Configuring ConfigMgr for 3rd Party Updates
Scope: Easy2Patch (All Versions)
Last updated
Scope: Easy2Patch (All Versions)
Last updated
Go to Administration\Overview\Site Configuration\Servers and Site System Roles node and enter Properties screen with right click on Software Update Point role, then select "Require SSL communication to the WSUS server" check box and OK button.
To require SSL communication to the WSUS server for SCCM 3rd party updates, you can follow these steps:
Open the Configuration Manager console and go to Administration > Site Configuration > Servers and Site System Roles.
Select server that contains Software Update Point role.
In the site system roles pane select Software Update Point role and click properties in right click menu.
Select the site that you want to configure, and click on "Configure Site Components" in the ribbon.
Go to the "General" tab.
Check the box that says "Require SSL communication to the WSUS server".
Click "OK" to save the changes.
To configure other settings for 3rd party updates in SCCM, you can follow these additional steps:
Open the Configuration Manager console and go to Administration > Site Configuration > Sites.
Select the site that you want to configure, and click on "Configure Site Components" in the ribbon.
Click on "Software Update Point", go to the "Third Party Updates" tab.
Check the box that says "Enable third party updates".
In the same screen select "Manually manage the certificate" option.
Click "OK" to save the changes.
You can also configure additional settings for individual third-party update sources by selecting the "Third-Party Update Catalogs" node in the Configuration Manager console and then selecting the catalog that you want to configure. From there, you can configure settings such as proxy server settings, download location, and update categories.
Finally enable 3rd Party updates on clients. For this go to "Client settings" node on Administration pane.
On the client settings screen, right-click on "Default Client Settings" or the appropriate client update policy and the properties screen opens.
Software updates screen is displayed. On this screen, "Enable third party software updates" is selected as "Yes".
Click OK to save the settings.
User accounts with different authorizations may be needed to run and use the Easy2Patch software. User type and privileges will vary for each scenario.
In order for the application to be run and used, the logged in user account must be a user belonging to the local administrators group.
Easy2PatchSvc (Easy2Patch Service) service works with the "Local System" account. This service can be set to use a user account from the SCCM/WSUS settings screen.
Publishing updates on SCCM, triggering synchronization, etc. For SCCM jobs, a user account is needed to be created in Active Directory. This user account needs the following SCCM privileges.
Application: Read, Modify, Delete, Set Security Scope, Create, Move Object, Modify Folder
Software Updates: Read, Modify
Distribution Point: Read, Copy to Distribution Point
Distribution Point Group: Read, Copy to Distribution Point Group
Folder Class: Read, Modify, Create
Security Scopes: Read
Site: Read
In order to view the number of systems on which the software is installed, a connection to the SCCM Server database system is required. The minimum permission required to make this connection can be given with the following SQL script. This SQL script is run on the SCCM database. The "CM_E2P" name and user account must be changed to suit your environment.
