Configure The Group Policy To Enable Third-party Updates

Home » Add Computer To Wsus With Group Policy » Configure The Group Policy To Enable Third-party Updates

Maybe your like

  • SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website, you consent to our use of cookies. For more information on cookies, see our Cookie Policy.
    • Continue
Toggle navigation SolarWinds logo
  • Academy
      • SOLARWINDS ACADEMY
      • CLASSES
      • ELEARNING
      • CERTIFICATION

      SOLARWINDS ACADEMY

      The SolarWinds Academy offers education resources to learn more about your product. The curriculum provides a comprehensive understanding of our portfolio of products through virtual classrooms, eLearning videos, and professional certification.
      • See What's Offered

      AVAILABLE RESOURCES

      • Virtual Classrooms Calendar
      • View Product Trainers
      • Quick Byte Videos
      • eLearning Video Index
      • SolarWinds Certified Professional Program

      VIRTUAL CLASSROOMS

      Attend virtual classes on your product and a wide array of topics with live instructor sessions or watch on-demand videos to help you get the most out of your purchase.
      • View all Classes

      Open Sessions and Popular Classes

      • View Product Trainers
      • General Office Hours
      • Quick Byte Videos
      • Orion Platform
      • Network Performance Monitor
      • View the Calendar
      • NetFlow Traffic Analyzer
      • IP Address Manager
      • Network Configuration Manager
      • Server & Application Monitor
      • Virtualization Manager

      ELEARNING VIDEOS

      On-demand videos on installation, optimization, and troubleshooting.
      • See All Videos

      Popular Videos

      • Upgrading Isn't as Daunting as You May Think
      • Upgrading Your Orion Platform Deployment Using Microsoft Azure
      • Upgrading From the Orion Platform 2016.1 to 2019.4
      • Don't Let the Gotchas Get You
      • How to Install NPM and Other Orion Platform Products
      • Upgrading the Orion Platform
      • See All Videos
      • Navigating the Web Console
      • Prepare a SAM Installation
      • Installing Server & Application Monitor
      • How to Install SEM on VMware
      • Customer Success with the SolarWinds Support Community
      • New job, New to SolarWinds?

      SOLARWINDS CERTIFIED PROFESSIONAL PROGRAM

      Become a SolarWinds Certified Professional to demonstrate you have the technical expertise to effectively set up, use, and maintain SolarWinds’ products.
      • Learn More

      STUDY AIDS

      • Access Rights Manager
      • Architecture and Design
      • Database Performance Analyzer
      • Diagnostics and Troubleshooting
      • NetFlow Traffic Analyzer
      • Network Configuration Manager
      • Network Performance Monitor
      • Server & Application Monitor
      • Security Event Manager
  • ONBOARDING & UPGRADING
      • NEW TO SOLARWINDS
      • UPGRADE RESOURCE CENTER
      • ONBOARDING

      NEW TO SOLARWINDS

      You just bought your first product. Now what? Find out more about how to get the most out of your purchase. From installation and configuration to training and support, we've got you covered.
      • Learn More

      UPGRADE RESOURCE CENTER

      See helpful resources, answers to frequently asked questions, available assistance options, and product-specific details to make your upgrade go quickly and smoothly.
      • Visit the Upgrade Resource Center

      ONBOARDING

      SolarWinds Onboarding programs are designed to help walk you through product installations, and more to deliver immediate value on your product experience. We offer self-led and assisted options, so you can choose the one that best fits your business needs and schedule.

      AVAILABLE DEPLOYMENT SERVICES PROGRAMS

      • Self-Led Onboarding
      • Deployment Services
  • Support Offerings
      • PREMIUM SUPPORT OFFERINGS
      • FEDERAL SUPPORT OFFERINGS
      • WORKING WITH SUPPORT

      PREMIUM SUPPORT OFFERINGS

      Our paid Customer Support plans provide assistance with Solarwinds product questions, troubleshooting, and product-related issues. Choose what best fits your environment and organization, and let us help you get the most out of your purchase. We support all of our products, 24/7/365.
      • Learn More

      AVAILABLE PROGRAMS

      • Professional Support
      • Advanced Support
      • Premium Support Level 1
      • Premium Support Level 2
      • Premium Support Level 3
        FEDERAL SUPPORT OFFERINGS
      Our Government support plans have been customized to provide specific assistance to install, upgrade, and troubleshoot your product. Choose what best fits your environment and organization, and let us help you get the most out of your purchase. We support all our products, 24/7/365.

      AVAILABLE PROGRAMS

      • Federal Premium Support
      • Federal Deployment Services

      WORKING WITH SUPPORT

      A glossary of support availability, tips, contact info, and customer success resources. We're here to help.
      • Learn More
  • PRODUCTS
      • MONITORING & OBSERVABILITY
      • NETWORK MANAGEMENT
      • SYSTEMS MANAGEMENT
      • DATABASE MANAGEMENT
      • IT SECURITY
      • IT SERVICE MANAGEMENT
      • APPLICATION MANAGEMENT
      • DOCUMENTATION

      MONITORING AND OBSERVABILITY

      SolarWinds Observability is a full-stack, AI-powered solution that offers two deployment options: Self-hosted and SaaS. With the continued expansion of network and infrastructure capabilities in the SaaS option and the continued expansion of cloud capabilities in the self-hosted option, both offerings can provide end-to-end hybrid visibility. They also include overlapping capabilities and interconnectivity, giving IT teams and the organizations they support the flexibility to observe complex environments however they want.
      • Product Support Page

      USEFUL RESOURCES

      • SolarWinds Observability (formerly known as Hybrid Cloud Observability) Technical Documentation
      • SolarWinds Observability (formerly known as Hybrid Cloud Observability) Product Details
      • SolarWinds Observability SaaS (formerly known as SolarWinds Observability) Technical Documentation
      • SolarWinds Observability SaaS (formerly known as SolarWinds Observability) Product Details

      NETWORK MANAGEMENT

      • Network Performance Monitor
      • NetFlow Traffic Analyzer
      • IP Address Manager
      • Network Configuration Manager
      • Engineer's Toolset
      • Network Topology Mapper
      • View All Network Management Products
      • User Device Tracker
      • VoIP Network Quality Manager
      • Log Analyzer
      • Enterprise Operations Console
      • Kiwi CatTools
      • Kiwi Syslog Server NG
      Your SolarWinds products come with a secret weapon. SolarWinds Academy

      Award-winning, instructor-led classes, eLearning videos, and certifications.

      Find a Class

      SYSTEMS MANAGEMENT

      • Server & Application Monitor
      • Virtualization Manager
      • Storage Resource Monitor
      • Serv-U Managed File Transfer
      • Serv-U Secured FTP
      • View All Systems Management Products
      • Server Configuration Monitor
      • Log Analyzer
      • Access Rights Manager
      • Web Performance Monitor
      Your SolarWinds products come with a secret weapon. SolarWinds Academy

      Award-winning, instructor-led classes, eLearning videos, and certifications.

      Find a Class

      DATABASE MANAGEMENT

      • Database Performance Analyzer
      • SQL Sentry
      • View All Database Management Products
      Your SolarWinds products come with a secret weapon. SolarWinds Academy

      Award-winning, instructor-led classes, eLearning videos, and certifications.

      Find a Class

      IT SECURITY

      • Security Event Manager
      • Access Rights Manager
      • Serv-U Managed File Transfer Server
      • Serv-U FTP Server
      • Patch Manager
      • View All IT Security Products
      Your SolarWinds products come with a secret weapon. SolarWinds Academy

      Award-winning, instructor-led classes, eLearning videos, and certifications.

      Find a Class

      IT SERVICE MANAGEMENT

      • Dameware Remote Everywhere
      • Dameware Remote Support
      • Dameware Mini Remote Control
      • Service Desk
      • Web Help Desk
      • View All IT Service Management Products
      Your SolarWinds products come with a secret weapon. SolarWinds Academy

      Award-winning, instructor-led classes, eLearning videos, and certifications.

      Find a Class

      APPLICATION MANAGEMENT

      • Server & Application Monitor
      • Loggly
      • Log Analyzer
      • View All Application Management Products
      • Papertrail
      • Pingdom
      • Web Performance Monitor
      Your SolarWinds products come with a secret weapon. SolarWinds Academy

      Award-winning, instructor-led classes, eLearning videos, and certifications.

      Find a Class
  • COMMUNITY
      • THWACK®
      • SOLARWINDS BLOG
      • TECHPOD

      THWACK®

      Over 200,000 users—get help, be heard, improve your product skills
      • Visit THWACK

      AVAILABLE PROGRAMS

      • SolarWinds User Groups
      • THWACK Livecast
      • THWACKcamp 2024 On-Demand
      • Academy Newsroom
      • SolarWinds Certified Professional (SCP) Forum
      • Classroom Training Forum

      SolarWinds Blog

      Join us on the road to talk AI, observability, and IT management. We've got real-world insights you just won't hear about anywhere else.
      • Visit Blog

      TECHPOD

      Join the brightest SolarWinds minds and IT industry influencers, as they cut through the jargon and give you the tools you need to grow and keep your tech knowledge razor-sharp. Come with questions—leave with actionable steps and practical insights.
      • Episodes
  • NEW TO SOLARWINDS
  • SUBMIT A TICKET
  • Academy
    • SOLARWINDS ACADEMY
      • See What's Offered
      • Virtual Classrooms Calendar
      • View Product Trainers
      • Quick Byte Videos
      • eLearning Video Index
      • SolarWinds Certified Professional Program
    • CLASSES
      • View all Classes
      • View Product Trainers
      • General Office Hours
      • Quick Byte Videos
      • Orion Platform
      • Network Performance Monitor
      • View the Calendar
      • NetFlow Traffic Analyzer
      • IP Address Manager
      • Network Configuration Manager
      • Server & Application Monitor
      • Virtualization Manager
    • ELEARNING
      • See All Videos
      • Upgrading Isn't as Daunting as You May Think
      • Upgrading Your Orion Platform Deployment Using Microsoft Azure
      • Upgrading From the Orion Platform 2016.1 to 2019.4
      • Don't Let the Gotchas Get You
      • How to Install NPM and Other Orion Platform Products
      • Upgrading the Orion Platform
      • See All Videos
      • Navigating the Web Console
      • Prepare a SAM Installation
      • Installing Server & Application Monitor
      • How to Install SEM on VMware
      • Customer Success with the SolarWinds Support Community
      • New job, New to SolarWinds?
    • CERTIFICATION
      • Learn More
      • Access Rights Manager
      • Architecture and Design
      • Database Performance Analyzer
      • Diagnostics and Troubleshooting
      • NetFlow Traffic Analyzer
      • Network Configuration Manager
      • Network Performance Monitor
      • Server & Application Monitor
      • Security Event Manager
  • ONBOARDING & UPGRADING
    • NEW TO SOLARWINDS
      • Learn More
    • UPGRADE RESOURCE CENTER
      • Visit the Upgrade Resource Center
    • ONBOARDING
      • Self-Led Onboarding
      • Deployment Services
  • Support Offerings
    • PREMIUM SUPPORT OFFERINGS
      • Learn More
      • Professional Support
      • Advanced Support
      • Premium Support Level 1
      • Premium Support Level 2
      • Premium Support Level 3
    • FEDERAL SUPPORT OFFERINGS
      • Federal Premium Support
      • Federal Deployment Services
    • WORKING WITH SUPPORT
      • Learn More
  • PRODUCTS
    • MONITORING & OBSERVABILITY
      • Product Support Page
      • SolarWinds Observability Self-Hosted (formerly known as Hybrid Cloud Observability) Technical Documentation
      • SolarWinds Observability Self-Hosted (formerly known as Hybrid Cloud Observability) Product Details
      • SolarWinds Observability SaaS (formerly known as SolarWinds Observability) Technical Documentation
      • SolarWinds Observability SaaS (formerly known as SolarWinds Observability) Product Details
    • NETWORK MANAGEMENT
      • Network Performance Monitor
      • NetFlow Traffic Analyzer
      • IP Address Manager
      • Network Configuration Manager
      • Engineer's Toolset
      • Network Topology Mapper
      • View All Network Management Products
      • User Device Tracker
      • VoIP Network Quality Manager
      • Log Analyzer
      • Enterprise Operations Console
      • Kiwi CatTools
      • Kiwi Syslog Server NG
    • SYSTEMS MANAGEMENT
      • Server & Application Monitor
      • Virtualization Manager
      • Storage Resource Monitor
      • Serv-U Managed File Transfer
      • Serv-U Secured FTP
      • View All Systems Management Products
      • Server Configuration Monitor
      • Log Analyzer
      • Access Rights Manager
      • Web Performance Monitor
    • DATABASE MANAGEMENT
      • Database Performance Analyzer
      • SQL Sentry
      • View All Database Management Products
    • IT SECURITY
      • Security Event Manager
      • Access Rights Manager
      • Serv-U Managed File Transfer Server
      • Serv-U FTP Server
      • Patch Manager
      • View All IT Security Products
    • IT SERVICE MANAGEMENT
      • Dameware Remote Everywhere
      • Dameware Remote Support
      • Dameware Mini Remote Control
      • Service Desk
      • Web Help Desk
      • View All IT Service Management Products
    • APPLICATION MANAGEMENT
      • Server & Application Monitor
      • Loggly
      • Log Analyzer
      • View All Application Management Products
      • Papertrail
      • Pingdom
      • Web Performance Monitor
    • DOCUMENTATION
  • COMMUNITY
    • THWACK®
      • Visit THWACK
      • SolarWinds User Groups
      • THWACK Livecast
      • THWACKcamp 2024 On-Demand
      • Academy Newsroom
      • SolarWinds Certified Professional (SCP) Forum
      • Classroom Training Forum
    • SolarWinds Blog
      • Visit Blog
    • TECHPOD
      • Episodes
  • NEW TO SOLARWINDS
  • SUBMIT A TICKET
Search SolarWinds Support Quick Links SolarWinds Platform Port Requirements SolarWinds/Orion Platform Documentation SolarWinds/Orion Platform Release Notes SolarWinds Observability Self-Hosted (formerly known as Hybrid Cloud Observability) Documentation SolarWinds Observability Self-Hosted (formerly known as Hybrid Cloud Observability) Release Notes News & Announcements Evolving towards Observability Secure by Design Meet our Product Trainers THWACKcamp Connect with Us Technical Documentation Customer Portal Submit a Ticket THWACK Community Orange Matter Blog TechPod Episodes Documentation forPatch Manager Configure the group policy to enable third-party updates

Perform this procedure only if your organization implements a group policy on all corporate systems.

The group policy defines the user, security, and networking policies for all computers in the network. To enable the managed computers to receive third-party updates from the WSUS server, export the software publishing certificate from the WSUS server to a certificate file. When you are finished, configure the Group Policy Object (GPO) on the domain controller and import the certificate file and the supporting Windows® Update policies.

Patch Manager signs all third-party packages with the software publishing certificate. This certificate must be installed in the local Trusted Root Certification Authority and Trusted Publishers keystores of each managed computer so they can receive third-party updates.

Export the software publishing certificate from the WSUS server

Export the software publishing certificate so you can add the file to the Group Policy (GPO). When you push the GPO to the managed systems, each system can accept third-party updates from non-Microsoft® sources.

  1. Select the WSUS server in the Patch Manager menu.

  2. In the Actions column, click Software Publishing Certificate.

  3. Click [...] in the Publishing Certificate Information window.

  4. On the Details tab, select the WSUS publishing certificate.

  5. Click Copy to File in the Certificate window.
  6. Click Next in the Certificate Export Wizard.
  7. Select DER encoded binary X.509 (.CER), and click Next.
  8. Enter a file name (for example, WSUS Publishing Certificate).

  9. Complete the Certificate Export Wizard.

    The software publishing certificate is exported to a file.

Configure the GPO for the targeted domain

This procedure configures Windows Update policies to the certificate stores on the managed computers so they accept third-party updates from non-Microsoft sources.

  1. Log in to the domain controller as an administrator.
  2. Copy the software publishing certificate to the domain controller desktop or another location on the server.
  3. Navigate to the control panel and open Group Policy Management.

  4. In the Group Policy Management menu, navigate to the domain that contains the GPO for the targeted domain (for example, Default Domain Policy).

    If you need to create a GPO, right-click the domain (for example, gir.lab), select Create a GPO in this domain, and link it here. Enter a name for the GPO, and click OK. The domain tree displays the GPO.

  5. Double-click the GPO (for example, Default Domain Policy).

  6. Review the Group Policy Management Console window text, and click OK.

    The Scope tab is displayed.

  7. In the Windows Update window, enable:

    Allow signed updates from an intranet Microsoft update service location

    This setting enables Windows Update on managed computers to accept non-Microsoft updates (or third-party updates) from a Microsoft Update location (or WSUS server) in the corporate network.

    1. Right-click the GPO and select Edit.
    2. In the Group Policy Management Editor, expand Computer Configuration > Policies > Administrative Templates > Windows Components.
    3. Scroll down and select Windows Update.
    4. Double-click Allow signed updates from an intranet Microsoft update service location in the Windows Update window.
    5. Select Enabled in the Configure Automatic Updates window.

    6. Click OK.

      This policy setting is displayed as Enabled in the Windows Update window.

  8. Add the WSUS software publishing certificate to the group policy.

    This process adds the publishing certificate to the Trusted Root Certification Authority and Trusted Publishers certificate stores in the managed computers, enabling each computer to establish a secure network connection to the WSUS server and receive third-party updates.

    1. In the Group Policy Management Editor, click Policies > Windows Settings > Security Settings > Public Key Policies > Trusted Root Certification Authorities.
    2. Right-click Trusted Root Certification Authorities and select Import.

    3. Complete the Certificate Import Wizard.

      When you are finished, the WSUS certificate is imported into the Trusted Root Certification Authority directory. This directory includes SolarWinds certificates, Microsoft certificates, and all certificates in the Third-Party Root Certification Authorities keystore.

    4. Navigate to the Public Key Policies directory.
    5. Expand the directory, right-click Trusted Publishers, and select Import.

    6. Complete the Certificate Import wizard.

      When you are finished, the certificate is imported into the Trusted Publishers directory. This directory includes certificates from trusted Certificate Authorities.

      The WSUS software publishing certificate is added to the group policy.

  9. Enable and configure the Configure Automatic Updates policy setting so the managed computers can automatically check the WSUS server for Windows and third-party updates each day or once a week at a scheduled time.
    1. Double-click Configure Automatic Updates in the Windows Update window.
    2. Select Enabled in the Configure Automatic Updates window.

    3. Click the Configure automatic updating drop-down menu and select an update method for the managed computers.

      The following table provides descriptions for each setting. Accept Auto download and notify for install (default setting) or select the setting that meets the deployment requirements.

      SettingDescription
      Notify before downloading and installing updatesPatch Manager notifies you when updates are ready to download.
      Auto download and notify for installPatch Manager automatically downloads the updates and notifies the system administrator when they are ready to be installed.
      Automatically download updates and install them on the schedule specified below. Patch Manager automatically downloads the updates and installs them every day or on a specific day (such as Sunday) at a specific time.
      Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. Patch Manager allows only the system administrator to use the Windows Update control panel to select a configuration option (for example, Not Configured, Enabled, or Disabled). Local administrators cannot disable the Automatic Updates configuration.
    4. Schedule a date and time for the installations.

    5. Click OK.

      The policy setting is displayed as Enabled in the Windows Update window.

  10. Enable the Specify Intranet Microsoft Update service location policy setting in the group policy. This setting enables the managed computers to identify the Microsoft Update service location (or WSUS server location) where they can receive Microsoft updates from the WSUS server.

    This setting is required to enable a WSUS server in the network.

    1. Double-click Specify intranet Microsoft update service location in the Windows Update window.
    2. Select Enabled in the window.

    3. Enter the IP address of the WSUS server in both Options box fields.

      If you do not have an intranet statistics server in the deployment, enter the WSUS server IP address in both fields.

      Use the information in the table below to complete the Options box fields.

      WSUS Server OS SSL Enabled? Enter this IP address

      Windows Server 2012

      Windows Server 2012 R2

      Windows Server 2016

      		 Yes https://<ip_address>:8531
      No http://<ip_address>:8530
      Windows Server 2008 Yes http://<ip_address>:443
      No http://<ip_address>

      Windows Server 2008 systems use port 80 by default

    4. Click OK.

      The policy setting is displayed as Enabled in the Windows Update window.

      The GPO is configured on the targeted domain.

Tag » Add Computer To Wsus With Group Policy