Step 3 – Group Policy Status

A Group Policy is required to distribute certificates and locally created packages. Software Vulnerability Manager can easily create this GPO so the WSUS Signing Certificate is distributed to all clients. Please choose to use WSUS or System Center. Once this is completed expand the Group Policy Options.

If you are creating the Software Vulnerability Manager WSUS Group Policy for the first time, proceed by selecting all the options and then click Create Group Policy.

Important:Besides distributing the certificate through the Software Vulnerability Manager WSUS GPO, it is also possible to provision certificate to the target computers by going to Patching > WSUS/System Center > Deployment, selecting the target hosts where the certificate is to be installed (CTRL+ mouse click for multiple selection) and then right-click and select Verify and Install Certificate.

Remote Registry service (disabled by default on Win7/Vista) should be enabled and started for the certificate to be successfully installed.

If you prefer to create your own Group Policy to distribute the WSUS Signing Certificate, please refer to Creating the WSUS-CSI GPO Manually. If you prefer not to create the Software Vulnerability Manager WSUS Group Policy, the existing Windows Updates GPOs must be edited in accordance with Setting Up Clients to Access WSUS.

Important:If you use Microsoft System Center Configuration Manager, please make sure you do not select the first option Use the WSUS Server specified in Software Vulnerability Manager.

Important:If you already have the Windows Updates being configured through a Group Policy, we suggest you select the first 3 options in the Create a new Software Vulnerability Manager WSUS Group Policy page.

Important:The Software Vulnerability Manager WSUS Group Policy will be created but not linked to your domain. This way you can easily check the details of the newly created GPO and verify that the existing WSUS GPOs are correctly configured.