Get started with Patch Manager

Check out this video (8:40) for an introduction to Patch Manager.

Use this guide to get started with Patch Manager installed on a system running a supported version of Microsoft Windows Server® and Windows Server Update Services (WSUS). If you installed Patch Manager on a system running Microsoft System Center Configuration Manager (SCCM), see Set up Patch Manager with SCCM in the Patch Manager Administrator Guide to get started.

If you have not installed Patch Manager yet, start with the Patch Manager Installation and Upgrade Guide.

Who this guide is for

New Patch Manager users Existing Patch Manager users

This guide is meant for you and is the best place to start with Patch Manager.

Need to evaluate Patch Manager? Download a free 30-day evaluation. The evaluation version is a full version of the product, functional for 30 days.

Need to open a support case? Read this Customer Support article to get your case the right level of visibility.

You will find more advanced information in the Patch Manager Administrator Guide.

If you are searching for tips on how to upgrade to a newer version of Patch Manager, see the Patch Manager Upgrade Guide.

Did you know that if you are on active maintenance, you can get FREE training? Go to Training for Patch Manager for details.

Before you get started

Make sure you have the following knowledge and resources to complete the procedures in this guide: 

  • Knowledge of Microsoft enterprise products and technologies, including:
    • Microsoft Active Directory
    • Group Policy
    • Package Management
    • Microsoft SQL Server
    • Windows Server operating system
    • Windows Management Instrumentation (WMI)
    • WSUS
  • A Domain Administrator account
  • A Local Administrator account on the Patch Manager server
  • An account with System Administrator (SA) rights on a remote SQL Server database server (for remote SQL Server database installations running SQL Server Standard or Enterprise Edition)

How to get started

Complete the following checklist. When you are finished, Patch Manager is ready to publish patches to your managed systems and generate reports for your compliance audits.

See Best Practices for using Patch Manager for tips on configuring your deployment.

About the Patch Manager Administrator Console. Get acquainted with the console before you configure the environment.

Configure the environment.

  1. Verify that WSUS is installed on your Windows Server operating system, and then add WSUS to SolarWinds Patch Manager.

    If WSUS is installed on a separate server running a different Windows Server operating system version, provision an Automation Server role and create Automation Server routing rules to prevent API Mismatch errors with the Patch Manager server.

  2. Populate the default credential ring to map the user credentials to the managed systems.
  3. Generate a software publishing certificate to enable the WSUS server to publish third-party updates and custom packages to your managed systems.
  4. (Optional) If your organization uses a group policy to manage computer systems, configure the group policy to enable third-party updates. When you are finished, refresh the group policy on the managed systems so they have the updated group policy.
  5. (Optional) If you want to monitor your Patch Manager environment in the Orion Web Console, run the Patch Manager Orion Web Console installer the Orion Platform server. See the Patch Manager Installation Guide for details.
  6. (Optional) Install agents on systems that are protected by a firewall or cannot be managed in a corporate network using Windows Management Instrumentation (WMI).

    See the Patch Manager Administrator Guide for details.

Select and download the software updates.

  1. Run the Patch Manager Update Configuration wizard to synchronize the application with the SolarWinds Third Party Updates Pack website. Select the third-party updates from the vendor catalogs and complete the wizard. The wizard creates a task that downloads the updates to the Patch Manager server.
  2. Run the Synchronize Server task on the WSUS Server to synchronize the server with the Microsoft Updates website. The task schedules a job that contacts the website, retrieves the latest Microsoft operating system updates, and stores the updates on the WSUS server.

Generate an inventory.

  1. Generate a WSUS server inventory to determine the update status of each managed system and populate the WSUS reports.
  2. Generate an inventory of the systems you want to manage. The inventory populates the Orion Web Console and the Patch Manager reports.

Approve and publish the updates.

  1. Download the third-party update packages to the WSUS server.
  2. Approve the updates you want to publish.
  3. Push the updates to the managed systems.

  4. Schedule the published updates to occur for at least two weeks so employees who are traveling or on vacation receive the updates when they log in to the corporate network.
  5. Check the task history to verify that the update task completed on all targeted systems.

Schedule the Microsoft and third-party software updates.

Create a task that automatically downloads and installs all needed and approved security and critical updates over a specific time frame—for example, once a day or once a week.

Generate reports.

Generate Patch Manager and WSUS inventory reports for your patch compliance audits. All reports can be exported into several common formats, including Microsoft® Excel® (.xls), Adobe® PDF (.pdf), and comma-separated values (.csv).

If you integrated Patch Manager with the Orion server, you can generate a Patch Manager report in the Orion Web Console.

Inventory your WSUS server and managed systems before you generate a report.

Move beyond getting started.

Access additional resources to help you customize your deployment.