In this post we will see how to deploy non-Microsoft patches using Microsoft SCCM. In today’s world deploying the applications alone is not enough. Keeping the applications updated to latest versions is also important. When it comes to SCCM, it is a good tool to deploy Microsoft updates. But SCCM lacks a feature where it cannot patch third party applications. So here is a review of a very popular tool called ManageEngine Patch Connect Plus. This is a web based tool that integrates with SCCM and patches third party applications.
What is ManageEngine Patch Connect Plus
Patch connect plus is a tool to patch your third party applications using SCCM. This tool is really useful for admins who spend lot of time in patching applications manually. Some of them could be using multiple tools to patch variety of applications. Patch connect plus tool supports deploying patches for more than 250 third party applications. Here is the list of applications that the tool supports. This is a great advantage of this tool and it’s very easy to use.
To download ManageEngine Patch connect plus tool click here. The software is available for download with 30 day trial version. However this comes with all the features loaded. The tool supports installation on all the latest operating systems. Here is the link that lists the system requirements for this tool. The Patch connect plus tool should be installed on machine where WSUS or WSUS admin console is present. However I would recommend to install it on a box where your SCCM and WSUS are installed. In addition once you install the tool, you get a chat support feature. With this you can chat with their dedicated support team and get your queries answered.
How ManageEngine Patch Connect Plus tool works ?
The below screenshot is an example of how this tool works. Furthermore there is also a YouTube video tutorial that explains what this tool is and how it works. The central repository is portal in a ManageEngine site where the latest vulnerability database is hosted. This database is updated with latest patches that are thoroughly tested. The Patch connect plus tool synchronizes the latest patches using a proxy server or using direct internet connection. When you install the tool, it allows you to select the applications that you would want to patch. The patches are then downloaded from vendor site and published to WSUS. The patches are then pushed to SCCM server and can be deployed using SCCM.
How to deploy Non-Microsoft patches using Microsoft SCCM
First of all download the Patch connect plus tool, right click on executable and click run as administrator. On the welcome page click on Next.
The Patch connect plus uses port 5020 to access the console. You could specify another port number if required. Click Next.
Finally click on Finish. This will start the Patchconnect plus.
In the next step we see a welcome screen. To login to the tool, the default user name is admin and password is admin. Click on Login. Click Get Started button at the bottom of the screen. This will bring up the Patch connect plus setup screen. The first step is to specify Proxy server settings. Specify proxy settings here. In case you don’t have proxy configured in your organization, click on Skip.
The next screen is WSUS Settings. Enter your WSUS server name or IP address. Enter the port number configured during WSUS setup. For SSL settings choose Disable. In case you have third party certificate provided by publisher then select Enable. In Certificate settings (appears after SCCM settings step) you have to import the certificate. Click Next.
In the next screen specify the SCCM settings. Check the box Synchronize Software Updates. Enter the SCCM server name and provide SCCM console credential. To add new credential click on + sign and enter domain user name and password. Click Next.
In the Certificate Settings, select Create Self Signed Certificate and click Create Self Signed Certificate. This will generate self signed certificate.
Click on Next.
In the next step select the applications for which you want to push patches. There is an option to select the language(s) apart from English. The tool checks for the latest patches and shows them up in the SCCM console. After selecting the third party applications click Next.
In the next step you have the options to schedule the frequency to publish the patches to SCCM. Choose the desired schedule and click Finish.
Once you configure all the above settings, you can now select the patches and publish them.
Click on Sync now option at the right hand side of the pane. This will show up the published patches in SCCM console upon synchronization.
You can now see in the console it shows 2 patches published. Consequently the patches should also seen in the SCCM console now.
In the SCCM console, click on Software Library, click on Overview, click on Software Updates and click on All Software Updates. You now see the patches that are available for deploying using SCCM.
In conclusion, ManageEngine patch connect plus tool is a convenient way to push non-microsoft patches. If you have noticed the setup, it’s very easy and configuration is so simple. If you have any queries regarding the tool, do write in the comments.
It’s not mentioned here or on their site so I wanted to make sure. The cert that is created in the setup…does it need to be pushed to all workstations afterward in order for this to work properly?
Also if we already have our own local cert server, is that a better option?