Configuring WPP
Contents
In this part, we will see how to configure WPP during its first launch. Run the Wsus Package Publisher.exe file.
At the first opening, it will detect that we are on a WSUS server and put the connection directly to your favorites. Click OK 1 to close the message.
In the connection area, we can see that the server has been added 1 , click on the connection button 2 .
Certificate for WPP
At the first connection, a message is displayed indicating that a certificate is required. Click OK 1 to close it.
WPP needs a certificate to sign the packages that will be deployed by WSUS. This certificate will then need to be deployed on computers that use WSUS. If the certificate is not installed, the software installations deployed by WPP will fail.
On the WPP console, go to Tools 1 then click on Certificate 2 .
Click on the button Generate the certificate 1 .
A window appears, confirm the creation of the certificate by clicking OK 1 .
A new one appears to confirm that the certificate has been generated. Click OK 1 to close the message.
Restart the WSUS server to take the certificate into account.
Configuration des clients
Now that we have the certificate, we need to deploy it using a GPO. The tutorial: GPO: Deploy a certificate tells you how to do it, except that it puts the certificate in the Approved Publisher Store 1 .
It is also necessary to modify a Group Policy setting that distributes the configuration to allow the installation of updates from WSUS and not from Microsoft. Change the policy by going to Computer Configuration / Policies / Administrative Template / Windows Component / Windows Update. Double-click Allow signed updates from an intranet location of the Microsoft Update service. Activate 1 the parameter.
Once customers have group policies updated, they will be able to install deploy applications using WPP.
Make WPP applications visible in the WSUS console
This part is optional and allows you to configure WPP to make programs visible in the WSUS Administration Console.
From the WPP console, go to Tools 1 and click Settings.
On the Server 1 tab, choose the Always make update visible option in the Wsus console. (The database will be modified) 2 then validate by clicking on OK 3 .
Then go to the tab Updates 1 and tick both caches 2 and click OK 3 . To take into account the parameters, it is necessary to close and open WPP.