WSUS Third Party Patch Management

How to deploy third party patches with WSUS

WSUS third party patch management is the process of publishing non-Microsoft updates to the update server and carrying out their deployment to desired systems in the network. Thus third party patches will be made available right from the WSUS console using special publishing tools.

WSUS patch management is an exemplary tool that is used to distribute Microsoft updates in a corporate environment. System administrators can further extend the use of WSUS patching mechanisms to distribute patches for third party applications like Adobe Reader and Java by a process known as Local Publishing. This process involves utilizing auxiliary tools to publish update packages containing the binaries, and their respective certificates to the WSUS server. Admins can also use these tools to distribute custom updates and/or software which have been developed and tested locally, to client machines.

In either case, admins will have to first procure the patch binaries, prepare the update packages and manually publish them to WSUS server for deployment. Once patches have been published to WSUS server, they immediately become available in the WSUS console, from where admins can proceed with their deployment. This document explains the complete process from publishing updates to their distribution in simple steps with pictures. Patch Connect Plus will be used to deploy third party patches directly using WSUS, without requiring the use of Microsoft's SCCM.

Steps for WSUS third party patch management

Enabling WSUS Settings in PCP console to deploy patches via WSUS

  1. Navigate to the Admin tab in your Patch Connect Plus web console and select WSUS Settings listed under Publish Settings.
  2. Here, select the option "Enable patch deployment through WSUS" mentioned below SSL Settings and click 'Save'.

WSUS third party patch management - ManageEngine Patch Connect Plus

Note: Selecting this option will configure all third-party patch deployment to happen through WSUS. If you wish to carry on patch deployment through SCCM, keep the option unselected.

Selecting the third-party patches from PCP console

 Patch Connect Plus supports WSUS third party updates with its large repository of third party patches, ready to be published to WSUS.

  1. Once the WSUS Settings is configured, it's time to carry on the usual steps to deploy the third-party patches.
  2. Navigate to the 'Third Party Updates' tab and then make sure you are on the SCCM page. This page then lists the available updates that are ready to be published to SCCM. Select the update of your choice and then click the 'Publish Now' button to initiate the publishing process.
  3. Now, the patches for the selected third-party product will be automatically published to WSUS.

WSUS patch management - ManageEngine Patch Connect Plus

Deploying the published third-party patches with WSUS

  1. Once the third-party patches are published to WSUS, it starts to appear in the 'All updates' tab available in 'Update Services' console.
  2. WSUS third party updates - ManageEngine Patch Connect Plus

  3. Now, right-click on the required third-party patch from the Update Services console and select Approve.
  4. Deploy patches using WSUS - ManageEngine Patch Connect Plus

  5. Here, you can select 'Approve for Install' to the required group of computers and select OK.
  6. WSUS third party software - ManageEngine Patch Connect Plus

  7. Once this is done, the selected third-party patches will be approved successfully.
  8. WSUS patching - ManageEngine Patch Connect Plus

  9. Now, head to the client's computer and navigate to Windows Update available in the Control Panel and check for updates.
  10. WSUS third party patching - ManageEngine Patch Connect Plus

    Note: You can also use GPO, if you wish to automate the process without needing to check for updates in the client's computer manually.

  11. You can now see that the published patches are available to install on the client's computer.
  12. WSUS patch management - ManageEngine Patch Connect Plus

  13. Finally, select the available update and click Install.
  14. Third party updates with WSUS - ManageEngine Patch Connect Plus

    Update third party patches using WSUS - ManageEngine Patch Connect Plus

  15. Now, the selected third-party update will have been deployed.
  16. Third party patch management WSUS - ManageEngine Patch Connect Plus