Imagine a scenario where we (re)build a new pc from an image that is say 18 months old.

We use ADR rules to build new update groups so we can look at compliance for each critical update event.

We have also created historical update groups containing updates from say 2013, 2014, published to all pcs.

So a client should load all needed updates from 2013, 2014 and the ADR groups and so be compliant for critical updates. 

What is the best way to check this?  The report 'Compliance 1 - Overall compliance' is targeted at an update group so not much use.  We want as simple a method as the windows update method.  Are we meant to use WSUS reporting e.g. 'computer tabular status'??

Thanks

David

You could check these two custom reports:

http://blogs.technet.com/b/gary_simmons_mcs/archive/2014/09/16/system-center-2012-r2-configuration-manager-software-update-compliance-dashboard-part-1.aspx

http://blogs.technet.com/b/gary_simmons_mcs/archive/2013/12/09/creating-a-custom-report-for-system-center-2012-r2-configuration-manager-part-1.aspx

To add-on to that you can also use a software update group that contains all the updates that you want to be deployed (basically a combination of the three you've got). You don't need to deploy that software update group and only use it for compliance checks. By not deploying it there is no 1000 updates limit.

If you want to check the computer against everything, and not only what you've deployed, you could also use the report Compliance 5 - Specific computer.