How to deploy third-party patches with WSUS?


ManageEngine Patch Connect Plus has recently introduced a feature that enables deployment of third-party patches directly through Windows Server Update Services (WSUS), without the need of an SCCM infrastructure. This document will cover the steps involved in the deployment of third-party patches through WSUS.

Important Note: Before continuing with the below mentioned steps, please ensure that the Patch Connect Plus console is installed on the same machine as the WSUS server.


Enabling WSUS Settings in PCP console to deploy patches via WSUS

  1. Navigate to the Admin tab in your Patch Connect Plus web console and select WSUS Settings listed under Publish Settings.
  2. Here, select the option "Enable patch deployment through WSUS" mentioned below SSL Settings and click 'Save'.

Note: Selecting this option will configure all third-party patch deployment to happen through WSUS. If you wish to carry on patch deployment through SCCM, keep the option unselected.

Selecting the third-party patches from PCP console

  1. Once the WSUS Settings is configured, it's time to carry on the usual steps to deploy the third-party patches.
  2. Navigate to Select Updates option listed under Publish Settings and select the required third-party product you want to patch and click 'Save'.
  3. Now, the patches for the selected third-party product will be automatically published to WSUS.

Deploying the published third-party patches with WSUS

  1. Once the third-party patches are published to WSUS, it starts to appear in the 'All updates' tab available in 'Update Services' console.
  2. Now, right-click on the required third-party patch from the Update Services console and select Approve.
  3. Here, you can select 'Approve for Install' to the required group of computers and select OK.
  4. Once this is done, the selected third-party patches will be approved successfully.
  5. Now, head to the client's computer and navigate to Windows Update available in the Control Panel and check for updates.
  6. Note: You can also use GPO, if you wish to automate the process without needing to check for updates in the client's computer manually.

  7. You can now see that the published patches are available to install on the client's computer.
  8. Finally, select the available update and click Install.
  9. Now, the selected third-party update will have been deployed.