Submit a ticketCall us

Announcing NPM 12.2
With NPM 12.2 you can monitor your Cisco ASA firewalls, to monitor VPN tunnels for basic visibility and troubleshooting tunnels. NPM 12.2 also uses the SolarWinds Orion Installer so you can easily install and upgrade one or more Orion Platform products simultaneously.
See new features and improvements.

Home > Success Center > Patch Manager > Patch Manager 2.1.5 Administrator Guide > Configuring Patch Manager > Using Group Policy to Configure Managed Clients

Using Group Policy to Configure Managed Clients

Created by Caroline Juszczak, last modified by Steve.Hawkins on May 19, 2017

Views: 1,169 Votes: 2 Revisions: 9

Use Group Policy to configure managed clients if you do not want to use the WMI connections required by the Client Publishing Setup Wizard. This process consists of the following procedures:

Exporting the WSUS Certificate

Use the following procedure to export the WSUS publishing certificate to a file from the Patch Manager console.

  1. Open the Patch Manager Console.
  2. In the Patch Manager menu, expand Enterprise > Update Services. 
  3. Select the WSUS server from which you want to export the certificate.
  4. Click Software Publishing Certificate in the Actions pane.
    If the certificate information does not display: 
    1. Click Close.
    2. Click Refresh Update Server in the Actions pane. 
    3. Click Software Publishing Certificate in the Actions pane. 
  5. Click [...]. 
  6. Click the Details tab. 

  7. Click Copy to File. 

  8. Click Next. 

  9. Leave DER encoded binary X.509 (.CER) selected, and click Next. 

  10. Specify a name and location in the File Name field, and click Next. 

  11. Click Finish. 

  12. Click OK. 

Configuring the Group Policy Object

Use the following procedure in Windows Server domains to configure the Group Policy Object (GPO) to push to managed clients. The GPO places the WSUS certificate into the appropriate certificate stores and configures the managed clients to accept third-party updates from non-Microsoft sources.

  1. Using an account with sufficient privileges, open Group Policy Management on a Windows Server domain controller.
  2. Create or edit a Group Policy Object to configure the clients.
  3. In the Group Policy Editor, expand Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies.
  4. Import the WSUS publishing certificate to the Trusted Root Certification Authorities and Trusted Publishers stores. 
    1. Under Public Key Policies, select Trusted Root Certification Authorities. 
    2. Click Action > Import. 
    3. Click Next. 
    4. Click Browse and select the certificate you saved in the previous procedure.
    5. Click Next. 
    6. Click Next again. 
    7. Click Finish. 
    8. Click OK. 
    9. Repeat these steps for the Trusted Publishers certificate store. 
  5. Expand Computer Configuration > Administrative Templates > Windows Components, and select Windows Update.
  6. Enable the Allow signed updates from an intranet Microsoft update service location policy. 
    1. In the center pane, select Allow signed updates from an intranet Microsoft update service location. 
    2. Click Action > Edit. 
    3. Select Enabled.
    4. Click OK.
Last modified
13:15, 19 May 2017