# Software

*Applies to: Patch My PC Publisher*

## Overview

The Publisher can be installed on either a Windows client or Windows Server operating system (see [Core Requirements](https://docs.patchmypc.com/patch-my-pc-publisher/publisher-requirements/core-requirements)) when publishing applications and updates solely to Microsoft Intune. However, even in Intune-only scenarios, particularly when the Publisher is installed on a Windows client operating system, specific WSUS components are still required. These components provide the WSUS API functionality needed to process and deserialize the update catalog format usedby Patch My PC.

{% hint style="success" %}
**Tip**

Some organizations have strict security or operational requirements that mandate the use of the Publisher instead of Patch My PC Cloud, or require separation of duties between Intune and ConfigMgr/WSUS administration teams. In these cases, it is fully supported to deploy a separate instance of the Publisher dedicated solely to Intune publishing, even if another Publisher instance already exists for WSUS or ConfigMgr. 

This approach aligns with least-privilege principles, allowing permissions, credentials, and administrative access to be scoped specifically to the Intune publishing workflow.
{% endhint %}

{% hint style="warning" %}
**Important**

The Publisher **does not need to be installed on each device** receiving applications or updates from Intune.

The Publisher is used only to publish applications and updates into Intune. Once published, delivery, installation, and enforcement on client devices is handled entirely by the Intune Management Extension (IME), which is already automatically installed on Intune-managed Windows devices.

Installing the Publisher on individual client devices **is not required** and provides no benefit for application or update deployment.
{% endhint %}

## Windows Server Operating System

If the Publisher is already being used with ConfigMgr and/or WSUS, and the same Publisher instance will also be used for Intune, the software requirements for [ConfigMgr](https://docs.patchmypc.com/patch-my-pc-publisher/publisher-requirements/configmgr-requirements/software) or [WSUS](https://docs.patchmypc.com/patch-my-pc-publisher/publisher-requirements/wsus-requirements/software) will already satisfy the WSUS API component requirements to publish to Intune.

If the Publisher is being used exclusively for Intune, a full WSUS role installation is not required. In this case, only the WSUS API components must be installed to allow Publisher to process update metadata and interact with WSUS libraries used during publishing. The steps below explain how to install the required components for this scenario.

### Install the WSUS UpdateServices API

1. Open an **elevated PowerShell** window.
2. Run the following command:

```powershell
Install-WindowsFeature UpdateServices-API
```

3. To confirm the UpdateServices API is installed, run:

```powershell
Get-WindowsFeature UpdateServices-API
```

The feature should show as **Installed**.

<figure><img src="https://3773699522-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MX7dvS0r_4fc0AikgJS%2Fuploads%2FhDaE4TbIAR2fGHpvetQi%2Fimage.png?alt=media&#x26;token=88ea643d-ea7d-4c9d-a503-5cf5946db658" alt="Get-WindowsFeature UpdateServices-API" width="563"><figcaption></figcaption></figure>

## Windows Client Operating System

When installing the Publisher on a Windows 11 device, which is typical for Intune-only publishing scnearios, the WSUS RSAT tools must be installed. A full WSUS role installation is *not* required. If the RSAT tools are not installed, you will see the following messaage when [installing the Publisher](https://docs.patchmypc.com/patch-my-pc-publisher/download-and-install).

<figure><img src="https://3773699522-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MX7dvS0r_4fc0AikgJS%2Fuploads%2FsvyV4xho7h9FuVA98gTE%2Fimage.png?alt=media&#x26;token=a8fb74b0-86f3-44ec-8dac-69ecf51e2981" alt="WSUS RSAT tools missing" width="272"><figcaption></figcaption></figure>

The steps below explain how to install the required components for this scenario.

### Install WSUS RSAT Tools

1. Open an **elevated PowerShell** window.
2. Run the following command:

```powershell
Add-WindowsCapability -Online -Name Rsat.WSUS.Tools~~~~0.0.1.0
```

3. To confirm the WSUS RSAT tools were installed successfully, run:

```powershell
Get-WindowsCapability -Online -Name Rsat.WSUS.Tools~~~~0.0.1.0
```

The output should show the capability state as **Installed**.

<figure><img src="https://3773699522-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MX7dvS0r_4fc0AikgJS%2Fuploads%2FRj91nIEhkZ9Rvy8kLEkZ%2Fimage.png?alt=media&#x26;token=3292d156-2760-42ec-a6d5-d280feb3803d" alt="Get-WindowsCapability -Online -Name Rsat.WSUS.Tools~~~~0.0.1.0" width="563"><figcaption></figcaption></figure>

{% hint style="info" %}
**Note**

It is typicall for the download and installation of the WSUS RSAT tools to take \~15 minutes. Review `C:\Windows\Logs\CBS\CBS.log` and `C:\Windows\Logs\DISM\dism.log` for the download and installation progress.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.patchmypc.com/patch-my-pc-publisher/publisher-requirements/intune-requirements/software.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.