1 Reply Latest reply on Feb 12, 2018 4:53 PM by jrouviere

    Mobile Workers


      I hope someone can help me with a what’s  become a large problem for us.


      We have had a massive increase of users who are using laptops out in the field and are not using the VPN for one reason or another. This preventing large numbers of our laptop estate from receiving there monthly updates.


      Is there anyway I could use PM to patch these laptops when there just connected to the internet ? My thought was to setup a automation server in the DMZ and install the PM agent on the laptops then have them talk back to DMZ automation server. Would this work ? Or is there a better solution with PM that I've missed ?

        • Re: Mobile Workers

          As Patch Manager hosts the third party content on the WSUS server, the client machines will need access to a WSUS server.  In most configurations you wouldn't be able to use Update Management or the Update Management Wizard to handle updates with remote clients as Patch Manager would need WMI access to the remote clients.


          The easiest way to handle remote patching via Patch Manager is going to be using a VPN so they are tunneled into your network.


          If that's not an option you could theoretically point them to a WSUS server out in the DMZ and they would likely need to phone home during a scheduled check in (such as via Group Policy), but that seems like it would be inconsistent at best.


          This posting should help you with considerations, the main issue is that the third party content isn't going to be available from Microsoft Update:


          WSUS updates for remote workstations