Articles in this section

Configure Windows Endpoints for 3rd Party Updates

Tell Computers to install Locally Publish Updates 

Non-domain-joined clients:

  • Open the group policy of the endpoint (start->run->gpedit.msc)
  • Configure Updates by going to Computer Configuration -> Administrative Templates -> Windows Components -> Windows Updates ->
    • Allow signed updates from an intranet Microsoft update service location -> Enable the policy

Configure in bulk using a built-in task

See the endpoint configuration for WSUS steps (note: if you already ran this script before to initially configure the endpoints to WSUS, you can skip this step).

 

Domain-joined clients:

Using the same GPO that you use to set your computers, set the option “Allow signed content from intranet Microsoft update service location” to "enable".

How: Navigate to Computer configuration > Policies > Administrative Templates > Windows Components > Windows Update. Select "Allow signed content from intranet Microsoft update service location" and click Edit policy settings. 

mceclip0.png

 

 

success

 

Deploy your code signing certificate on Endpoints

Non-domain-joined clients:

  • Upload the certificate (.CER) to the client
  • Double-click certificate on each client and install to the “Trusted Root Certification Authorities” and “Trusted Publishers”:

97a41424-0f27-428f-9004-b8a975ac009c.png97a41424-0f27-428f-9004-b8a975ac009c.png

 

Configure in bulk using a built-in task

See the 3rd party patching certificates steps

 

 

Domain-joined clients:

  • Create/edit a GPO used to import the certificate (.CER) to all the endpoints in the domain (Computer Config > Windows Settings > Security Settings > Public Key Policies):77b88cda-2291-4687-923d-e6273c9c5b3c.png

 

Related articles

Comments

0 comments

Please sign in to leave a comment.