Documentation forPatch Manager

Configure the client systems to download WSUS server updates

Configure the client systems to download updates from the Windows Server Update Services (WSUS) server.

Using administrator privileges, you can implement this process in the Global Group Policy located on the domain controller. This policy applies to any and all devices you want to patch with WSUS.

  1. In Group Policy Management, create or edit a group policy object for this configuration.
  2. Open the Group Policy Editor.
  3. In the left pane, expand Computer Configuration > Administrative Templates > Windows Components, and then select Windows Update.
  4. In the right pane, select Configure Automatic Updates and then enable the policy.
    1. Click the Action menu and select Edit.
    2. Select Enabled.
    3. In the Options section under Configure automatic updating, select the appropriate download and notification option.
    4. If you selected Auto download and schedule the install, select the appropriate options under Scheduled install day and next to Scheduled install time.
    5. Click OK.
  5. In the Group Policy Editor window, select Specify intranet Microsoft update service location.
    1. Enable the policy.
    2. Click the Action menu, and then select Edit.
    3. Select Enabled.
    4. In the Options section under Set the intranet update service for detecting updates, enter the URL for the WSUS server.
    5. By default, WSUS version 6 (installed with Windows Server 2012) uses port 8530. See the Patch Manager System Requirements for specific WSUS server port information.

      If the WSUS server uses a port other than port 80, enter:

      http://wsusServer[:port]

      where wsusServer is the name of the WSUS server and port is the port number.

    6. Under Set the intranet statistics server, enter the same URL.
    7. Click OK.
  6. If you use Patch Manager to publish third-party updates, select Allow signed updates from an intranet Microsoft update service location, and then enable the policy.
    1. Click the Action menu, and then select Edit.
    2. Select Enabled.
    3. Click OK.

    If you enabled this setting to facilitate distributing third-party updates, deploy the WSUS self-signed certificate to the clients. For additional information, see Configuring Managed Clients.