Patch for SCCM

System Requirements

Here are the requirements for installing and using Patch for SCCM:

Patch for SCCM installs as a plug-in to an existing Configuration Manager 2012 or later console. The Configuration Manager console must be installed on a 64-bit version of one of these Windows operating systems (excludes Server Core and Nano Server):

Windows Server 2019

Windows Server 2016

Windows Server 2012 R2

Windows Server 2012

Windows Server 2008 R2 SP1

Windows 10, Pro or Enterprise Edition

Windows 8.1

Windows 7 SP1

.NET Framework 4.6.2 or later

If you are missing this requirement, .NET Framework 4.7.1 will be installed for you during the installation of Patch for SCCM.

Microsoft Visual C++ 2015 Redistributable (x86 and x64)

If you are missing these requirements, they will be installed for you during the installation of Patch for SCCM.

Windows Server Update Services (WSUS) requirements:

If Patch for SCCM is installed on the primary WSUS server and you are using Windows Server 2016, Windows Server 2012 or Windows 8.1, then the WSUS API and the PowerShell cmdlets features must be enabled.

If Patch for SCCM is on a remote Windows 8.1 machine, then the remote admin tools feature must be installed on that machine.

If the primary WSUS server is running WSUS 3.0 SP2, then the WSUS 3.0 SP2 Administration Console must be installed on the same machine as Patch for SCCM. Patches KB2720211 and KB2734608 must be applied to both the WSUS server and the Configuration Manager Console machines.

Every user who chooses to use the Shared Settings feature must be an authorized Windows Management Instrumentation (WMI) user and must have Full Write permission to the ROOT\SMS\<site> namespace and all sub-namespaces of the primary SCCM site.

You can configure each user with these permissions or assign the users to a group that contains these permissions. For information on setting these permissions, see:

If you intend to automatically publish updates using a recurring scheduled task, then the Microsoft Task Scheduler service must be enabled and you must have the rights necessary to create scheduled tasks.

If you intend to receive alert notifications via email, then SCCM must be configured to allow email notifications. For more information, see Managing Alerts.

The user running Patch for SCCM must:

Be a member of the WSUS Administrators group on the WSUS server

Have Log on as a batch job rights

Be assigned to the All instances of the objects that are related to the assigned security roles security scope

In addition, if the WSUS Server is remote, the user must be a member of the local administrators group on the WSUS Server.

You must add a number of web URLs to your firewall, proxy and web filter exception lists. The URLs are used by Patch for SCCM to download updates from third-party vendors.

For the complete list of URLs that you should add, see:

Federal Information Processing Standard (FIPS) environments

When operating in a FIPS environment, the console must be configured as a FIPS-compliant machine before you install Patch for SCCM. If FIPS is enabled after the installation, you must reinstall Patch for SCCM.

Client machine requirements:

Each of your client machines must meet the following requirements in order to deploy non-Microsoft updates distributed by a WSUS server:

Must contain a copy of the code signing certificate in the appropriate certificate stores

Must have enabled the Allow signed updates from an intranet Microsoft update service location policy setting

Was this article useful?