into compliance.

How Product Compliance Works

To use product compliance, the SMS site database must contain:

  • Software inventory data.

  • Product compliance data.

  • Queries and reports that analyze compliance based on software inventory data and product compliance data.

Software inventory data Software inventory data is collected from clients when the software inventory feature is enabled. The collected data is then stored in the SMS site database. Software inventory gathers .exe header information from files, and this information can then be compared against the compliance data. For more information about software inventory, see Chapter 2, "Collecting Hardware and Software Inventory," in the Microsoft Systems Management Server 2003 Operations Guide.

Product compliance data Product compliance data is a collection of the software guidelines and standards that are set in your organization. SMS 2003 does not contain any predefined product compliance data. You generate this data according to product guidelines and standard requirements in your organization.

After gathering the product compliance data, you need to store it in the SMS site database as product compliance records. Each product compliance record contains details of a product that you would like to include in the product compliance analysis. Every product compliance record must include information about the product such as the product's name, the product's version, and the product's .exe file name. It must also include the following two important data items:

Compliance type

A type of product guideline or standard. You can create as many compliance types as required in your organization.

Compliance level

A possible compliance level that is associated with a compliance type. Typically, several compliance levels are associated with a single compliance type.

For example, your organization might set a requirement to use only the latest versions of Office. To detect compliance with this standard, you can define an "Office standard" compliance type. For that compliance type, you might define the following compliance levels: "compliant," "noncompliant," and "compliant with issues." By using these definitions, you can create the following product guidelines:

  • Office XP is "compliant" with the "Office standard" compliance type.

  • Office 2000 is "compliant" with the "Office standard" compliance type.

  • Office 97 is "noncompliant" with the "Office standard" compliance type.

Queries and reports Queries and reports analyze product compliance. Create and run queries and reports that evaluate software inventory data against the product compliance data in the SMS site database to detect compliance issues.

If you identify any software compliance issues in your organization, you can resolve them by using the software distribution feature. You can create collections with the clients that run noncompliant software and use software distribution to advertise software upgrades or patches to these clients to bring software into compliance.

Benefits of Product Compliance

You can use the product compliance feature to maintain product guidelines in your organization. You can identify noncompliant software used in your organization.

You can detect banned software by creating a product compliance record for the banned product. To maintain corporate standards, you can create a product compliance record for each product version that is known to be nonstandard in your organization.

For More Information

Did you find this information useful? Please send your suggestions and comments about the documentation to