- The 3rd Party Software Plugin should be installed in the Primary WSUS machine.
- WSUS must be at release 6.2 or greater.
- Operating System - Windows Server 2012 / 2012R2 / 2016 / 2019.
- .NET Framework 4 or greater must be installed.
- The credential used to run 3rd party software plugin must be part of the WSUS Administrators group of the WSUS Server
Installing and configuring the 3rd party software plugin
- Go to: http://catalog.jetpatch.com/ (access required, please send WSUS public IP to JetPatch team)
- Download, install and launch: System Center Updates Publisher
- Connect to WSUS:
- Go to Menu in the top left corner
- Then click on Options
- On the first page that will be open, hit enable Publishing to an Update Server.
- Choose the Connect to a local update server
- After that - Test Connection (It should say that it was successful, and will ask about a certificate (check next step))
The 3rd party software plugin will sign the packages with a certificate (should be downloaded from http://catalog.jetpatch.com/). These 2 certificates should be installed on every endpoint that will be getting 3rd Party app updates (check step: Deploy your code signing certificate to clients and WSUS).
- Signing Certificate - Click on "Create" a new Certificate
- Load Certificate - Click on “Browse” then select the certificate in the format ".pfx "
- Insert Password - Fill in the certificate password of the ".pfx" certificate (provided by the JetPatch team)
- Restart The program.
To validate the certificate was created/imported successfully, open the program, go to Options -> Update server, and look if the information was provided in "Certificate issuer" and "Expiration Date"
Deploy your code signing certificate to clients and WSUS
Configure Code Signing Certificate on WSUS server
It should be listed twice on the server in the local certificates MMC (Publisher & WSUS):
- Upload the certificate to the client
- Double-click certificate on each client and install to the “Trusted Root Certification Authorities” and “Trusted Publishers”:
- Create/edit a GPO used to import the certificate to all the endpoints in the domain (Computer Config > Windows Settings > Security Settings > Public Key Policies):
Configure the Windows Update Agent settings
Follow the instruction in Endpoint and JetPatch Configuration for WSUS article in JetPatch Knowledge Center.
Note - It may also be required to adjust the PowerShell Execution Policy.
Tell Computers to install Locally Publish Updates :
Using the same GPO that you use to set your computers, set the option “Allow signed content from intranet Microsoft update service location” to "enable".
How: Navigate to Computer configuration > Policies > Administrative Templates > Windows Components > Windows Update. Select "Allow signed content from intranet Microsoft update service location" and click Edit policy settings.
The next thing consist to import and Publish 3rd Party Applications to WSUS.