Submit a ticketCall us

Cloud Workloads: Meet Your New Hybrid IT Reality
Have you found yourself in that evolving, hybrid IT grey area and wondering if cloud workloads are now part of your purview? And if so, will monitoring cloud workloads require a new set of dedicated cloud monitoring tools? Your answers: yes, they should be, and no, they don’t.

Find out how SolarWinds® Server & Application Monitor (SAM) can help you monitor your cloud workloads side by side with your on-premises workloads. Register Now.

Home > Success Center > Patch Manager > Patch Manager 2.1.5 Administrator Guide > Configuring Patch Manager > Using Group Policy to Configure Managed Clients

Using Group Policy to Configure Managed Clients

Created by Caroline Juszczak, last modified by Steve.Hawkins on May 19, 2017

Views: 1,561 Votes: 2 Revisions: 9

Use Group Policy to configure managed clients if you do not want to use the WMI connections required by the Client Publishing Setup Wizard. This process consists of the following procedures:

Exporting the WSUS Certificate

Use the following procedure to export the WSUS publishing certificate to a file from the Patch Manager console.

  1. Open the Patch Manager Console.
  2. In the Patch Manager menu, expand Enterprise > Update Services. 
  3. Select the WSUS server from which you want to export the certificate.
  4. Click Software Publishing Certificate in the Actions pane.
    If the certificate information does not display: 
    1. Click Close.
    2. Click Refresh Update Server in the Actions pane. 
    3. Click Software Publishing Certificate in the Actions pane. 
  5. Click [...]. 
  6. Click the Details tab. 

  7. Click Copy to File. 

  8. Click Next. 

  9. Leave DER encoded binary X.509 (.CER) selected, and click Next. 

  10. Specify a name and location in the File Name field, and click Next. 

  11. Click Finish. 

  12. Click OK. 

Configuring the Group Policy Object

Use the following procedure in Windows Server domains to configure the Group Policy Object (GPO) to push to managed clients. The GPO places the WSUS certificate into the appropriate certificate stores and configures the managed clients to accept third-party updates from non-Microsoft sources.

  1. Using an account with sufficient privileges, open Group Policy Management on a Windows Server domain controller.
  2. Create or edit a Group Policy Object to configure the clients.
  3. In the Group Policy Editor, expand Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies.
  4. Import the WSUS publishing certificate to the Trusted Root Certification Authorities and Trusted Publishers stores. 
    1. Under Public Key Policies, select Trusted Root Certification Authorities. 
    2. Click Action > Import. 
    3. Click Next. 
    4. Click Browse and select the certificate you saved in the previous procedure.
    5. Click Next. 
    6. Click Next again. 
    7. Click Finish. 
    8. Click OK. 
    9. Repeat these steps for the Trusted Publishers certificate store. 
  5. Expand Computer Configuration > Administrative Templates > Windows Components, and select Windows Update.
  6. Enable the Allow signed updates from an intranet Microsoft update service location policy. 
    1. In the center pane, select Allow signed updates from an intranet Microsoft update service location. 
    2. Click Action > Edit. 
    3. Select Enabled.
    4. Click OK.
Last modified