In this part, we will see how to configure WPP during its first launch. Run the Wsus Package Publisher.exe file.
Certificate for WPP
WPP needs a certificate to sign the packages that will be deployed by WSUS. This certificate will then need to be deployed on computers that use WSUS. If the certificate is not installed, the software installations deployed by WPP will fail.
Restart the WSUS server to take the certificate into account.
Configuration des clients
Now that we have the certificate, we need to deploy it using a GPO. The tutorial: GPO: Deploy a certificate tells you how to do it, except that it puts the certificate in the Approved Publisher Store 1 .
It is also necessary to modify a Group Policy setting that distributes the configuration to allow the installation of updates from WSUS and not from Microsoft. Change the policy by going to Computer Configuration / Policies / Administrative Template / Windows Component / Windows Update. Double-click Allow signed updates from an intranet location of the Microsoft Update service. Activate 1 the parameter.
Once customers have group policies updated, they will be able to install deploy applications using WPP.
Make WPP applications visible in the WSUS console
This part is optional and allows you to configure WPP to make programs visible in the WSUS Administration Console.