• State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 21 subscribers
  • Views 1092 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

How can we deploy the Patch Manager agent outside of Patch Manager?

jscheuer

We're looking to enable local Windows Firewalls on most client PCs where I work. We'd like to keep any incoming rules to a minimum; this made the Patch Manager agent look very attractive.

From my understanding, the Patch Manager agent will initiate an outbound connection from the client to the server, removing the need to allow unsolicited incoming connections from Patch Manager. Someone please correct me if I'm understanding this wrong.

The troubles I am having is deploying this client. We use MDT to build our PCs; I'm hoping to be able to install the agent on PCs prior to connecting to Patch Manager. We're unable to deploy the components via Patch Manager as these PCs will not accept incoming connections.

The only way I've managed to get this agent to work is by provisioning an offline installer for a PC, and then manually installing. This requires me to not only specify the PC the package is used for, but also provide a password for the cert. This would be tough to automate in MDT.

My questions:

1. Is there a offline installer for Patch Manager agent that I could deploy via MDT during the build process? Preferably one that can be automated.

2. Is there a difference between the "Solar Winds Client Components" and the agent itself? It seems like the client components do not work as they should, but creating an offline agent does.

  • 0

    Actually, I can't think of an instance where the Patch Manager Agent itself initiates the communication. I may not be correct with that, but I know that through Group Policy you can configure the Windows Update Agent to reach out on a schedule, that's basically how that works, but the Patch Manager Agent is there to help facilitate the WMI connection, effectively. I'm sure there's a little more to it, but it seemed to me that the agent is basically the WMI providers with a little bit more code to funnel the network traffic over port 4092.

    As for deploying the agent without Patch Manager, the typical way to handle it is to do it via WSUS directly. You could use SCCM of course or if you have another existing solution, but it would go back to my second line that you would need your machines to reach out to WSUS to check for updates if you don't want Patch Manager to tell them what to do.

    You can find more information about your options here:

    Deploying Agents

    Furthermore, if my understanding about the agent is correct the main reason to have the agent is to better receive the incoming connections. The main benefit being that you get instructions on port 4092 instead of the dynamic range of WMI ports:

    Patch Manager Agents

    But you will still need to enable inbound connections on port 4092 for your clients.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.