Here are the requirements for installing and using Patch for MEM:
•Patch for MEM installs as a plug-in to an existing Configuration Manager 2012 or later console. The Configuration Manager console must be installed on a 64-bit version of one of these Windows operating systems (excludes Server Core and Nano Server):
•Windows Server 2019
•Windows Server 2016
•Windows Server 2012 R2
•Windows Server 2012
•Windows 10, Pro or Enterprise Edition
•The Configuration Manager console must contain at least 4GB of RAM
•.NET Framework 4.8 or later
If you are missing this requirement, .NET Framework 4.8 will be installed for you during the installation of Patch for MEM.
•Microsoft Visual C++ 2015-2019 Redistributable (x86 and x64)
If you are missing these requirements, they will be installed for you during the installation of Patch for MEM.
•Windows Server Update Services (WSUS) requirements:
•If Patch for MEM is installed on the primary WSUS server and you are using Windows Server 2016, Windows Server 2012 or Windows 8.1, then the WSUS API and the PowerShell cmdlets features must be enabled.
•If Patch for MEM is on a remote Windows 8.1 machine, then the remote admin tools feature must be installed on that machine.
•SQL Server requirements:
•Every user must have access to a SQL Server database and must have read/write permission to the database. You can use any version of SQL Server that is supported by Microsoft's System Center Configuration Manager.
•The user who installs the database must have db_create permissions.
•If you intend to automatically publish updates using a recurring scheduled task, then the Microsoft Task Scheduler service must be enabled and you must have the rights necessary to create scheduled tasks.
•If you intend to receive alert notifications via email, then Configuration Manager must be configured to allow email notifications. For more information, see Managing Alerts.
•The user running Patch for MEM must:
•Be a member of the WSUS Administrators group on the WSUS server
•Have Log on as a batch job rights
•Have read access to Active Directory
•Be assigned to the All instances of the objects that are related to the assigned security roles security scope
•Be assigned to the Full Administrator built-in security role in Configuration Manager
In addition, if the WSUS Server is remote, the user must be a member of the local administrators group on the WSUS Server.
•You must add a number of web URLs to your firewall, proxy and web filter exception lists. The URLs are used by Patch for MEM to download updates from third-party vendors.
For the complete list of URLs that you should add, see:
When operating in a FIPS environment, the console must be configured as a FIPS-compliant machine before you install Patch for MEM. If FIPS is enabled after the installation, you must reinstall Patch for MEM.
•Client machine requirements:
Each of your client machines must meet the following requirements in order to deploy non-Microsoft updates distributed by a WSUS server:
•Must contain a copy of the code signing certificate in the appropriate certificate stores
•Must have enabled the Allow signed updates from an intranet Microsoft update service location policy setting
•The following languages are supported for use within the Patch for MEM interface:
Chinese (Simplified and Traditional), English, French, German, Italian, Japanese, Portuguese (Brazil), Russian, Spanish