Install the updates on the managed systems

After you approve the updates, create a task to push the updates from the WSUS server to your managed systems.

You can create a task that automatically reboots the computer after the updates are installed. You can also schedule the task to push the update each day for several days or weeks to ensure that all client systems receive the update when they connect to the corporate network.

See this KB article if you receive a certificate error when installing third-party updates.

Test your WSUS server and computer connections by downloading and applying a minor update (such as NotePad++) to one or more managed systems. This process ensures that the WSUS server can download and push the software correctly.

Beginning in 2.1.6, you can install the updates with Windows PowerShell scripts. See the Patch Manager Administrator Guide for details.

  1. Verify that the update is approved.
    1. In the navigation pane, expand Enterprise > Update Services > WSUS_Server > Updates and expand Updates.

      In the following example, SPM-MGOM is the WSUS server.

    2. Select the category that contains the targeted update.

      In this example, click Third Party Updates to install the Mozilla® Firefox® security update.

    3. Locate the update package in the Third Party Updates window and verify that Approved displays in the Approval column.

      Click to filter your search.

  2. Right-click the update and select Update Management.
  3. Select the published update in the Update Management window.
  4. Click the Action drop-down menu in the window and select Download and Install.

  5. Select the Pre-Update and Post-Update Management reboot options that apply to the update, and click OK.

    For example, installing Mozilla Firefox on a client system does not require a system reboot. In this example, you can select Don't Reboot for both options. If the update required a reboot, you can add a message that displays on the client screen when their system is rebooted.

  6. Click Browse computers in the Task Options Wizard window and select the group that receives the updates.

    In this example, you are publishing the update to one or more systems in the Windows Network > Workgroup domain.

  7. Apply the update to one or more systems in the selected group—for example, WORKGROUP. Press <Ctrl>, select the targeted systems, and click Add selected or click Select all and add to update all systems in the selected group.

  8. Click Add Selected, and then click OK.
  9. Click Next to Schedule the third-party updates or Finish to complete the wizard. If you click Finish, Patch Manager creates a task to install the update.
  10. Click Finish.
  11. Review the task status to verify that the updates were applied to your selected systems.