Purpose
This article provides an overview of the WSUS-Less Windows patching solution in JetPatch, including process flow, requirements, and supported use cases.
Scope
Applicable to Windows endpoints managed by JetPatch where no local WSUS server is used.
Solution Summary
The WSUS-Less solution enables Windows endpoints to retrieve patches directly from Microsoft Update.
JetPatch manages patch discovery, approval, and installation without relying on a local patch repository.
Patch Source
Windows updates are downloaded from Microsoft Update over the internet.
Local WSUS repositories are not supported in WSUS-Less mode.
Caching or internal mirroring is not available.
How Does It Work?
Deploy the Connector
- JetPatch Connector (agent) is deployed on each Windows endpoint.
- The Connector maintains continuous communication and compliance visibility.
Collect Endpoint Updates
- JetPatch executes the built-in task "Collect Endpoint Updates" directly on endpoints.
- This task identifies installed and required updates. See the article for more information.
Patch Installation
- Performed via the built-in "Execute Patch Installation" task during scheduled maintenance.
- Approved patch download and installation both happen during scheduled maintenance. Pre-patch download on approval will be added in 5.0
Prerequisites
- Microsoft Update Service Installed: Automatically activated by JetPatch Connector deployment.
- Connectivity: Direct or proxy-based connection to Microsoft Update via ports 80 and 443.
- More information
This WSUS-less approach simplifies patch management infrastructure, reduces complexity, and enhances security and compliance through direct integration with Microsoft's cloud-based updates.
Comments
0 comments
Please sign in to leave a comment.