Submit a ticketCall us

WebinarUpcoming Webinar: Should I Move My Database to the Cloud?

So you’ve been running an on-premises SQL Server® for a while now. Maybe you’ve moved it from bare metal to a VM, and have seen some positive benefits. But, do you want to see more? If you said “YES!”, then this session is for you, as James Serra will review the many benefits that can be gained by moving your on-prem SQL Server to an Azure® VM (IaaS). He’ll also talk about the many hybrid approaches, so you can gradually move to the cloud. If you are interested in cost savings, additional features, ease of use, quick scaling, improved reliability, and ending the days of upgrading hardware, this is the session for you.

Register now.

Home > Success Center > Patch Manager > Patch Manager - Knowledgebase Articles > Patch Manager Basics

Patch Manager Basics

Table of contents

Updated May 25th, 2016


Before you learn about patch manager, you should learn a little about WSUS.


Patch Manager with WSUS


WSUS is Microsoft's free patch management solution. It allows you to use Microsoft Update. There are over 500,000 WSUS servers across the world syncing directly to Microsoft, and there are billions of computers that use Microsoft Update. However, there are 'gaps' in the solution in terms of command and control.

WSUS deals with:

  1. Computers that get registered in the system
  2. Updates (security, critical, service packs, etc.)
  3. Approvals (A mechanism in WSUS which allows the selection of which server boxes receive which updates)
  4. Computer Groups (Which relate to approvals)

Computer groups are used as a way of logically grouping computers in an environment.

There are two ways of segregating computers into groups:

  1. Server-side Targeting (Creating a group and adding computers to it directly)
  2. Client-side Targeting (Using group policy settings to add a particular client to a group)

WSUS gets its content from Microsoft's Update Site, pulling metadata information about updates (description, classification, etc.), rules for detecting when an update is installed, when it is applicable, what the pre-requisites are, etc. People use computer groups to deal with approvals. For example, when you have an update in WSUS and a client is part of that WSUS hierarchy, it reports to a WSUS server (either a downstream server or an upstream server). Then, the content is pulled down and an update agent performs a scan in the local box, which gives them a list of updates that are installed, updates that are missing, and updates that are downloaded, but not installed. The scans require no special actions.


Approvals are about the deployment of mechanism (getting the updates to install). The installation of approved updates is driven by group policy. The agent looks at the policy settings to figure out when the update should install. However, the group policy does not provide server control, and in some cases, it also fails to provide desktop control. Patch Manager provides a solution to this by giving you more command and control over when updates should be installed. In some approval cases, a computer may be part of more than one group. In these situations, the group with the deepest approval is the group whose approval is put into effect for that computer.


Patch Manager also provides 3rd Party Update content, which includes automatic notifications about the updates from 3rd parties. It also provides the content for them. This content is not available on the Solarwinds site. When the update is not a direct download, the package assistant provides instructions on how to import the content. The use can then get the updates into their WSUS server. Patch Manager also provides package creation capabilities, which allows users to create packages to give updates or full software packages.


Last modified