Prerequisites and System Requirements

System Requirements

Patch Management (from Agent 10.8.0 RC)

  • Microsoft Windows 7 SP1
  • Microsoft Windows 8
  • Microsoft Windows 8.1
  • Microsoft Windows 10
  • Microsoft Windows Server 2008 R2 SP1
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2016

Ensure the operating system is on the latest service pack available. This is critical for Windows 7 and Windows Server 2008 R2

The following Operating Systems are not supported from Agent 10.8.0 RC:

  • Microsoft Windows XP
  • Microsoft Windows Vista
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2008
  • Microsoft Windows 10 Home

Patch Management is not supported on Core (including Hyper-V) systems.

For supported Windows versions and the associated Monitoring Agent (where applicable), please refer to Supported Operating Systems: Windows

Dashboard Permissions

Agent updates and Patch Management configuration and usage is available to Dashboard users with enhanced permissions (for example Superuser) or a login with Agents and Patch Management privileges enabled.

Any substantive changes made via the Dashboard, for example changes to Patch Management's configuration, are included in the Report menu's User Audit Report.

Patch Download Location

During the installation process patches are downloaded to a temporary repository folder then copied to C:\Windows\Patches where they are executed from. At the end of the remediation process, the patch files are deleted from both locations.

Windows Update Agent

Patch Management uses the Windows Update Agent (wuauserv service) when scanning for Microsoft patches. The service displays as Automatic Updates (pre-Vista) or Windows Update (post-Vista).

The wuauserv service is enabled by default and should start automatically on all Operating Systems, however if the service is disabled or not installed then the Windows Update Agent is not invokable and Patch Management will fail to detect any Microsoft patches.

The minimum version of the Windows Update Agent (WUA) required for the N-able Patch Management engine must be greater than 7.6.7600.320. The base NT build version of windows should be 6.1 or later. Older versions of the base NT build cannot upgrade past version 7.6.7600.256 of the Windows Update Agent.

To determine the version of Windows Update Agent use the following procedure:

  1. In the File Explorer, navigate to C:\Windows\System32\ and locate the file wuaueng.dll
  2. Right-click the file and click Properties
  3. Click the Details tab, to find the Product Version

Patch Management and Windows Update from Monitoring Agent 10.8.0 RC

The Patch Management engine included from Windows Monitoring Agent 10.8.0 RC takes administrative control of Windows Update to download files and install the patches.

Proxies and Windows Updates

In Windows, you can configure the Agent to use a proxy to download Microsoft patches and third party patches. However, Windows Update does not inherit the proxy settings entered in the Agent and instead applies the proxy configuration from Windows. As a result Patch Management cannot use the Agent entered proxy settings to download Windows updates. The customer can configure their systems to enable Windows Update to use a proxy to retrieve a list of updates. Visit the Microsoft article How the Windows Update client determines which proxy server to use to connect to the Windows Update Web site for further information.

Recommended Antivirus Settings

Due to the intensive nature of the Patch Status Scan on the device, its performance may be affected by any antivirus or antispyware products, particularly when they are configured for real-time scanning. In order to alleviate the impact of these programs, we would suggest adding exceptions for the following Patch Management folders (and sub-folders) to allow read/write access.

Patch Management Engine

From Windows Agent 10.8.0 RC.

Old Application Name New Application Name
SolarWinds MSP Cache Service File Cache Service Agent
SolarWinds MSP Patch Management Engine Patch Management Service Controller
SolarWinds MSP RPC Server Request Handler Agent

Windows Services

Old Windows Service Name New Windows Service Name
SolarWinds MSP Cache Service File Cache Service Agent
SolarWinds MSP PME Agent PME Agent
SolarWinds MSP RPC Server Request Handler Agent

 

Program Path

Old path New Path
C:\Program Files (x86)\Advanced Monitoring Agent\CacheService\ C:\Program Files (x86)\Advanced Monitoring Agent\FileCacheServiceAgent\
C:\Program Files (x86)\Advanced Monitoring Agent\patchman\ No change.
C:\Program Files (x86)\Advanced Monitoring Agent\RpcServer\ C:\Program Files (x86)\Advanced Monitoring Agent\RequestHandlerAgent\

 

Data Folder

Old path New Path
C:\ProgramData\SolarWinds MSP\CacheService\ C:\ProgramData\MspPlatform\FileCacheServiceAgent\
C:\ProgramData\SolarWinds MSP\PME\ C:\ProgramData\MspPlatform\PME\
C:\ProgramData\SolarWinds MSP\RpcServer\ C:\ProgramData\MspPlatform\RequestHandlerAgent\

 

The Group Policy Advanced Monitoring Agent installs to ...\Program Files (x86)\Advanced Monitoring Agent GP\...

Patch Management URLs

Patch Management requires specific files to successfully scan the device and problems may occur where these files are unavailable. To ensure these files are successfully downloaded, we would suggest allowing the following URLs in any firewall (including Deep Packet Inspection modules) or web monitoring software on the computer over both HTTP (port 80) and HTTPS (port 443).

Patch Management Engine

sis.n-able.com*

go.microsoft.com/*

*.download.microsoft.com

*.windowsupdate.com

*.update.microsoft.com

To ensure the successful operation of the Patch Management Engine. HTTP and HTTPS communication between the SolarWinds.MSP.CacheService Windows service (%Programfiles(x86)%\Advanced Monitoring Agent\CacheService\SolarWinds.MSP.CacheService.exe) and sis.n-able.com must not be blocked.

By default, new Dashboards have Patch Management enabled by default and configured for manual patch approval and installation.

Disclaimer
Please be aware that we are not responsible for any harmful effects that actions performed by Patch Management may have on the target system.