System Requirements
Here are the requirements for installing and using Patch for Configuration Manager:
- Patch for Configuration Manager installs as a plug-in to an existing Configuration Manager 2012 or later console. The Configuration Manager console must be installed on a 64-bit version of one of these Windows operating systems (excludes Server Core and Nano Server):
- Windows Server 2022
- Windows Server 2019
- Windows Server 2016
- Windows Server 2012 R2
- Windows Server 2012
- Windows 10, Pro or Enterprise Edition
- Windows 11, Pro or Enterprise Edition
- The Configuration Manager console must contain at least 4GB of RAM
- The minimum supported version of Configuration Manager for anyone using the Intune capabilities is 1906.
- .NET Framework 4.8 or later
If you are missing this requirement, .NET Framework 4.8 will be installed for you during the installation of Patch for Configuration Manager.
- Microsoft Visual C++ 2015-2022 Redistributable (x86 and x64)
If you are missing these requirements, they will be installed for you during the installation of Patch for Configuration Manager.
- Windows Server Update Services (WSUS) requirement:
- If Patch for Configuration Manager is installed on the primary WSUS server and you are using Windows Server 2016 or Windows Server 2012, then the WSUS API and the PowerShell cmdlets features must be enabled.
- SQL Server requirements:
- Every user must have access to a SQL Server database and must have read/write permission to the database, except for users with the 3rd Party Patch Read-Only User custom security role, who must be assigned only read-only permission to the database. You can use any version of SQL Server that is supported by the version of Configuration Manager you are using.
- The user who installs the database must have db_create permissions.
- If you intend to automatically publish updates using a recurring scheduled task, then the Microsoft Task Scheduler service must be enabled and you must have the rights necessary to create scheduled tasks.
- If you intend to receive alert notifications via email, then Configuration Manager must be configured to allow email notifications. For more information, see Managing Alerts.
- Access to the following URL is required in order to import third-party applications to Intune and to automatically update the deployed applications: https://application.ivanti.com.
- The user running Patch for Configuration Manager must:
- Be a member of the WSUS Administrators group on the WSUS server
- Have Log on as a batch job rights
- Have read access to the logged-in domain in Active Directory to read the list of users from that domain
- Be assigned to the All instances of the objects that are related to the assigned security roles security scope
- In Configuration Manager, be assigned to the Full Administrator built-in security role, or if using role-based access (see Role-Based Access Control) have either the 3rd Party Patch Administrator or 3rd Party Patch Read-Only User custom security roles added by the Data Migration Tool
In addition, if the WSUS Server is remote, the user must be a member of the local administrators group on the WSUS Server.
Nested group lookup is not supported: users must be added directly to the required groups.
- You must add a number of web URLs to your firewall, proxy and web filter exception lists. The URLs are used by Patch for Configuration Manager to download updates from third-party vendors.
For the complete list of URLs that you should add, see the URL Exception List for Ivanti Patch for Configuration Manager.
- Federal Information Processing Standard (FIPS) environments
When operating in a FIPS environment, the console must be configured as a FIPS-compliant machine before you install Patch for Configuration Manager. If FIPS is enabled after the installation, you must reinstall Patch for Configuration Manager.
- Client machine requirements:
Each of your client machines must meet the following requirements in order to deploy non-Microsoft updates distributed by a WSUS server:
- Must contain a copy of the code signing certificate in the appropriate certificate stores
- Must have enabled the Allow signed updates from an intranet Microsoft update service location policy setting
- To use Application Management, you must install the Ivanti Code Signing Certificate
Download the Ivanti Code Signing Certificate
To push the certificate to client computers, consult the following Microsoft article: Distribute Certificates to Client Computers by Using Group Policy.
- The following languages are supported for use within the Patch for Configuration Manager interface:
Chinese (Simplified and Traditional), English, French, German, Italian, Japanese, Portuguese (Brazil), Russian, Spanish