Prerequisites
WSUS
- The 3rd Party Software Plugin should be installed in the Primary WSUS machine
- WSUS must be at release 6.2 or greater.
Machine
- Operating System - Windows Server 2012 / 2012R2 / 2016 / 2019.
- .NET Framework 4 or greater must be installed.
- The credential used to run 3rd party software plugin must be part of the "Wsus Administrators" group of the Wsus Server
Install and configure the 3rd party software plugin
- Download - Get the latest release on GitHub and download the archived file as described in the image below
- Unzip Files - Uncompress the archive into a folder of your choice.
- Launch JetPatch 3rd party software plugin- Run the "Wsus Package Publisher.exe"
- Connect to WSUS - Click on the “Connect/Reload” button on top of the application
Certificate Configuration
The 3rd party software plugin will sign the packages with a certificate that should be configured for each client as well.
Steps:
- Open settings - In WPP go to Tools → Certificate
- Insert Password - Fill the certificate password
- Load Certificate - Click on “Load the certificate” (certificate format is “pfx”)
- The pfx certificate is provided by JetPatch team.
- Restart Server - Restart the WSUS Server
Validate Certificate
To validate the certificate was created/imported successfully, open the WPP and click on “Help → About” from the top of the window.
In the “About” popup window you should see that the “Certificate” is with a “Valid” value.
Deploy your code signing certificate to clients and WSUS
On WSUS
-
Configure Code Signing Certificate on WSUS server
-
It should be listed twice on the server in the local certificates MMC (Publisher & WSUS):
Non-domain-joined clients:
- Upload the certificate to the client
- Double-click certificate on each client and install to the “Trusted Root Certification Authorities” and “Trusted Publishers”:
Domain-joined clients:
- Create/edit a GPO used to import the certificate to all the endpoints in the domain (Computer Config > Windows Settings > Security Settings > Public Key Policies):
Configure the Windows Update Agent settings
Follow the instruction in Endpoint and JetPatch Configuration for WSUS article in JetPatch Knowledge Center.
Note - It may also be required to adjust the PowerShell Execution Policy.
What's Next?
The next thing is to configure the JetPatch 3rd Party Software Plugin to use the JetPatch Catalog.
Comments
0 comments
Please sign in to leave a comment.