General Tab

The General tab is used to specify your proxy and metadata options and to launch the Configuration Checker utility.

Available Options

Proxy options

This area allows you to modify the proxy settings used by Patch for Configuration Manager when accessing the Internet using your Web browser. In general, Patch for Configuration Manager checks the proxy settings in Internet Explorer and conducts an Internet connectivity test to determine whether or not proxy server settings are necessary. If Patch for Configuration Manager is unable to access the Internet using these settings, or if you are required to enter a user name and password each time you launch your browser and browse the Internet, you will need to configure the proxy options.

  • Do I need proxy information?: To see if Patch for Configuration Manager can use your current Internet Explorer proxy settings to access the Internet and perform other operations, click this button. If the test is successful then nothing further is required. If the test fails it typically means your organization utilizes authentication and you need to modify your proxy settings by specifying credentials (a user name/password).
  • Use proxy: If enabled, indicates that you will supply proxy credentials. If you clear the check box after specifying credentials, the credentials will be saved but not used.
  • User name: Type the credential user name. It may be necessary to specify a domain as part of your user name (for example: mydomain\my.name).
  • Password: Type the credential password.
  • Verify Proxy: To test the proxy credentials, click this button.

Alert email options

This area is used to specify the credentials required to authenticate to the SMTP server configured for use in Microsoft Endpoint Configuration Manager. This server is used to send email notifications when an alert is triggered. If the SMTP server is not configured or authentication to the server is not required, the User name and Password boxes are disabled.

By default, when receiving alert notifications, users need to log into the system, dismiss the alert, and save the changes if they want to receive any future alerts. Select the Always send alerts, regardless of active status option to send alerts whether or not they were previously manually dismissed. This overwrites the default behavior and enables users to receive alerts as they occur. For more details on alerts, see Managing Alerts.

Metadata options

This area allows you to specify how to manage metadata revisions to updates.

  • Do not prompt me and do not update WSUS: No action is taken when revised metadata is available. You can use the *Revised metadata filter to determine when metadata revisions are available.
  • Update WSUS metadata without prompting me: Automatically updates your published updates with the revised metadata without notifying you.
  • Prompt me when metadata revisions are available: If new metadata becomes available for updates that you have previously published, a dialog will be displayed that provides you with the option to either immediately revise the updates in WSUS or ignore the new metadata. For example
    :

Patch for Configuration Manager will look for metadata revisions whenever a new copy of the catalog is downloaded. The recommended course of action in most cases is to publish the revisions.

If you enable the Remember my choice and do not prompt again check box and then click Yes, the metadata option will change to Update WSUS metadata without prompting me.

If you enable the Remember my choice and do not prompt again check box and then click No, the metadata option will change to Do not prompt me and do not update WSUS.

Verify setup

This area is used to launch the Configuration Checker. This utility is typically run once immediately after Patch for Configuration Manager is first installed.

Configuration Checker is used to determine if you meet all the requirements for using Patch for Configuration Manager. You can run Configuration Checker by clicking the Launch Configuration Checker button on the General tab. You can also run it from the command line: C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin\ST.SCCM.ConfigurationChecker.exe. You must run Configuration Checker with full Administrator privileges, but you can use it to evaluate accounts that do not have full Administrator privileges.

Most of the information on this dialog will be pre-populated for you but it can be modified as necessary.

  • WSUS Server FQDN: Type the fully qualified domain name of your WSUS server.
  • Port: Select the port used to access the WSUS server.
  • User account (domain/user): Type the domain and user name of the account that you want to use for tests of type User. Tests of type Machine are run as the currently logged in user.
  • Account password: Type the password associated with the user account. This field can be left blank if you are evaluating the account that you are using to run this tool.
  • Configuration Manager Server FQDN: Type the fully qualified domain name of the server that contains Configuration Manager.
  • Use proxy: If enabled, indicates that proxy server credentials are required in order to run the Configuration Checker test. If you clear the check box after specifying credentials, the credentials will be saved but not used. This box will initially mirror what is configured on the Proxy tab but can be temporarily overridden here.
  • Proxy user name: Type the user name for an account on the proxy server. This box will be automatically populated with the user name provided on the Proxy tab but it can be overridden. It may be necessary to specify a domain as part of your user name (for example: mydomain\my.name).
  • Proxy password: Type the password for the proxy server account.
  • Test Intune Connection: If you are importing third-party applications into Microsoft Intune, this enables you to test the associated Intune connection. For more information, see Application Management Tab.
  • Tenant Domain: This setting can be found by logging on to your Azure portal, going to the Active Directory blade and then clicking on Domain names.
  • Application ID: This setting can be found on the Overview tab of your Azure portal.
  • Client Secret: This setting can be found on the Certificates & secrets tab of your Azure portal.

The utility performs a large number of checks, including:

  • Ability to connect to the WSUS server using a fully qualified domain name and port number
  • Ability to retrieve the Patch for Configuration Manager catalog
  • User account has Log on as a batch job privileges
  • User account is a member of the Administrators group and the WSUS Administrators group on the WSUS server
  • User account has the necessary Configuration Manager security settings
  • User has access to the database
  • Proper read/write/delete permission to the C:\Users\<username>\Ivanti\Patch directory
  • The Configuration Manager server has a valid connection and site code
  • WSUS signing certificate is contained in the Trusted Root and Trusted Publisher stores and is current (not expired)
  • A test update can be published
  • The product is licensed
  • A test application can be created, retrieved, and deleted in Intune
  • Ability to retrieve Intune groups
  • Ability to download the latest Graph API commands file
  • Validate the app registration for Intune

If any of the tests fail, you should correct the issue before using Patch for Configuration Manager.

Unreferenced Package Cleanup

In Microsoft Configuration Manager, the WSUS cleanup tasks on the Software Update Point Component properties window can remove updates from the WSUS database and the WSUSContent folder, but do not clean up the UpdateServicesPackages folder. You can use this section to selectively remove orphaned folders in the UpdateServicesPackages folder and so clean up this area.

To remove unreferenced packages:

  1. Click Launch Unreferenced Package Manager.
    The Manage Unreferenced Packages dialog appears, showing a list of folders that are unreferenced by the WSUS server.
  2. In the Include column, select the check boxes alongside the folders you want to delete, then click Delete Selected.
    The folders are deleted and the list updates.

Role-Based Access Control

If you do not want to assign the Full Administrator role to all users, you can enable the Enable Role-Based access control option and assign users either the 3rd Party Patch Administrator or 3rd Party Patch Read-Only User custom security roles added by the Data Migration Tool.

Only users with the Full Administrator role can select or clear Enable Role-Based access control.