Configure clients using the Patch Manager Administrator Console

SolarWinds WMI Providers provide additional management and inventory tools that interface with Windows Server Update Services (WSUS) and your managed clients. If you provisioned your managed clients with the SolarWinds WMI Providers, run Client Certificate Management in the Patch Manager Administrator Console to enable your clients to receive third-party updates from Patch Manager.

When you are finished, Patch Manager prompts you to configure the Windows Update Group Policy on your managed clients to enable each client to allow third-party updates from Patch Manager. Based on your corporate IT policy, enable the requisite policy in Group Policy.

Run Client Certificate Management

Run the Client Certificate Management task to distribute and install the WSUS self-signed publishing certificate to your managed clients.

  1. In the navigation pane, select Administration and Reporting.

  2. In the Administrative Tasks pane, click Client Certificate Management.

  3. In the Client Certificate Management window, select the WSUS publishing certificate you want to distribute to the managed clients.
    1. Select the Distribute and install Update Services Signing Certificate check box.

    2. Choose whether to distribute the certificate directly from the WSUS server or a CER file.
      To distribute the certificate directly from the WSUS server, choose Select certificate from WSUS server, and then select the WSUS server from the drop-down menu.

      To distribute the certificate from a CER file, choose Select certificate from file and then click [...] to browse to the file location.

      If the managed clients require SSL for remote connections:

      1. Select Distribute and install Update Services Server SSL Certificate check box.

      2. Next to the File Name field, browse to the file location.

  4. Click Distribute.
  5. Complete the Task Options Wizard to specify the target systems and schedule or execute the task. See Task Options Wizard for additional information.

Configure the Windows Update Local Policy on systems not managed by a GPO

Use this procedure to configure the Windows Update local policy on your managed systems so they can access the WSUS server and download updates. This procedure applies to systems that are not managed by a group policy (GPO).

  1. Log in to Patch Manager as an administrator.
  2. In the navigation pane, locate and select a system that needs access to the WSUS server and third party updates.
  3. In the Actions pane, click Windows Update Local Policy Management.
  4. In the window, enable the following settings:
    • Specify intranet Microsoft update service location

      This option indicates the targeted WSUS server.

    • Allow signed content from intranet Microsoft update service location

      This option enabled third-party updates.

    • (Optional) Configure Automatic updates.

      This option enables the system to update automatically by policy.

  5. Click Save to save the template.
  6. Click OK.
  7. Schedule the task or run it now.