Patch management engine system requirements

Patch Management Engine (PME) requires Windows operating system in version 7 SP1 and higher or Windows 2008 R2 SP1 and newer. Ensure the operating system is on the latest service pack available. This is critical for Windows 7 and Windows Server 2008 R2.

Patch Management does not support any Windows Home editions.

.NET Framework

PME requires .NET Framework 4.5.2 or higher on the device. PME can automatically install the required .NET Framework version during its installation.

Local Disk Space

PME caches frequently used files on the local disk, and stores installers for larger patches such as Cumulative Updates and Feature Updates. N-able recommends at least 10 GB of free space on the local hard disk.

Windows Accounts

PME windows services are running under SYSTEM and LocalService accounts, and requires these accounts to exist with default permissions.

Windows Components

PME uses several standard Windows components. It requires following services running without issues:

  • Background Intelligent Transfer Service
  • DCOM Server Process Launcher
  • Remote Procedure Call (RPC)
  • RPC Endpoint Mapper
  • Update Orchestrator Service
  • Windows Installer
  • Windows Update
  • Windows Update Medic Service

Antiviruses / Firewalls

The list of requirements for security applications is described in Patch Manager Engine exclusions for third party AV software.

Using a proxy

In Windows, you can configure the probe to use a proxy to download Microsoft patches and third party patches. However, N-able patch management cannot use a proxy to download Windows updates. The customer can configure their devices to enable Windows Update to use a proxy retrieve a lists of updates.

Windows Update Agent

The minimum version of the Windows Update Agent (WUA) must be greater than 7.6.7600.320. The base NT build version of windows should be 6.1 or later. Older versions of the base NT build cannot upgrade past version 7.6.7600.256 of the Windows Update Agent.

To ensure that Windows Update services are current and can detect new patches properly, the patch engine may apply required SSU upon detection.

Use the following steps to determine the version of Windows Update Agent use the following procedure.

  1. In the File Explorer, navitage to C:\Windows\System32\ and locate the file wuaueng.dll.
  2. Right-click the file and click Properties.
  3. Click the Details tab, to find the Product Version.

Windows Feature Update with Full Disc Encryption

Starting with the Windows 10 Anniversary Update release, Microsoft provides new command line parameters which specify the path to a folder that contains encryption drivers for a computer that has third-party encryption enabled. To reduce the possibility of encountering errors during the upgrade we have hard-coded the recommended default Microsoft path and will query this location for the setupconfig.ini, which is filled out by encryption vendors.

We have also added the capability to add your own custom path to the patch config files, to support those vendors who store the setupconfig.ini file in a different location. Further information is available in the Windows Feature Update with Full Disk Encryption section.