WSUS Third Party Patch Management

How to deploy third party patches with WSUS

WSUS third party patch management is the process of publishing non-Microsoft updates to the update server and carrying out their deployment to desired systems in the network. Thus third party patches will be made available right from the WSUS console using special publishing tools.

WSUS patch management is an exemplary tool that is used to distribute Microsoft updates in a corporate environment. System administrators can further extend the use of WSUS patching mechanisms to distribute patches for third party applications like Adobe Reader and Java by a process known as Local Publishing. This process involves utilizing auxiliary tools to publish update packages containing the binaries, and their respective certificates to the WSUS server. Admins can also use these tools to distribute custom updates and/or software which have been developed and tested locally, to client machines.

In either case, admins will have to first procure the patch binaries, prepare the update packages and manually publish them to WSUS server for deployment. Once patches have been published to WSUS server, they immediately become available in the WSUS console, from where admins can proceed with their deployment. This document explains the complete process from publishing updates to their distribution in simple steps with pictures. Patch Connect Plus will be used to deploy third party patches directly using WSUS, without requiring the use of Microsoft's SCCM.

Steps for WSUS third party patch management

Enabling WSUS Settings in PCP console to deploy patches via WSUS

1. Navigate to the Admin tab in your Patch Connect Plus web console and select WSUS Settings listed under Publish Settings.
2. Here, select the option "Enable patch deployment through WSUS" mentioned below SSL Settings and click 'Save'.

Note: Selecting this option will configure all third-party patch deployment to happen through WSUS. If you wish to carry on patch deployment through SCCM, keep the option unselected.

Selecting the third-party patches from PCP console

 Patch Connect Plus supports WSUS third party updates with its large repository of third party patches, ready to be published to WSUS.

1. Once the WSUS Settings is configured, it's time to carry on the usual steps to deploy the third-party patches.
2. Navigate to the 'Third Party Updates' tab and then make sure you are on the SCCM page. This page then lists the available updates that are ready to be published to SCCM. Select the update of your choice and then click the 'Publish Now' button to initiate the publishing process.
3. Now, the patches for the selected third-party product will be automatically published to WSUS.

Deploying the published third-party patches with WSUS

1. Once the third-party patches are published to WSUS, it starts to appear in the 'All updates' tab available in 'Update Services' console.



2. Now, right-click on the required third-party patch from the Update Services console and select Approve.



3. Here, you can select 'Approve for Install' to the required group of computers and select OK.



4. Once this is done, the selected third-party patches will be approved successfully.



5. Now, head to the client's computer and navigate to Windows Update available in the Control Panel and check for updates.



Note: You can also use GPO, if you wish to automate the process without needing to check for updates in the client's computer manually.

6. You can now see that the published patches are available to install on the client's computer.



7. Finally, select the available update and click Install.





8. Now, the selected third-party update will have been deployed.