Submit a ticketCall us

Training Class Getting Started with SolarWinds Backup - February 28

This course offers customers an introduction to SolarWinds Backup, focusing on configuring the backup technology, taking backups, data restoration and data security. It is a great primer and will get you up to speed quickly on SolarWinds Backup.
Register for class.

Home > Success Center > Patch Manager > Patch Manager 2.1.5 Administrator Guide > Configuring Patch Manager > Configure clients using Group Policy

Configure clients using Group Policy

Created by Caroline Juszczak, last modified by Steve.Hawkins on Jan 15, 2018

Views: 2,705 Votes: 2 Revisions: 11

To avoid using WMI connections required by the Client Publishing Setup Wizard, configure the clients using your Group Policy.

  1. Export the WSUS certificate.
  2. Configure the Group Policy Object.

Export the WSUS Certificate

Perform the following procedure to export the WSUS publishing certificate to a file from the Patch Manager Console.

  1. Open the Patch Manager Admin Console.
  2. In the navigation menu, expand Enterprise > Update Services.


  3. Select the WSUS server to export the certificate.

    In the example above, SPM-MGOM is the WSUS server.

  4. In the Actions pane, click Software Publishing Certificate to display the certificate information, as shown below.


    If the Publishing Certificate Information window does not display the WSUS server certificate information:

    1. Click Close.
    2. Click Refresh Update Server in the Actions pane. 
    3. Click Software Publishing Certificate in the Actions pane. 
  5. Click [...]. 
  6. Click the Details tab in the certificate window.

  7. Click Copy to File, and click Next. 

  8. In the Certificate Export Wizard, click Next. 

  9. Select DER encoded binary X.509 (.CER), and and click Next.


  10. Enter a file name, and click Next.


  11. Click Finish, and then click OK.  

Configuring the Group Policy Object

Use the following procedure in to configure the Group Policy Object (GPO) and push to your managed clients in your Microsoft® Windows® domain. The GPO stores the WSUS certificate in the certificate stores and configures the managed clients to accept third-party updates from non-Microsoft sources.

  1. Using an account with administrator privileges, open Administrative Tools and click Edit group policy.
  2. Create or edit a Group Policy Object to configure the clients.
  3. In the Group Policy Editor, expand Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies.
  4. Import the WSUS publishing certificate to the Trusted Root Certification Authorities and Trusted Publishers stores. 
    1. Under Public Key Policies, select Trusted Root Certification Authorities. 
    2. Click Action > Import. 
    3. Click Next. 
    4. Click Browse and select the certificate you saved in the previous procedure.
    5. Click Next. 
    6. Click Next again. 
    7. Click Finish. 
    8. Click OK. 
    9. Repeat these steps for the Trusted Publishers certificate store. 
  5. Expand Computer Configuration > Administrative Templates > Windows Components, and select Windows Update.
  6. Enable the Allow signed updates from an intranet Microsoft update service location policy. 
    1. In the center pane, select Allow signed updates from an intranet Microsoft update service location. 
    2. Click Action > Edit. 
    3. Select Enabled.
    4. Click OK.
Last modified