Submit a ticketCall us

whitepaperYour VM Perplexities Called, and They Need You to Read This.

Virtualization can give you enormous flexibility with future workloads and can be a key enabler for other areas, like cloud computing and disaster recovery. So, how can you get a handle on the performance challenges in your virtual environment and manage deployments without erasing the potential upside? Learn the four key areas you need to be focusing on to help deliver a healthy and well-performing data center.

Get your free white paper.

Home > Success Center > Patch Manager > Patch Manager - Knowledgebase Articles > Patch Manager Basics

Patch Manager Basics

Table of contents

Updated May 25th, 2016


Before you learn about patch manager, you should learn a little about WSUS.


Patch Manager with WSUS


WSUS is Microsoft's free patch management solution. It allows you to use Microsoft Update. There are over 500,000 WSUS servers across the world syncing directly to Microsoft, and there are billions of computers that use Microsoft Update. However, there are 'gaps' in the solution in terms of command and control.

WSUS deals with:

  1. Computers that get registered in the system
  2. Updates (security, critical, service packs, etc.)
  3. Approvals (A mechanism in WSUS which allows the selection of which server boxes receive which updates)
  4. Computer Groups (Which relate to approvals)

Computer groups are used as a way of logically grouping computers in an environment.

There are two ways of segregating computers into groups:

  1. Server-side Targeting (Creating a group and adding computers to it directly)
  2. Client-side Targeting (Using group policy settings to add a particular client to a group)

WSUS gets its content from Microsoft's Update Site, pulling metadata information about updates (description, classification, etc.), rules for detecting when an update is installed, when it is applicable, what the pre-requisites are, etc. People use computer groups to deal with approvals. For example, when you have an update in WSUS and a client is part of that WSUS hierarchy, it reports to a WSUS server (either a downstream server or an upstream server). Then, the content is pulled down and an update agent performs a scan in the local box, which gives them a list of updates that are installed, updates that are missing, and updates that are downloaded, but not installed. The scans require no special actions.


Approvals are about the deployment of mechanism (getting the updates to install). The installation of approved updates is driven by group policy. The agent looks at the policy settings to figure out when the update should install. However, the group policy does not provide server control, and in some cases, it also fails to provide desktop control. Patch Manager provides a solution to this by giving you more command and control over when updates should be installed. In some approval cases, a computer may be part of more than one group. In these situations, the group with the deepest approval is the group whose approval is put into effect for that computer.


Patch Manager also provides 3rd Party Update content, which includes automatic notifications about the updates from 3rd parties. It also provides the content for them. This content is not available on the Solarwinds site. When the update is not a direct download, the package assistant provides instructions on how to import the content. The use can then get the updates into their WSUS server. Patch Manager also provides package creation capabilities, which allows users to create packages to give updates or full software packages.


Last modified