Setup

Recommendation: Have all windows endpoints registered and reporting to the WSUS server. It is also suggested to have the endpoints in WSUS groups before using JetPatch.

Do the following in order (note: the connector must be deployed on the WSUS server before it can be added as a discovery source)

1. Add the WSUS server to JetPatch
2. Add and assign an administrative account to the WSUS server
3. Deploy the JetPatch connector on the WSUS server
4. Add the WSUS discovery source

Note: You can only add one WSUS server as a discovery source to JetPatch. For more WSUS servers use a primary-replica setup.

Post-Steps

Within 20 minutes, all machines reporting to WSUS should be reporting to JetPatch.  From there, you can do the following

1. Add and assign an administrative account to the Windows endpoints
2. Deploy the JetPatch connector on the Windows endpoints

Certificates (Optional)

Note - In managed environments, we recommend deploying the following certificates (if you need them) using the GPO capabilities. If some of your endpoints are not managed or you prefer not doing it via the GPO you can use the instructions below:

WSUS Certificate

To enable secure communication between WSUS and the Windows endpoint you need to install a certificate on the endpoints.

You can deploy the certificate by using:

1. GPO
2. Connector MSI Installation - The certificate should be located in a path described in the wsus-certificates.path configuration in the intigua.properties file. The default location is - /usr/share/intigua/wsus-certs. 

3rd Party Patching Certificate

To patch 3rd party updates in your Windows environment there is a need for another certificate to be installed in the endpoints.

You can deploy the certificate by using:

1. GPO
2. Built-in JetPatch Script after Connector deployment (see instructions below)
3. Connector MSI Installation

Note: For non-GPO deployment, the full certificate file path should be described in the third-party-certificate.path configuration in the intigua.properties file.

Install 3rd Party Certificate using JetPatch Built-in Script

To install the 3rd Party certificate using JetPatch capability of running a task on the endpoint, you need to create a task with the right values from the built-in script.

1. Preparation:
   1. Put the 3rd party certificate in the JetPatch Server and add the following parameter to the intigua.properties file (Replace <FILE_PATH> with the full path of the certificate) 

   2. third-party-certificate.path=<FILE_PATH> 
      -Exemple:
      third-party-certificate.path=/usr/share/intigua/3dpp/3dpp.crt

   3. Restart the JetPatch application (systemctl restart tomcat) to apply the new configuration.
2. Create a Task:
   1. Go to "System -> Tasks" and click on "+ CREATE TASK" button
   2. Fill the "Task Name" and Description as you want
   3. On the right of the page, go to the "Execution" tab -
      1. Task Source = Both
      2. Script = "Third-party patching certificate Windows"
      3. Execution Type = "Power shell script"
      4. Execution Command = ".\@file @Username @API_Key @URL"
         
   4. Switch to the "Parameters" tab - 
      
      1. API_Key = generate API permission and copy the generated key into the "API_Key" parameter.
      2. URL = the full JetPatch URL with hostname or IP (example - "https://30.30.201.55").
      3. Username = the username that was generated the API_Key.
         
   5. Click on "SAVE TASK".

After the task was saved, you can select the required endpoints in "Endpoints" -> "Management" and run the task on them.

Related Articles 

• WSUS Scripts 
• Endpoint Readiness Scripts
• Recommended maintenance operations on WSUS