Submit a ticketCall us
Home > Success Center > Patch Manager > Patch Manager Documentation > Patch Manager Getting Started Guide > How do I get started with Patch Manager?

How do I get started with Patch Manager?

Table of contents
No headers
Patch Manager Getting Started Home

Last Updated: June 8, 2018

Make sure you have the following knowledge and resources to complete the procedures in this guide:

  • Knowledge of Microsoft enterprise products and technologies, including:
    • Active Directory®
    • Group Policy
    • Package Management
    • SQL Server
    • Windows Server operating system
    • WMI
    • WSUS
  • A Domain Administrator account
  • A Local Administrator account on the Patch Manager server
  • An account with System Administrator (SA) rights on a remote SQL Server database server (for remote SQL Server database installations running SQL Server Standard or Enterprise Edition)

Complete the following checklist. When you are finished, Patch Manager is ready to publish patches to your managed systems and generate reports for your compliance audits.

See Best Practices for using Patch Manager and Troubleshoot Patch Manager for additional information about setting up your deployment.

File:Success_Center/Reusable_content_-_InfoDev/SPM/Patch_Manager_Getting_Started_Guide/0010-How_do_I_get_started_with_Patch_Manager/checkbox_11x11.gif About the Patch Manager Administrator Console. Get acquainted with the console before you configure your Patch Manager environment.


Configure the environment.

  1. Verify that WSUS is installed on your Windows Server operating system, and then add WSUS to Patch Manager.

    If WSUS is installed on a separate server running a different Windows Server operating system version, provision an Automation Server role and create Automation Server routing rules to prevent API Mismatch errors with the Patch Manager server.

  2. Populate the default credential ring to map the user credentials to the managed systems.
  3. Generate a software publishing certificate to enable the WSUS server to publish third-party updates and custom packages to your managed systems.
  4. (Optional) If your organization uses a group policy to manage computer systems, configure the group policy to enable third-party updates. When you are finished, refresh the group policy on the managed systems so they have the updated group policy.
  5. (Optional) If you are administering Patch Manager on the Orion Platform, ensure that Patch Manager Orion web interface is installed on the Orion Platform server. See the Patch Manager Installation Guide for details.
  6. (Optional) Install agents for systems that are protected by a firewall or cannot be managed in a corporate network using Windows Management Instrumentation (WMI). See the Patch Manager Administrator Guide for details about deploying an agent on a managed system.


Select and download the software updates.

  1. Run the Patch Manager Update Configuration wizard to synchronize the application with the SolarWinds Third Party Updates Pack website. Select the third-party updates from the vendor catalogs and complete the wizard.
  2. Run the Synchronize Server task on the WSUS Server to synchronize the server with the Microsoft Updates website. This task retrieves the latest Microsoft operating system updates, and stores the updates on the WSUS server.


Generate an inventory.

  1. Generate a WSUS server inventory to determine the update status of each managed system and populate the WSUS reports.
  2. Generate an inventory of the systems you want to manage. The inventory populates the SolarWinds Orion Web Console and the Patch Manager reports.


Approve and push the updates.

  1. Download the third-party update packages to the WSUS server.
  2. Approve the updates you want to publish.
  3. Push the updates to the managed systems.
    You can also push the updates with Windows PowerShell scripts to the managed systems.
  4. Schedule the published updates to occur for at least two weeks so employees who are traveling or on vacation receive the updates when they log in to the corporate network.
  5. Check the task history to verify that the update task completed on all targeted systems.


Schedule the Microsoft and third-party software updates.

Create a task that automatically downloads and installs all needed and approved security and critical updates over a specific time frame—for example, once a day or once a week.


Generate reports.

Generate Patch Manager and WSUS inventory reports for your patch compliance audits.

Inventory your WSUS server and managed systems before you generate a report.


Move beyond getting started.

Access additional resources to help you customize your deployment. 

Last modified