Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Advanced Insights & Patch Insights share a base install, the functionality provided is governed by the license key you provide when first using the interface.
Applies to: Advanced and Patch Insights
All setup and configuration instructions are valid for both Advanced Insights and Patch Insights unless stated.
Advanced Insights (& Patch Insights) Requirements and Prerequisites
Applies to: Advanced and Patch Insights
Advanced Insights is a website portal for Configuration Manager. It is an Internet Information Server-based application that runs on-premises. Please read the documents in this section to review requirements for Certificates, Software and Network configuration.
Applies to: Advanced and Patch InsightsAdvanced Insights stores configuration data in a SQLite database. This database is created automatically by the application in the following location:
%ProgramData%\AdvancedInsights\Data\Api\AdvancedInsightsConfig.db
It is recommended to backup this file as it contains all of the configuration data for your Advanced Insights environment.
Applies to: Advanced and Patch Insights
Advanced Insights needs a valid SSL certificate to install and function. (the installer will verify the certificate is valid).
Supported Certificate types:
Server host (FQDN) standard certificate.
Wildcard certificate.
Custom CNAME / Alias certificate.
Self-signed certificate.
The certificate must meet the following minimum requirements:
Support HTTPS / SSL.
Has private key.
Valid in-date (not expired).
Enhanced key usage includes "Server Authentication".
Only modern signature types are supported (e.g. SHA256). Legacy / weak signature algorithms, for example; 'SHA1', 'MD2', 'MD4', 'MD5 are not supported.
Subject Alternative Name (SAN). The certificate SAN requirements depend on the chosen deployment configuration for the Advanced Insights URL.
Scenario 1 - Server Host name certificate.
For Advanced Insights URL deployment using server host name (e.g. https://server01.contoso.local) the certificate SAN must contain an entry which matches the FQDN of the host server where Advanced Insights is installed.
Scenario 2 - Wildcard certificate.
For Advanced Insights URL deployment using a wildcard certificate, an entry must be included in the certificate SAN that represents the wildcard certificate. e.g. ' *contoso.local'.
Scenario 3 - CNAME / Alias certificate.
For Advanced Insights URL deployment using a CNAME / Alias, (e.g. https://AdvancedInsights.contoso.local) the certificate SAN must contain an entry which represents the CNAME / Alias. e.g. 'AdvancedInsights.contoso.local'.
When using a CNAME / Alias or Wilcard certificate for custom Advanced Insights deployment URL, ensure that DNS has been updated to include an entry which represents the chosen CNAME / Alias.
Example:
Certificate SAN values can be also verified within the certificate properties.
Examples:
On the Windows Server OS which will host Advanced Insights, the following PowerShell script can be executed to list supported certificates.
Example PowerShell outputs:
Self-signed certificate use.
When deploying Advanced Insights using a self-signed certificate, the installer will automatically create the certificate using the server host name value to create the Advanced Insights URL.
Example:
https://server01.contoso.local
We don't recommend using a self-signed certificate long-term in production as it won't be trusted by other client browsers by default. You can replace a self-signed certificate or modify the certificate in use using the Add/Remove Programs "Change" option as detailed here.
Server OS, SQL and Dependencies
Applies to: Advanced and Patch Insights
Windows Server 2016 and later
1.5 GB of free disk space
Minimum 1 CPU Core
Minimum 8 GB RAM
CPU and RAM requirements are a minimum for Advanced Insights only and do not consider any other IIS Web sites or Apps running on the same instance.
Internet Information Services (IIS)
WebSockets (will be added automatically by the installer if missing)
To install IIS on your server outside of the installer you can run this PowerShell command:
Install-WindowsFeature -name Web-Server -IncludeManagementTools
For an existing IIS Server - 'OPTIONS' HTTP Verb must not be BLOCKED at server level.
The following is an example of 'OPTIONS' HTTP Verb 'Not allowed' This configuration will prevent the Advanced Insights install from completing successfully.
If 'OPTIONS' HTTP verb is present at the IIS Server level and 'Allowed' value set to 'False', remove this item and re-run the Advanced Insights installer.
The installer will configure 'OPTIONS' HTTP verb at the site level for 'Advanced Insights Api' IIS site object.
IIS CORS Module 1.0
ASP.NET Core Hosting Bundle 8.0
SQL Server ODBC Driver 17.6 (minimum)
IIS URL Rewrite 2.1
The Advanced Insights installer will automatically install additional software if needed.
Configuration manager SQL Database must be SQL Server 2016 SP1 or later. We strongly recommend ensuring the latest cumulative update is applied to your SQL Server.
Database Compatibility Mode must be at least 130 for the Threat Analytics dashboard to load. You will see a warning if this is not met.
If you experience performance degradation in the ConfigMgr Console or Advanced Insights when running the default recommended Compatibility Mode level for your version of SQL Server, reassess whether you may have to change the level to 110. Microsoft have further reading on this here https://learn.microsoft.com/en-us/troubleshoot/mem/configmgr/alerts-reports-queries/sql-query-times-out-or-console-slow-performance
The configuration guides will help you setup the Patch My PC Publisher with Microsoft Configuration Manager and Microsoft Intune.
To help get you started, we provide a few different guides (documented or video) to help you install the Patch My PC Publisher.
Don't feel like going it alone? You can schedule a setup call with a Patch My PC engineer to help you install correctly first-time in your environment.
SHA256: 7062191C6F70C79268425408E4A1E1CAFA5F19A9E41EB9B2D26D803934B9CDC4
Are you installing the product with Configuration Manager? No problem, click the link below for our Configuration Manager guide! The guide includes a text-based version, video, and the ability to directly schedule a setup call with an engineer!
Are you installing the product for Microsoft Intune? No problem, click the link below for our Intune standalone guide! The guide includes a text-based version, video, and the ability to directly schedule a setup call with an engineer!
Curious about what fixes and new features we've added to the Publisher? You can check out our release history in the release history section for our Production and Preview releases:
You can also stay up-to-date by subscribing to our catalog release newsletter and RSS feedback to find out the moment we update our catalog with new products and updates!
If you're just getting started and need help learning the product no problem we can give you a live interactive demo where we will explain everything you need to know about our product from a deep dive inner workings of the product to licenses and security. 🔒
So you've seen a demo, and you're ready to try the product out in your environment. To get you started off right we offer a FREE guided installation of the product in your environment. We strongly encourage all customers to bring an engineer along for the ride to ensure you get the maximum value out of our product and to ensure smooth sailing. ⛵
Something seems not quite right? Maybe you want to brush up and learn about all those cool new features we've been releasing since the last time you had a demo. No worries, you can schedule a review call any time you like and our team will be happy to help you study up and help make sure your environment is in top shape. 🎩
When all else fails and you can't find the answers you need we will always be there for you. While we do have a lot of written knowledge articles sometimes those just aren't enough. If you ever find that to be the case, or something is going disastrously wrong you can always open a support case with our talented team of experts.
Not everything always works in pure documentation format and for this, we have some links to our most commonly used resources on our website including
Got questions about licensing, subscription types, or how we handle security? Don't worry we get asked those questions all the time.
Ready to head on back to our home page? Don't worry we booked you a ride there.
Curious about where we are going and what we are planning to do we make all that information publicly available on our live roadmap.
Is there something we are missing? Maybe a new document, a new feature, or a new app? If you head on over to our user voice you can submit new ideas for us and make recommendations.
Want to learn more about who we are and what we do? Head on over to our About Us page to learn more about who we are and our company's core values.
Note
If you have any feedback or comments on our docs, please email docs@patchmypc.com.
Advanced Insights SSL Certificate configuration.
Applies to: Advanced and Patch Insights
Advanced Insights requires a valid SSL certificate to bind to the application websites and supports the following types:
Server host (FQDN) standard certificate.
Wildcard certificate.
Custom CNAME / Alias certificate.
Self-signed certificate.
Ensure the SSL certificate requirements are reviewed here: Certificate Requirements
Scenario 1 - Server Host name certificate.
For Advanced Insights URL deployment using server host name (e.g. https://server01.contoso.local) follow steps described in section:Standard Server host name certificate
Scenario 2 - Wildcard certificate.
For custom Advanced Insights URL deployment using a wildcard certificate (e.g. *.contoso.local) follow steps described in section: Wildcard certificate
Scenario 3 - CNAME / Alias certificate.
For custom Advanced Insights URL deployment using a CNAME / Alias, (e.g. https://AdvancedInsights.contoso.local) follow steps described in section: CNAME / Alias certificate
Scenario 4 - Self-signed certificate.
For Advanced Insights URL deployment using a Self-signed certificate follow steps described in section: Self-signed certificate
Select the certificate which represents the server host name (FQDN).
Once selected, no further certificate configuration is required.
Click Next to proceed to the Advanced Insights SQLite Database page.
Select the certificate which represents the wildcard certificate.
Click the 'Set CNAME / Alias' button.
In the CNAME / Alias configuration page, the installer will automatically pre-populate the domain wildcard property from the selected certificate.
The CNAME / Alias property value box will need to be updated with a chosen CNAME / Alias prefix. For example:
'AdvancedInsights.corp.contoso.local'
Then click 'Set CNAME - Alias'.
Click Next to proceed to the Advanced Insights SQLite Database page.
When using a wildcard certificate, if no CNAME / Alias is set using the CNAME / Alias configuration page, the installer will automatically default to setting the Advanced Insights URL to the server host name FQDN. Example:
https://server01.corp.contoso.local
Select the certificate which represents the CNAME / Alias certificate.
Click the 'Set CNAME / Alias' button.
In the CNAME / Alias configuration page, the installer will automatically pre-populate the CNAME / Alias property based on the available SAN entries from the selected certificate.
In this example, the selected certificate has one SAN entry which has been automatically pre-populated:
Confirm the CNAME / Alias configuration by clicking the 'Set CNAME / Alias' button.
Click Next to proceed to the Advanced Insights SQLite Database page.
To deploy Advanced Insights using a self-signed certificate, on the certificate selection page, click the 'Create Self -Signed Cert' button:
The installer will then automatically proceed to the Advanced Insights SQLite Database dialog page.
These Install Instructions are valid for installing both Patch Insights and Advanced Insights.
Applies to: Advanced and Patch Insights
Run the installation
Ensure the Software requirements have been reviewed here: Software Requirements
Download the latest installer for Advanced Insights by clicking the link below.
You can view the release history for Advanced Insights on our release history page.
Start the installation by double-clicking the downloaded AdvancedInsights.exe
Once the installation starts, you will likely be greeted by the prerequisite screen in our installer wizard, click Next.
If you have already met the prerequisite requirements, these screens will not be shown, and you can step down to the License Terms and Conditions step.
Any required prerequisites are listed. These can all install without requiring a restart. Confirm the requirements and click Next.
Once the required prerequisites have been installed, you must accept the Terms and Conditions of use. Tick the "I agree" box and click Next.
Advanced Insights requires approximately 1.5GB of storage space. Confirm the installation directory and click Next.
Applies to: Advanced and Patch Insights
Completion
When the installer has completed the final wizard screen is shown. This includes a link to go to the welcome experience dashboard. The first use username is admin the initial password is 123qwe which you will be prompted to change.
Network port and IIS Application Pool Identity
Applies to: Advanced and Patch Insights
Advanced Installer will create two websites and related application pools. The Dashboard website (Advanced Insights Frontend) is the site you will access to view dashboards and reports, the other site (Advanced Insights Api) is internally referenced only.
Ensure the network requirements are reviewed here: Network Requirements
The IIS Configuration page allows you to set the dashboard port and IIS application pool identity to your requirements. The port is what will be used when browsing the portal (e.g., https://adv01.contoso.com:444). The API port is read-only. Firewall rules will be automatically created for the dashboard, and API websites.
The installer will automatically recommend the best available port for the dashboard website. You can change this if you wish.
The IIS Application Pool identity used for both the Advanced Insights Frontend and Api application pools is 'LocalSystem' by default. An alternative identity (Active Directory account) can be used if required. More details on IIS application pool identity here: IIS Application Pool Identity
When setting a custom ID for the IIS application pools, you must ensure the Active Directory account being used has the required SQL permissions to the Configuration Manager database. See: SQL Permissions
Examples:
In this example, the installer automatically determined that the best available port was 444. IIS Application Pool left as default 'LocalSystem'.
In this example a custom IIS application pool identity has been set:
Confirm the required Dashboard Port and if required, IIS application pool identity and click Next.
Note
If you have any feedback or comments on our docs, please email docs@patchmypc.com.
Applies to: Advanced and Patch Insights
Installation Summary
This completes the pre-install configuration of Advanced Insights, a summary screen is shown and you can review and click Install to begin the installation.
Installation
The installer may take up to 30 minutes to complete.
Note
The installer will automatically create an installation log at %temp%\AdvInsights.log
Additionally, a copy (.zip) of the install log is placed into C:\ProgramData\AdvancedInsights\Logs\Installer
Modify configuration.
Applies to: Advanced and Patch Insights
The ability to use the modify feature is supported in version 2.1.0 and later.
The following configurations can be modified for an existing Advanced Insights deployment. SSL certificate.
Advanced Insights website frontend network port.
Reset default admin password.
If the install executable version that was originally used to deploy Advanced Insights is available, you can start the modify process by rerunning the original installer. Otherwise, locate the Advanced Insights listing in the add - remove programs list and select 'Modify'.
Click 'Modify'
Click 'Yes'
Click 'Modify'
Select the required modification option checkbox to enable the related 'Change' button
Details of the upgrade process
Applies to: Advanced and Patch Insights
To upgrade silently please run AdvancedInsights.exe /q /l*v %temp%\AdvInsights.log
When you run the installer, it will prompt for you to accept the license terms.
You will be presented with the upgrade summary page. There is also the option to change the certificate, network port or IIS application pool identity if required.
If upgrading from 1.0.x and 2.0.x versions of Advanced Insights, the upgrade summary page will also include summary information about the Advanced Insights SQL DB migration to SQLite.
If you wish to do so, click the 'View / Change Cert' button will show additional information about any warnings being flagged.
Following this, click Install to start the upgrade process.
The upgrade success page is displayed upon completion.
Change the Advanced Insights IIS website port.
Applies to: Advanced and Patch Insights
This section describes the steps required to change the frontend network port used for an existing Advanced Insights deployment.
The ability to change the network port using the modify feature is supported in version 2.2.1 and later.
In the configuration modification page, select the checkbox for 'Frontend SSL Port Configuration' then click 'Change SSL Port':
Click 'Edit port' in the 'Advanced Insights' section and enter a new port number, then click 'Next'
Click 'Install
The installer will make the required configuration changes and display a summary once complete.
Click 'Finish'
Advanced Insights ConfigMgr SQL Permissions requirements
Applies to: Advanced and Patch Insights
If Advanced Insights is installed on your ConfigMgr site server, then you should not need to do any SQL permissions configuration.
The Advanced Insights IIS Application Pools can run as the local computer Identity, which has ConfigMgr SQL database access by default. If Advanced Insights is installed on the same server as Config Manager database this account will show as NT Authority\System in SSMS, else if on a different server it will show as the hostname of the server Advanced Insights is installed on.
Advanced Insights needs read access to the ConfigMgr SQL database. If Advanced Insights is installed on a server that is not the ConfigMgr site server, or a custom Active Directory account is used for the IIS application pools, you will need to grant some SQL permissions.
Open SQL Management Studio and connect to the required SQL instance for your ConfigMgr database
Execute the following script replacing the domain\computername and CM_XXX database name
Advanced Insights access to the Configuration Manager SQL database can be configured to use a Active Directory user account. This account is set as the IIS application pool identity.
Open SQL Management Studio and connect to the required SQL instance for your ConfigMgr database
Execute the following script replacing the domain\username and CM_XXX database name
Change the Advanced Insights SSL Certificate.
Applies to: Advanced and Patch Insights
This section describes the steps required to change the SSL certificate used for an existing Advanced Insights deployment.
The ability to change the SSL certificate using the modify feature is supported in version 2.1.0 and later.
In the configuration modification page, select the checkbox for 'SSL Certificate' then click 'Change Certificate':
Use the drop down list to select the SSL certificate which represents the CNAME / Alias you wish to use.
With the appropriate SSL certificate selected, click 'Set CNAME / Alias'
In the set CNAME / Alias dialog page, the dialog will be prepopulated with a value for the CNAME / Alias based upon the selected certificated.
Modify the prepopulated URL value if required.
Click 'Set CNAME / Alias'
Click 'Next'
Click 'Install'
The installer will make the required configuration changes and display a summary once complete.
Click 'Finish'
New Advanced Insights URL
Instructions for removing Advanced Insights
Applies to: Advanced and Patch Insights
To completely remove the product we will carry out the following actions:
Remove the Advanced Insights Inventory Extensions (if deployed)
Uninstall the Advanced Insights product
Remove the Advanced Insights database
You can manually remove the Inventory Extensions from a ConfigMgr Console under: Administration > Client Settings > Default Client Settings > Hardware Inventory > Set Classes ...
Carefully Select and delete each PMPC_ Inventory Class from this window individually. This will remove them from your Hardware Inventory Schema and delete their data from the database:
The uninstall is automated from Settings / Add Remove programs, simply select the application and click remove.
The uninstall will leave behind some customization files, including the Advanced Insights SQLite DB. This can all be removed by deleting the following folder:
Applies to: Advanced and Patch Insights
Advanced Insights stores all application configuration in a SQLite database located in the following folder:
Advanced Insights stores all warranty data in a SQLite database located in the following folder:
These files can be backed up by any file backup solution.
To restore the configuration in the event of loss or server move, simply re-install Advanced Insights and copy the backup files into the same location, overwriting the blank database supplied by the installer.
Reset password for the Advanced Insights default admin account.
Applies to: Advanced and Patch Insights
This section describes the steps required to reset the password for the default 'admin' account for an existing Advanced Insights deployment.
The ability to reset the default admin password using the modify feature is supported in version 2.2.1 and later.
In the configuration modification page, select the checkbox for 'Default Admin Password Reset' then click 'Reset Password':
The password reset confirmation is then displayed. Click 'Close'
Click 'Finish'
On next login using the default 'admin' account, you will be prompted to change the password.
To upgrade Advanced Insights, we need to re-run the installer using the latest version downloaded from .
See section:
Review the network requirements here:
Alternatively, a custom ID can be used. See:
See:
Review the SSL Certificate requirements here:
In this example, we are changing the SSL certificate to a CNAME / Alias type as described here - If you want to change the SSL certificate to a server host name only type, select the appropriate certificate and then click 'Next'. Configuring a server host name type URL described here -
Definition and technical description of each of our custom WMI Classes
Applies to: Advanced Insights
Properties marked with *
These properties can vary by hardware manufacturer. Data generation methods may differ between manufacturers and not all manufacturers may be supported. Users should consult the manufacturer's documentation for accurate interpretation of these properties where applicable.
DeviceID: Identifier that uniquely names the physical disk.
BusType: The interface the disk is connected by.
MediaType: Media type of the physical disk
*Manufacturer: The name of the manufacturer
*HealthStatus: A high-level indication of device health.
*OperationalStatus: Status further explaining a given health status.
*Model: This field represents the model number of the hardware
*PowerOnHours: Length of time, in hours, the storage device has been powered on since manufacture.
*ReadErrorsTotal: Total read errors encountered by the device.
*SerialNumber: Serial Number of the battery
*Temperature: The current temperature of the storage device in Celsius
*TemperatureMax: The maximum temperature in Celsius at which the storage device is capable of normal operation.
*Wear: Storage device wear indicator, in percentage. At 100 percent, the estimated wear limit will have been reached.
*WriteErrorsTotal: Total write errors encountered by the device.
These properties are collected via SMART. Not all devices may support SMART monitoring
BatteryID: String identifying the battery.
DesignCapacity: The design capacity of the battery in milliwatt-hours.
FullChargeCapacity: The full charge capacity of the battery in milliwatt-hours.
Health: Comparison of the FullChargeCapacity to the DesignCapacity property is used to determine the health of the battery. (100 = Healthy)
*Chemistry: Describes the batteries chemistry.
*Manufacturer: The name of the manufacturer
*ManufacturerDate: The date the battery was manufactured
*SerialNumber: Serial Number of the battery
DataSourceName: Name of the ODBC
Database: The Display Name of the Application
Description: The reported version of the application.
Driver: The driver used for the ODBC
DriverVersion: The specific file version of the driver
Platform: Specifies whether the ODBC is 64/32 bit
User: The name of the user that owns the ODBC (if applicable).
InstallLocation: The folder location in which the application is installed
DisplayName: The Display Name of the Application
DisplayVersion: The reported version of the application.
InstallDate: The date the application was installed.
Publisher: The name of the publisher of the application.
QuietUninstallString: command line string to uninstall the application.
UninstallString: command line string for silent uninstall of the application.
User: The name of the user that installed the application.
GroupName: Name of the local group.
Members: List of user members belonging to that local group.
GroupMembers: List of sub groups that are members of the local group
If a member cannot be identified the SID will be displayed instead.
Please note that collection of this data requires additional software from the vendors to be installed on clients:
Lenovo - Lenovo Dock Manager
DELL - Dell Command Monitor (or DSIA)
DeviceName: Identified name of the dock device.
*Firmware: The firmware version currently installed on the dock
*Manufacturer: Manufacturer of the dock
*SerialNumber: Serial Number of the dock if applicable (For dell this is the same as service tag)
PnPID: Device "PnP" Id, this is only used if we werent able to identify the dock model
InstanceName: Unique Identifier for the monitor
DeviceName: Name of the monitor
InchSize: Diagonal size of monitor
ConnectionType: The cable used to connect to monitor
Primary: Whether this monitor is configured as the primary display. True or False.
ResolutionHorizontal: Maximum horizontal pixel count
ResolutionVertical: Maximum vertical pixel count
*Model: Model of the monitor
*SerialNumber: Serial number of monitor (service tag for DELL)
*Manufacturer: Name of manufacturer
*ManufactureYear: Year the monitor was made
UpdateId: unique ID that represents the update
Title: Title of the update.
Status: Missing or Installed.
Service: The Update Service used to discover this update.
Product: Product associated with the update
ProductID: ProductID associated with the update
InstalledOn: Date the update was Installed On
DatePosted: Date the updated was release or revised
ArticleId: KB article ID identifying the update
GUID: unique ID that represents the Wifi Interface
Description: Name / description of the interface
Authentication: Type of authentication used (e.g., WPA2, WEP, Open)
Band: Frequency band used (e.g., 2.4GHz, 5GHz)
Channel: Current operating channel
Cipher: Encryption cipher used (e.g., AES, TKIP)
ConnectionMode: Mode of connection
Driver Version: Version of the driver software controlling the interface
PhysicalAddress: MAC address of the interface
RadioType: Type of wireless radio (e.g., 802.11n, 802.11ac)
Signal: Percentage signal strength of the connection
SSID: Name of the wireless network
State: Current state of the interface (e.g., connected, disconnected)
SID: Security Identifier associated with the user profile
Path: File path where the user profile is stored
LastLoggedIn: Date and time of the user's last login
AccountName: Name of the user account
SizeGB: Size of the user profile in gigabytes
Note
Supported Browsers:
Chrome
Edge
Brave
Firefox
Opera
InstallPath: Path of the extension content and manifest
Name: Name of the extension
Author: The reported author of the browser extension acording to the manifest
Browser: The browser that the extension is installed in.
User: The user that has the extension installed. (All browser extensions are per user)
ID: ID of the Browser Extension associated with Chrome / Edge store
Version: The version of the browser extension
Overview of Advanced Insights dashboards
Applies to: Advanced Insights
Creating, editing and sharing Custom Dashboards
Applies to: Advanced Insights
Introduced in Advanced Insights 2.2.1, the Custom Dashboard feature enables users to create their own dashboards and share them with other users, if permitted.
Applies to: Advanced Insights
Advanced Insights must be granted the correct permissions to your SMS Provider for these actions to work. See Configuration Manager Permissions.
Clients with the Inventory Extensions MSI installed will support the use of our custom client actions:
If you see this message when using any of the custom client actions:
This means you have the "Additional Script Approver" setting enabled in ConfigMgr. To approve our script, please follow these steps:
Open your ConfigMgr Console
Go to Software Library > Scripts
Right click and approve the "Advanced Insights Client Actions" script
Install Updates - Installs all updates which are advertised to the device which are targeted as available or required. This is the same action as pressing Install All in the Software Center.
Repair Client - Executes the ccmrepair.exe
Clear CCM Cache - Clears all ccmcache items on the client (including persistent cache)
Granting Advanced Insights a role in ConfigMgr. Not required for Patch Insights.
Applies to: Advanced and Patch Insights
For various Configuration Manager console actions and features to work, the accounts running the IIS App Pools need to have permissions to connect to your SMS Provider Server.
Note: If you installed Advanced Insights on an SMS Provider Server then you may not have to configure any permissions for this to work.
By default, the IIS App Pools run under the local computer account of your Advanced Insights Server.
Open the ConfigMgr console and navigate to Administration > Security > Administrative Users > click Add User or Group
Choose the User/Computer account running your IIS App Pools. In our example we are adding the local computer account of our server named "SCCM"
Assign them the Operations Administrator role (or optionally a custom role)
If you wish to adhere to the "Principle of Least Privilege" then you can download the XML file below and import it as a security role into ConfigMgr. This role grants the lowest possible privileges.
To import the security role XML file, open the ConfigMgr console and navigate to Administration > Security > Security Roles > click Import Security Role.
Advanced Insights welcome page
Applies to: Advanced and Patch Insights
The default credentials for your first logon are below. You will be prompted to change these:
Username: admin
Password: 123qwe
On first logon, you will see the welcome page. You can access this page any time by clicking your username in the top right of the screen.
The welcome screen needs your Patch My PC license key and your ConfigMgr site server details.
If Advanced Insights is installed on the same server as the Patch My PC Publisher we will read the license key automatically. Alternatively, please add your license key and click to verify.
Provide the server name and database name of your ConfigMgr primary site and click to connect.
As long as the IIS application pool identity running the Advanced Insights Controller website has permission to read the database, you should be good to go.
If you have a problem at this stage, please see this document for details on granting SQL permissions.
Once the license key and SQL sections are successfully completed, click Go to Dashboard in the final step to complete setup.
Applies to: Advanced Insights
Several features of Advanced Insights (this is not relevant for Patch Insights) require the deployment of our Inventory Extensions. This process adds additional reports and functionality to Configuration Manager.
To setup the Inventory Extensions, there are two actions to complete:
Navigate to the Administration > Settings page
Select the Advanced Insights Inventory Extensions tab
Select whether to collect Microsoft Update Compliance Data see here for more information
Click Update Hardware Inventory via Advanced Insights
Seeing this message suggests you need to configure Configuration Manager Permissions. We recommend configuring permissions instead of proceeding with a manual install.
Download AdvancedInsights_SMS_DEF.mof
In the ConfigMgr Console, navigate to Administration > Client Settings > Default Client Settings > Hardware Inventory > Set Classes...
From this page click Import... and select the AdvancedInsights_SMS_DEF.mof
Tick/untick the imported Inventory Classes as required
If you have previously deployed the "PMPC Data Collection" PowerShell Package, please ensure you delete its deployment before deploying the new InventoryExtensions.msi
After removing the deployment for the legacy PMPC Data Collection package, the InventoryExtensions.msi must be installed on clients you wish to collect inventory data from.
Windows 10/11, Windows Server 2012 - 2022 (64-bit)
.NET Framework 4.8
You can deploy the Inventory Extensions product via Patch My PC Publishing Service
1. Open the Patch My PC Publisher, navigate to the ConfigMgr/Intune Apps tab and select Patch My PC > Advanced Insights Inventory Extensions (MSI-x64)
2. To quickly sync this app to ConfigMgr/Intune without having to wait for all other selected apps and updates in the Publisher to evaluate and process, right click the Advanced Insights Inventory Extensions (MSI-x64) app and select Publish this product during the next manual sync. (Selective sync).
3. On the Sync Schedule tab, click Run Publishing Service Sync.
4. Verify the Inventory Extensions x.x.x.x (MSI-x64) application was created and deploy it to your desired collection(s).
Note
We also recommend that you enable the Advanced Insights Inventory Extensions (MSI-x64) WSUS/Intune UPDATE to ensure your clients receive newer versions of the Inventory Extensions as they are released.
Note
The Advanced Insights Inventory Extensions will add approximately 0.5 MB per-client to the Configuration Manager database. We recommend increasing the acceptable inventory file size from the default of 5MB to a minimum of 10MB. To do so edit the HKLM\Software\Microsoft\SMS\Components\SMS_INVENTORY_DATA_LOADER\Max MIF Size value to Decimal 10,485,760 / Hex a00000.
Applies to: Advanced Insights
Advanced Insights (this is not relevant for Patch Insights) can access device warranty information from a variety of vendors. For access to Dell warranty information you will need an API key provided by Dell. The process to apply for a key is shown here.
First you will browse to https://techdirect.dell.com and register or log in, you will need to be associated with your Dell Company account. Once all that is sorted you can select to go to the APIs section.
Advanced Insights makes a single API call for every 100 Dell clients when importing warranty information. To estimate the number of API calls you will require, we recommend specify 1% of the total Dell client device count.
Once you have successfully obtained your API key log into Advanced Insights and navigate to the Administration area. Go to Settings - External Services and check the "Is Enabled" and "Enable Warranty Caching" option.
Enter the provided Dell warranty text for Client ID, Client Secret and click save all.
*Please only enter in the text in-between the brackets for the API Client Secret.
Using a Advanced Insights with a Proxy Server
Applies to: Advanced and Patch Insights
Advanced Insights supports http, socks4 and socks5 network proxies.
Please add the correct protocol to the start of your proxies' network address e.g. http://x.x.x.x, socks4://x.x.x.x, socks5://x.x.x.x. Ports can be added at the end of the network address e.g. http://x.x.x.x:1234"
If Advanced Insights cannot automatically access our licensing service at https://api.patchmypc.com we will automatically prompt for you to supply proxy details.
Proxy configuration can also be added in the Administration - Settings - External Services tab
Note
If you are changing proxy settings, you will need to restart the Advanced Insights Controller and Warranty websites on the server you have Advanced Insights installed to reload the proxy settings.
Technical detail for the Inventory Extensions
Applies to: Advanced Insights
The Inventory Extensions MSI is a .NET WMI Provider. This provider code is loaded by the WMI Service on Windows clients. The provider returns data that the client processes into a hardware inventory report where it is then submitted to the ConfigMgr site server and entered into the SQL database.
WMI stands for Windows Management Instrumentation. It is a set of specifications from Microsoft for consolidating the management of devices and applications in a network from Windows-based systems. WMI provides a standardized way for systems administrators to manage and query information about their systems.
The heart of WMI is the WMI Service, known as Winmgmt
and part of the Windows OS, this service runs in the background on all Windows systems. This service acts as a broker between WMI Clients (ConfigMgr client) and the WMI Providers (Inventory Extensions MSI) that deliver the actual data.
ConfigMgr's existing hardware inventory data is collected from WMI. We simply extend ConfigMgr's default hardware inventory policy with the new definitions of our Inventory Extensions data. This allows the ConfigMgr clients to query our WMI Provider through the WMI Service during its normal hardware inventory task - just like it would for any existing hardware inventory class.
For this reason we do not consider the Inventory Extensions MSI as an "Agent". We do not install any services on clients, instead the existing WMI Service brokers the connection between our Inventory Extension MSI code and the ConfigMgr client for us. The only time this code runs on clients is during a Hardware Inventory task or when a custom client action is invoked, after which the WMI Service handles the unloading of our WMI Provider.
Applies to: Advanced Insights
Advanced Insights (this is not relevant for Patch Insights) will display the warranty status of Lenovo devices in the device modal display. We need to provide a warranty API token to be able to get this data.
To apply for a warranty API token you need to request one from your Lenovo account manager.
Once you have successfully obtained your API key log into Advanced Insights and navigate to the Administration area. Go to Settings - External Services and check the "Is Enabled" and "Enable Warranty Caching" option.
Enter the provided Lenovo warranty text for the Lenovo API Client token and click save all.
You can then navigate to the Warranty dashboard and click the Bulk Processing object in the top left to initiate warranty lookup.
Applies to: Advanced Insights
Advanced Insights (this is not relevant for Patch Insights) can access device warranty information from a variety of vendors. For access to HP warranty information you will need to sign up to HP Workforce Experience, enrol all the HP devices you want to collect warranty data on and set up a developer account to access the warranty data.
You will need to be a HP Workforce Experience customer for this to work, please speak to your HP representative about becoming a customer.
First, we will create the developer account needed to interact with the HP Workforce Experience api.
The url for the HP developer portal is https://developers.hp.com/
First, you will need to create an account if you do not have one already. If you have a HPID for HP Workforce Experience, you can use this account.
Once you have registered, you will need to message your HP representative and request access to the HP Proactive Insights APIs tech group for your developer account.
The link to generate api credentials is: https://developers.hp.com/group/1275/manage-credentials/apis
Please visit the link above to open the credentials generation page. You will be show the following options below. Click Get Credentials in the HP Proactive Insights Analytics section.
If the page has an error screen like shown below, HP have not enrolled your developer account in the HP Proactive Insights APIs tech group. Please contact HP again to have your account enrolled in the HP Proactive Insights API tech group.
You will need to provide the following information:
Credentials name: We recommend "Advanced Insight Warranty"
Description: We recommend "API Keys for Advanced Insight Warranty"
Developer Redirect Url: This will be used by HP to redirect when you log in. This needs to be your Advanced Insights in the following format https://FQDN:PORT/app/main/view/warranty. Example https://contoso.local:444/app/main/view/warranty
Client ID: Leave blank
Tick Read Checkbox
Click create and you will be redirected back to the previous page.
Once you have been redirected, there will be a green success banner on top of the page. Please now click the "My API Credentials" link in the banner.
Now click on the newly created app by click the app name, this will load the app details page.
Here you will see information about the newly created app.
We need to copy
The API ClientId
The API Secret (click "Show Secret" to get this entry)
It's a good idea to double check that the Redirect URL is correct. You can come back to this page if you receive a redirect URL error when trying to authenticate. You will also want to change the URL if your installation FQDN of Advanced Insights changes in the future.
We now need to copy API ClientId and API Secret to Advanced Insights.
Go to Administration -> Settings -> External Services
Based on the location of the HP Workforce Experience portal you used, select US or EU.
Copy and paste the API Client ID into the Client ID input
Copy and paste the API Client Secret into the Client Secret input
Save settings.
The app client secret has an expiration date of one year from the date of creation. Please make a note of when this key will need to be rotated.
If you are already a HP Workforce Experience customer, you may not need to do the registration steps below but you will need access to the HP Workforce Experience Portal.
HP has two versions of HP Workforce Experience, one for US (and ASIA) customers and one for EU customers.
You will need to sign up to the appropriate version based on your companies location.
Mistakes here will cause issues in the future. Here are the access urls.
US portal: https://admin.hp.com/
EU portal: https://eu.admin.hp.com/
When you have registered and logged in, you will be greeted by the home experience of HP Workforce Experience. On the left hand side, you will need to click "Assets" to begin importing your HP devices into HP Workforce Experience.
HP Workforce Experience allows you to import your device using four different mechanisms. Currently only Intune Import and Asset enrolment allow for warranty data collection, manual and csv upload do not trigger warranty collection by design. To begin importing devices, please click the "Add" button in the top left of the page.
To begin importing from Intune, please click the Intune Import button then click next.
You will be now asked to provide your Intune Domain Name, this can be found by going to the Intune portal, clicking Tenant Administration on the left hand menu and copying the Tenant name from the Tenant Status page.
You will now be greeted by the Microsoft Login flow, please log in using your microsoft credenitals as normal. You will be then presented the list of permission HP requests to perform the Intune import.
All of the permissions requested by HP is for the HP Workforce Experience platform. They are not defined/requested by Patch My PC. Advanced Insights does not use or read any of your Intune data.
Once you have accepted the permission, the connection to Intune will be completed by HP.
You will now be asked if you wish to import Assets from Intune Groups, or to import all of your assets.
We recommend you use the Group functionality, as this allows you to only provide HP the devices you wish to collect warranty information on. Only use full import if you really want every device in HP Workforce Experience as it is vendor agnostic and will collect all competing vendor devices.
We shall continue using Group import only.
When you click on Import assets only from Intune groups, you will be presented with a full list of all your groups in Intune. You can filter out the groups you want to import and you can import multiple groups. Select the groups you want to import and click Import.
Intune will now begin importing your selected devices. You will receive a notification on begin and completion of the import.
You can also check progress by navigating to the logs link on the left hand side.
To enrol your device by Asset Enrolment, please use the following HP documentation to distribute the agent.
Once the devices are imported, HP Workforce Experience will begin collecting warranty information. This process can take some time, depending on how many devices you have imported.
Collecting warranty in Advanced Insights works in the same way as the other providers, but you will need to log into HP on bulk caching.
Navigate to the warranty dashboard.
To begin, click the "Bulk Processing" statistic to begin re-caching warranty.
You will be asked to log in to HP, click yes and Advanced Insights will go to HP to log in.
If you receive a redirect url is incorrect error. Please go back to your developer app and check the redirect url provided.
Once you have logged in, HP will redirect you back to Advanced Insights and warranty will begin caching warranty data.
Advanced Insights Update scanning (this is not relevant for Patch Insights)
Applies to: Advanced Insights
If you use Intune to manage your windows updates (Windows Update for Business) then none of that compliance data is visible from ConfigMgr. This requires you to have to read compliance data from BOTH ConfigMgr and Intune.
You get complete visibility of all update compliance from Advanced Insights
We supplement your ConfigMgr compliance data with additional data from Microsoft Update.
Our Inventory Extensions WMI Provider runs on clients and scans against Microsoft Update to find update compliance data. This data is then pulled into ConfigMgr via Hardware Inventory for reporting.
You must complete the implementation steps in the Configuration Guide
Clients must be configured to use Windows Update for Business
Using AD accounts for authentication into Advanced Insights
Applies to: Advanced and Patch Insights
Advanced and Patch Insights support integration with Active Directory for user authentication. This feature is enabled by an administrator in Administration > Settings > User management. Once enabled, this will ensure that any users signing in can use their AD username and password. If users have an RBAC role defined in Configuration Manager, Advanced Insights will adhere to that role, only showing the clients they are permitted to view.
To enable Active Directory authentication capabilities:
Check the box for Enable Active Directory Authentication
Optionally Enter your Active Directory domain name (normally only required if the authenticating domain is different from the domain the Advanced Insights server is installed in)
Optionally Enter a username and password used to connect to Active Directory, this is only required if the Advanced Insights App Pool identity (Local System by default) has been restricted from reading Active Directory, which is uncommon
The username and password under the domain name are optional.
By default, we will use the computer account of the Advanced Insights server to authenticate active directory requests.
After you have entered these details, you can now log in with your Active Directory UPN or username.
The account MUST have a valid Firstname and Surname set in its AD properties. Without this an error will be logged in the Advanced insights API log stating "Cannot insert the value NULL into column 'Name'"
If this is your first time logging in to Advanced Insights, you will receive whatever role is assigned as "default" or roles your Active Directory Group membership assigns.
You can read more about assigning roles to Active Directory Groups in the article below:
Enabling user authentication using Azure Active Directory
Applies to: Advanced Insights
Advanced Insights supports authentication using Entra ID credentials using OpenID. To configure this is a two-step process:
Create an App Registration in Entra
Enter the App Registration details to Advanced Insights
Navigate to the Entra Admin Centre and log in with an account that has permissions to create App Registrations.
You will add a name for the App Registration (for example "AdvancedInsights").
In Supported Accounts select "Accounts in this organizational directory only"
Redirect URI
Redirect URI is used for Microsoft to return the login token to Advanced Insights.
This URI must be configured with the value of the internal FQDN of the server hosting Advanced Insights, including the configured port.
(https://{AdvancedInsightsInternalServerFQDN}:{port}/account/login)
Example redirect URI:
https://advinsightsserver01.contoso.local:444/account/login
Select "Single-Page Application (SPA)" from the dropdown list in the "Redirect URI" section, and enter the URI.
When you have filled in the required properties click Register.
You will be shown the App Registration overview screen. We need to copy some properties from here.
Copy Application (client) ID and Directory (tenant) ID values into a Notepad document.
Now click the "Authentication" link on the left in the "Manage" section.
In the "Implicit grant for hybrid flows" section, tick both options for:
"Access tokens (used for implicit flows)"
"ID tokens (used for implicit and hybrid flows)"
This grants the application permissions to issue the tokens used by Advanced Insights to validate login.
To save changes, click 'Save'.
Click "Certificates and secrets", then within the "Client secrets" section, click "New client secret".
Name the secret and set an expiry duration that is suitable for your environment.
On expiry, logins to Advanced Insights using Entra ID credentials will stop working if you don’t update the client secret.
Click 'Add' to save the "Client secret" configuration.
Now you can copy the "Value" of your client secret and add it to your Notepad document:
This completes the configuration work in the Azure Portal.
Log into Advanced Insights with an administrator role account and navigate to the 'Administration' > 'Settings' menu. Select the "AzureAD" tab.
Clear the "Deactivate" checkbox.
Enter the value for your Application ID/ClientID.
Enter the value for your Client Secret.
Enter the value for your Directory (tenant) ID.
Select 'Save All'.
By default, new users configured in Advanced Insights (including new Entra ID logins) will not be active (and can not login) until an administrator manually activates the account.
Log into Advanced Insights with an administrator role account and navigate to the 'Administration' > 'Settings' menu. Select the "User Management" tab.
Enable "New registered users are active by default." checkbox.
Select 'Save All'.
This completes the configuration for adding the Entra ID App Registration details to Advanced Insights.
The Advanced Insights logon screen will now show a "Sign in with Microsoft" button.
At first logon, an Azure administrator will have to consent to the application registration requested permissions.
By default, new users will only be granted access to the Advanced Insights overview home page.
Advanced Insights administrator can then enable access to additional dashboard views.
You should check in the Users area in Advanced Insights that there are no existing user accounts with email addresses that match the Entra ID accounts you are going to have logging in. If you do, you can delete these accounts and they will be recreated on first login by that user.
You will always be able to log in as the Advanced Insights "Admin" to make configuration changes.
If the Entra ID account a user logs into Advanced Insights with has a matching on-prem AD Account with the same Email Address set, any RBAC role they have in ConfigMgr for their on-prem AD account will be maintained in Advanced Insights.
For example, if a log in with this Entra ID Account is used:
The on-premises Active Directory object of this account has the users Entra ID UPN set as the email property:
Technical requirements to enable Remote Control from the Advanced Insights Device Details pane. (this is not relevant for Patch Insights).
Applies to: Advanced Insights
Quick start for Remote Control:
Create a folder on your machine C:\AdvInsRemoteControl
Copy C:\Program Files (x86)\Advanced Insights\Api\Installers\AdvInsRemoteControl.exe file from your Advanced Insights installation into this folder (needs to be unzipped)
Copy CmRcViewer.exe RdpCoreSccm.dll and the relevant locale folder into the C:\AdvInsRemote Control folder too.
Run AdvInsRemoteControl.exe from Windows Explorer to register it
You can now invoke remote control from the Advanced Insights portal
To launch the Configuration Manager remote control action from the client actions menu in Advanced Insights the user must have some files from the Configuration Manager console install directory and an Advanced Insights utility. If the ConfigMgr console is installed on the user’s computer then no additional configuration is required.
To run the ConfigMgr remote control agent we need a copy of:
CmRcViewer.exe
RdpCoreSccm.dll
the relevant locale folder for the RC Tools, for example 00000409
All of these are copied from \\SiteServerName\SMS_ABC\AdminConsole\bin\i386
On each Advanced Insight user’s computer, copy these files and folder to a location accessible by the user, for example C:\CMTools or %AppData%\CMRCtools.
We also need a copy of the Advanced Insights utility AdvInsRemoteControl.exe stored in the same location. The user is prompted to download and run this from the Advanced Insights portal the first time they try to use remote control if the app has not already been executed.
AdvInsRemoteControl.exe is included with the installation of Advanced Insights in the folder C:\Program Files (x86)\Advanced Insights\Api\Installers. It is a DotNet Core application which handles calling the Configuration Manager Remote Control utility from the Advanced Insights website. On first run AdvInsRemoteControl.exe registers itself in the Registry as a class type under Computer\HKEY_CURRENT_USER\Software\Classes\cmrc
This allows the Advanced Insights website to invoke the ConfigMgr Remote Control agent when required. If you delete or move the AdvInsRemoteControl.exe you can reregister it simply by running it again from Windows Explorer.
The application will check for the correct Configuration Manger files and folders when it runs and will alert you to any configuration errors.
Using Advanced Insights to access ConfigMgr Remote Control tools (this is not relevant for Patch Insights)
Applies to: Advanced Insights
Anywhere in the Advanced Insights portal when you click a computer name you will be shown the Device View. If the device is online the Remote Control button in the top right hand corner will be available.
A confirmation message is shown
Following which the Remote Control tool will launch.
If you are missing the setup outlined in the "Requirements for Remote Control" document, you will be shown this message.
Clicking yes will take you to the Requirements for Remote Control documentation page. You must complete the rest of the requirements above to be able to use the tool.
Adding Advanced Insights to the ConfigMgr Console
Applies to: Advanced Insights
To provide easy access to all dashboards and individual devices, collections, updates, etc. Advanced Insights is provided with an optional Configuration Manager Console Extension. This adds a node to the Assets and Compliance view of the console as well as providing an additional option in the context menu when right-clicking certain object types in the console.
Download and unzip the Console Extension using the link below.
Warning: The console extension will not work if you are using a self-signed certificate.
To import the Extension, navigate to the Administration node of the Configuration Manager console and expand the Updates and Servicing node. Right click Console Extensions and select "Import Console Extension".
Browse to the location of the unzipped Console Extension download.
Select the AdvancedInsightsConsoleExtension.cab file and click Open, then click Next, next and Close.
The newly imported Console Extension will be listed alongside any other extensions you have deployed. You must now Approve the Extension by right clicking and selecting "Approve".
Once approved the Extension can be Installed:
You will be prompted to restart the ConfigMgr Console. When it reloads the Advanced Insights node will have been added tot he Assets and Compliance view:
If Advanced Insights is installed on the same server as Configuration Manager, we will try to auto-configure the Extension, so this step may be unnecessary.
When you click the Advanced Insights node, a dialog is displayed in the detail pane asking for the details of your Advanced Insights portal.
Provide the relevant URL, including https:// prefix and any required port, for example https://server.contoso.com:444 and click OK. If the address is correct, the Advanced Insights login page will be displayed. You can re-run the configuration step any time by right clicking the Advanced Insights node and selecting "Configuration".
The first obvious use of the Extension is to display the Advanced Insights portal right there in the ConfigMgr Console:
The second use scenario is to access the rich display capabilities of Advanced Insights when working with Console objects. For example, right-clicking a client and selecting "View in Advanced Insights" will open a new browser window and automatically display the device view for that client.
This functionality is available for Devices, Collections, and Updates in the ConfigMgr console.
Getting started with custom dashboards.
Applies to: Advanced Insights
Custom Dashboards are created and maintained in the Administration node.
Click Create New to open the dashboard editor.
Here I have provide a name, description and chosen an icon for my dashboard. I have filtered the "page" column of the dashboard items column to find the objects I want.
Each item I add to my custom dashboard can have dedicated filter options applied. Here I have selected the update I wish to see the trend data for and have set that I want to render data from the date posted. I will add a second Update Installation Trend chart top my dashboard and set it to show the state of a different update.
Having saved my dashboard, it now shows up in the menu and I can select it to render my chosen charts.
Applies to: Advanced Insights and Patch Insights
The Home Dashboard is the first screen shown to you when first logging on to Advanced Insights. This page is designed to be a "daily check" type of view for your Configuration Manager environment, with a focus on software updates.
The statistics across the top will show you details about your Configuration Manager environment and how long it has left in support, the number of devices in your environment which are under configuration, management versus devices that don't have the SCCM/ConfigMgr client install. We'll show you the number of updates in the environment which are required by at least one device, and we'll also show you any issues that you may be having with distribution of content across the Config manager infrastructure.
As with everything in the Advanced Insights interface, you can click on any of these stats to see further information about the devices or the infrastructure that is listed behind them. For example, clicking the Managed Devices box, will show a list of the machines and their managed/unmanaged state.
The next row of statistics are doughnut charts, which show you information about your Configuration Manager client count. In our demo environment we see that there are three devices running an old version of the client, two that are on a more recent version and everything else is fully up to date.
The next doughnut chart shows us details about Windows 10 and Windows 11 devices, and their support status. This chart can be pivoted to some of the other metrics that we have about Windows 10 and Windows 11. So for example, the servicing channel and we can also see things like the editions and the release version.
We can view all of the data used to build this chart by clicking the view chart data button under the cog icon.
We also show the same support and edition information for the Office 365 client if you have that deployed in the environment.
The chart on the right hand side will show us the status of the software updates scan cycle in your in your client estate. So here you can see that currently we have one machine which is running the software update scan and two have completed successfully. There are no errors. If everything is green in this chart, then that means that your software updates scan environment is healthy.
The final row on the home dashboard will show as computer compliance, sorted by default by your least compliant computers from a software update perspective.
We have several machines that have not sent in any software update compliance data for a while and so their compliance status is unknown against more recent updates. We can scroll through this list and can expand out the number of records that are being shown to show you a longer list.
Clicking on any machine will take you to the detailed device view for that client where we show you the software update state for that individual machine.
This view shows detail of update agent configuration and scan health as well as required and installed updates. The Actions row allows us to invoke client actions against the device, such as an update deployment evaluation, reboot, etc.
The final view on the home dashboard is of deployed updates compliance.
We have dedicated Software Updates dashboards for a more detailed view of this data, but on the home page we can see our least compliant updates, and we can click through to see significant detail about each object, its deployment state, etc.
A user with the relevant permissions can share custom dashboards
Applies to: Advanced Insights
When creating or editing a Custom Dashboard, if the user has Create Public Dashboards permissions, the dashboard being created can be shared with individual users, or assigned to an existing role.
To give access to additional roles and/or users when editing a Custom Dashboard, you can use the section at the bottom of the editor page to grant access.
CCusom Dashboards can also be assigned to roles and users in the Administraion node, for example to add a custom dashboard to a Role:
Associating roles in Advanced Insights to Active Directory Groups
Applies to: Advanced Insights
Active Directory Group Authentication enables the Advanced Insights administrator to associate Advanced Insights Roles with AD Security Groups. This ensures that a new user is automatically granted the relevant rights in the portal without the need for manual user creation.
Once this is configured, we can assign an existing role to an Active Directory Group, or create a new role for a group. N.B. There is currently no support for nested groups.
Assigning a Role to an Active Directory Group
Navigate to Administration > Roles.
Click Create new role
Enter a name for the role (in this example, "Helpdesk"
Type the name of the associated Active Directory Security Group, here, we are using "sg-Helpdesk". Ensure the group name is validated on save.
Now click the Permissions tab and select the pages and permissions you want to grant to this role.
Logging on with an account in the helpdesk role, the user is granted only the access stated in the role configuration:
Notify - Sends a message box to all users logged in on the client, this message includes the
To use this feature, first enable Active Directory Authentication using Administration - Settings - User Management, more details .
Applies to: Advanced Insights
Information on the hardware dashboards
Applies to: Advanced Insights
Applies to: Advanced Insights
Applies to: Advanced Insights
Details of external displays
Applies to: Advanced Insights
This dashboard requires deployment of the Advanced Insights Inventory Extensions
The Displays donut chart lists several properties, by default Manufacturer is shown, but this can be pivoted to Model, Connection Type, Year of Manufacture, Size and Resolution by clicking the property button:
The Connected Displays table lists all machines and their individual display configurations.
Clicking any device listed will take you to the Device View, with the Hardware - Display tab selected:
This view shows you the physical horizontal layout of the monitors on the user's desk (note, vertical positioning is not shown). The primary monitor is indicated with the Windows logo. The hover over text lists additional monitor properties, also listed in the table below.
Description of the layout of the Users page
Applies to: Advanced Insights
This dashboard shows User details that have been imported through discoveries into Configuration Manager.
The top row of the data gives you a quick overview of the number of Active Directory Users, Azure AD Users, All Active Directory User Groups and Primary Device Users.
Click through any of these dash stats to be able to load a table with all the information you have selected
This table list users which have been discovered from Configuration Manager.
This table list all the Active Directory User Groups which have been discovered from Configuration Manager.
Description of the layout of the Devices page
Applies to: Advanced Insights
This dashboard shows details for device properties from within Configuration Manager.
The top row of statistics gives you quick access to Managed Devices (Devices with a Configuration Manager client), Virtual Devices, Portable Devices and Desktop Devices.
Click through any of these dash stats to be able to load a table with all the information.
From this table you are able to do several different functions. You have the ability to multi select devices and perform one of the many built-in right click options available to you in the Configuration Manager Console and also some of the PatchMyPC actions too.
There is an export button at the top right corner (Cog) where you can export the dataset to a CSV file.
At the bottom of the table page you can also make the page size large in rows and also by selecting a device or multi devices add them into a collection.
The next row of statistics are doughnut charts, which show you information about your Configuration Manager client count, Client Heartbeat, Client Hardware Inventory and Client Device Properties.
In this Donut chart you can see all the different versions of Configuration Manager clients you managing in your environment. This is a handy stat to see after a Configuration Manager upgrade to see. When you click on the cog in the top right you will have an option to View Chart Data or refresh data.
When you click on the View Chart Data button you will get a whole list view of all the clients and their Configuration Manager client versions.
Filter the data by any of the titles to make a more customised report for yourself.
In this Donut chart you can see how long since a Configuration Manager had sent its Heartbeat Discovery to Configuration Manager. This can be from Today, 3, 7, over 7, 14 and 30 days.
In this Donut chart you can can see how long is been since devices have submitted their hardware inventory data to Configuration Manager.
In this Donut chart we have the option to pivot the data to different options
Manufacturer
Memory - Installed (GB)
Cpu - Type
Disk- free disk space (C:)
Bitlocker Status (C:)
BIOS Version (Top 20)
Storage device data collected by Advanced Insights in your environment
Applies to: Advanced Insights
This dashboard requires deployment of the Advanced Insights Inventory Extensions
This dashboard hosts two primary tables.
The top table lists physical disk, the partitions defined on that disk and the logical drives created on that partition. For example:
Here, a a machine has five physical disks, Disk #0 has three partitions, but only one of these partitions has a logical drive with a drive letter (C:) defined (the "missing" partitions in this instance are the Windows Recovery Partition and the EFI System Partition). That partition is allocated 232.3GB of a 232.9GB disk (~100% of the drive) and the logical disk is 232.3GB in size with 168.2GB free space, i.e. it is 27.6% used.
The storage health statistics are gathered from Windows S.M.A.R.T. (Self-Monitoring, Analysis and Reporting Technology) tools.
Each disk presents the data it supports (not all disks report PowerOn statistics, or temperature, these are listed where available). We can see the wear statistic reported by SMART. The higher the wear percentage, the more likely it is that the disk will fail.
Client computer batteries
Applies to: Advanced Insights
This dashboard requires deployment of the Advanced Insights Inventory Extensions
Advanced Insights will display battery health data for managed devices. The table lists all devices with battery data. The design capacity (in mWh) is listed alongside the current Charge Capacity. The Health percentage shows the ratio of Charge Capacity to Design Capacity. As the battery loses capability to hold charge, the percentage shown will be lower. 100% Health is Good, 0% Health is bad.
This data is gathered by the Advanced Insights inventory extensions using the Powercfg.exe utility included with Windows.
Clicking an individual machine will show some additional detail about the device battery in the device view.
Collections in your environment
Applies to: Advanced Insights
Advanced Insights must be granted the correct permissions to your SMS Provider for these actions to work. See Configuration Manager Permissions.
The Collections dashboard has significant functionality below the surface.
Each collection is shown, with its relevant metadata and device count. The Quick Search feature helps to rapidly location a specific Collection, the containing console folder is shown in the Path column.
Clicking an individual collection opens the Collection Members view:
This view allows you to remove members with the delete button (for direct members only). You can also access all of the client actions available for one or more selected clients using the Bulk Actions menu.
The list icon hosts an Add Resources option. Clicking this allows you to import a CSV of resources to add to the selected collection.
The collection modification process will verify that the listed devices are valid clients, and are not already members, before adding to the collection, the results of the action will be shown on completion.
Software Applications provided by Configuration Manager
Applies to: Advanced Insights
This dashboard shows details for all Applications defined in the Configuration Manager console.
The top row of statistics give you quick access to any applications modified recently as well as enabling you to see unused applications which can potentially be retired.
The table lists all applications and their aggregated deployment status, i.e. if there are multiple deployments for an application this level provides an overall summary of all deployments. This table can be filtered to a chosen collection.
Click through to any individual application shows additional detail, including individual deployment compliance:
The General Information tab lists the metadata for the application and details of the distribution point status for the application.
The Deployment Types tab lists all deployment types defined for the application, the relevant technology and content size with the source path.
The deployments tab lists each deployment and its related compliance.
The compliance tab lists each targeted client and its overall application deployment compliance. Clicking any individual machine will take you to the device view focused on the software - applications tab.
Inventoried video adapters for managed client devices
Applies to: Advanced Insights
This page shows a filterable list of each device and the video adapters inventoried by Configuration Manager. Where a device has multiple adapters, multiple rows are listed.
Click-through shows the device view with all inventoried adapters and their driver versions.
Metered Software Usage
Applies to: Advanced Insights
This portlet displays statistics for enabled metering rules. To accurately present the metering data, you must also enable inventory of the Installed Executable Class from Asset Intelligence.
This dashboard shows software usage which you have enabled from Configuration Manager Console. Ensure that the metering rules you have created are the correct executable name, version and language.
You can drill further down to the individual application to see which devices and users run the app.
On this tab you can see the application you have selected and list which users have run this exe.
This tab displays the details of the software usage.
Microsoft 365 Apps Installations and Support
Applies to: Advanced Insights
Microsoft 365 Apps Supported Versions data is collected from the following URL's:
Access to this site is required from the Advanced Insights server to accurately render this dashboard.
On this dashboard we show you data with regards to the Microsoft 365 Apps. The information shown in the donut charts are:
Support Status
Servicing Channel
Platform (Architecture)
Release Version
Build Version
The table shows the latest support data from Microsoft.
When you click on the cog on any of these donuts you will be able to view the whole chart data.
In this data you filter on any of the headings and also export the data too.
Open Database Connectivity (ODBC) connections
Applies to: Advanced Insights
The ODBC Connections data on this page requires the deployment of the Advanced Insights Inventory Extensions
This dashboard will display all the Open Database Connectivity (ODBC) connections reported. We can see the name of the Computer, DataSource name, Server name, Database and Driver version.
Enabled wireless adapters on client devices
Applies to: Advanced Insights
This dashboard requires deployment of the Advanced Insights Inventory Extensions
This page helps to track which wireless adapters are present in the environment. The device name and driver version are shown along with MAC Address.
Click through shows connection history in the device view.
Installed Web Browser Extensions
The Web Browser Extensions data on this page requires the deployment of the Advanced Insights Inventory Extensions
All the information on this page are the web browsers extensions installed in the web different browsers.
Windows 11 Upgrade Readiness for Windows 10 Client Devices
Applies to: Advanced Insights
On the top bar of this page we are showing:
Windows 11 - Count of all Windows 10 and 11 client devices that are inventoried as Windows 11
Unappraised - Count of all Windows 10 client devices missing Windows 11 upgrade appraisal data
Ready for Upgrade - Count for all managed Windows 10 client devices that can be immediately upgraded to Windows 11
Cannot Upgrade - Count of all managed Windows 10 client devices that cannot be upgraded to Windows 11
The donut chart for OS Upgrade Readiness and Cannot Upgrade Reason you have a properties which you can toggle between the different versions of Windows 11. On these two donut charts you also have the ability to view the chart data and export from the cog icon.
The last chart on the left is the Windows 11 Upgrade Readiness Issues chart where you can see the reasons for why the devices are unable to upgrade to Windows 11.
The Reasons column have the following conditions which are flagged if a device is marked as unable to upgrade (Red) to Windows 11:
If a system doesn't support TPM 2.0 (RedReason=Tpm)
If the system isn't Secure Boot Capable (RedReason=UefiSecureBoot)
If the system has less than 4 GB of RAM (RedReason=Memory)
If the system doesn't have 2 processor cores (RedReason=CPU)
If the CPU doesn't support 1 ghz and higher speed (RedReason=CPU)
If the CPU doesn't support the Windows 11 approved CPU generation (RedReason=CpuFms)
If the system is in SMode and not a home (core) sku (RedReason=SModeState)
If the system drive size is < 64 Gb (RedReason=SystemDriveSize)
This information is listed on https://learn.microsoft.com/en-us/mem/configmgr/osd/deploy-use/manage-windows-11-readiness-dashboard
Operating Systems Dashboard
Applies to: Advanced Insights
On this operating system dashboard we are showing the following information:
Pending Restarts - all devices
Pending Restarts - Windows Updates
Server
Workstations
Client Computer Operating Systems
Windows OS Servicing
When you select Pending Restarts for one of the 4 options at the top you get a table with the device information, but also you get to see what the client has reported it is pending a restart for.
In this donut chart you can pivot the information using the properties button to show either the following information:
Support Status
Servicing Channel
Release Version
Edition (SKU)
Build Version
From selecting a property you can then go and select for example build version and get a report just on one particular build version.
Or by clicking on the cog and then selecting View all Chart data you can get a table with all the devices in that property selected.
Members of the local administrators group
Applies to: Advanced Insights
The Local Administrators data on this page requires the deployment of the Advanced Insights Inventory Extensions
On this report we can see all the groups members and users part of the Local Administrators group on client devices.
Applies to: Advanced Insights and Patch Insights
The Dashboard under Software Updates page give you an overview of the data for Software Update health and compliance.
Along the top bar in the this dashboard you get shown the Synchronisation status of the top level Software Update Point, Updates that are Required by 1 or more devices which need deploying, last months update compliance and also the current month update compliance.
In this dashboard we show all the Software Updates Point site and their synchronisation status. If you have multiple downstream Software Update Points you will see their status here too.
When you click through on this dashboard statistic you get a dashboard with the number of Critical and Security Updates that are not in any active deployments and are required my at least one computer in your environment. This excludes superseded and expired updates.
On these click through charts you can see a report on the Last and Current Months device compliance against deployed Critical and Security Updates released or revised in that month, this also includes Superseded updates.
On the previous month box you can toggle back to previous months to view the device compliance for that month.
In this chart it will show us the status of the software updates scan cycle in your in your client estate. So here you can see on the previous day we have 24 devices have failed to complete a software update scan and 459 have completed successfully. If everything is green in this chart, then that means that your software updates scan environment is healthy.
The computer compliance, sorted by default by your least compliant computers from a software update perspective.
We have several machines that have not sent in any software update compliance data for a while and so their compliance status is unknown against more recent updates. We can scroll through this list and can expand out the number of records that are being shown to show you a longer list.
The final view on the Software Update dashboard is of deployed updates compliance. This is sorted by the least compliant update.
Applies to: Advanced Insights and Patch Insights
This dashboard displays all the software updates and compliance data including superseded updates. You can also create custom reports by using the search and filter functions on this page.
Applies to: Advanced Insights and Patch Insights
The Software Update Groups dashboard shows high-level compliance for each SUG in the environment, with drill-through for additional compliance detail.
Clicking through to an update group shows the update group view:
This lists the basic metadata associated with the SUG and shows the compliance of all devices.
The Members tab shows the individual updates included in the selected update group:
The Deployments tab shows deployment details with start and deadline dates:
You can click through each deployment to see the reported deployment statistics including the enforcement state of each individual client.
Applies to: Advanced Insights and Patch Insights
In this dashboard you can see the last installation status for deployed software updates for computers needing the update.
Applies to: Advanced Insights
Sometimes we need you to provide log files, including information about your Advanced Insights instance. Your Advanced Insights deployment includes the Log Collector executable that can be used to collect all required logs.
Note
The Advanced Insights Log Collector is located at:
%Advanced Insights Install Directory%
\Api\LogCollector\AdvancedInsightsLogDiag.exe
For example:
C:\Program Files (x86)\Advanced Insights\Api\LogCollector\AdvancedInsightsLogDiag.exe
The Log Collector can be executed manually and is also used within the Advanced Insights installer. Once the log collection process is completed, a zip file is created on the desktop called:
AdvancedInsights_Diag_xxxxxxxx_xxxxxx.zip
This ZIP should be shared with Patch My PC technical support.
Example output:
This page provides details about what information the AdvancedInsightsLogDiag.exe collects.
The contents of the following directory are collected, which consist of the 'AdvancedInsightsApi.log' and any 'AdvInsights_Verx.x.x.zip' installer logs.
C:\ProgramData\AdvancedInsights\Logs
The Windows Application Event log data is collected and output into 'Application_EventLog.log' with a filter applied for the following event sources:
".NET Runtime"
"Advanced Insights"
"MsiInstaller" - if required to diagnose install problems, the filter will include
The 'ConfigManagerLocation' and 'ConfigManagerDatabase' value are collected from the Advanced Insights SQLite database file located at:
'C:\ProgramData\AdvancedInsights\Data\Api\AdvancedInsightsConfig.db'
The following information is queried from the SQL Server instance where the Configuration Manager database is located: SQL Master db:
Configuration Manager database name
Configuration Manager databaste state (ONLINE/OFFLINE)
Configuration Manager database compatibility level
Configuration Manager database .mdf file path
Configuration Manager database file size
Configuration Manager database log file .ldf path
Configuration Manager database log file size
SQL Server version
SQL Server Product Level
SQL Server Edition
SQL Server Engine Edition
SQL Server Product build
SQL Server Product Major version
SQL Server Product minor version
SQL Server Product update version
SQL Server Installed updates
SQL Server remote query timeout value
SQL Server maximum degree of parallelism value
SQL Server Minimum size of server memory (MB)
SQL Server Maximum size of server memory (MB)
Configuration Manager SQL database:
Advanced Insights Inventory Extensions class names and data counts.
Advanced Insights Inventory Extensions Configuration Manager application information. For example 'Name', 'created date', 'version', 'number of deployments'.
Configuration Manager database level SQL configured properties:
MAXDOP
LEGACY_CARDINALITY_ESTIMATION
PARAMETER_SNIFFING
QUERY_OPTIMIZER_HOTFIXES
Information related to the Advanced Insights IIS websites and application pools are collected.
Advanced Insights Api
Advanced Insights Frontend
Website name
HTTPS bindings included the current SSL certificate properties
The version of Advanced Insight currently installed.
The install date of Advanced Insights.
The install path of Advanced Insights.
The install source of Advanced Insights.
Server CPU properties.
Installed Server RAM
Server disks including total size and free space
Windows OS version
Check for Server pending restart.
List Windows updates installed in the last 30 days.
BitLocker Drive Encryption data when integrated and managed by Endpoint Configuration Manager
Applies to: Advanced Insights
The BitLocker dashboard requires the following hardware inventory classes to be enabled:
BitLocker (Win32_EncryptableVolume)
BitLocker Encryption Details (Win32_BitLockerEncryptionDetails)
BitLocker Policy (Win32Reg_MBAMPolicy)
TPM (Win32_TPM)
This will ensure the BitLocker Unmanaged and Recovery at Risk statistics are populated.
The top row of statistics help to identify where configuration errors may be causing compliance issues.
The first statistic, "BitLocker Unmanaged" shows Computers which have a BitLocker Encrypted Operating System Drive but are not under the control of a Configuration Manager or integrated MBAM Agent Management Policy. These devices may not conform to the required standard and will not report compliance.
Recovery at risk lists computers which have a BitLocker Encrypted Operating System Drive but have not yet escrowed a recovery key into the Configuration Manager database. You may be unable to access these devices in the event of a BitLocker Recovery prompt.
Inactive TPM portable devices lists laptops machines which do not show an activated TPM chip.
Non-Compliant Computers shows BitLocker Encrypted computers which do not conform to the BitLocker policies set in your environment. Clicking through will show the compliance conflicts:
The row of donut charts show the BitLocker status for all workstation clients (off, on, suspended or unknown). We show the BitLocker Cipher in use by the clients (this requires the MBAM integration listed above). We show the TPM version of the clients and the TPM Status (Activated, Enabled, Unknown). TPM "Enabled" is ready for activation by the OS, but is not currently in use.
Applies to: Advanced Insights and Patch Insights
The Software Update Deployments dashboard shows high-level compliance for each Software Update Deployments in the environment.
Clicking through the Software Updates deployments you can see the general information about the deployment.
You can toggle the DeploymentStatus to show you the following fields:
Compliant
Enforcement State Unknown
Pending System Restart
Downloaded Update(s)
User profiles inventoried on client devices
Applies to: Advanced Insights
The User profiles dashboard is data collected from the Inventory Extensions. Here we are able to display information on:
Aged Profiles - Users profiles with last logon greater than or equal to 90 days.
Unknown Age Profiles - User profiles with no last logon date data.
Orphaned User Profiles - User profiles with no associated user account.
Conflicting Paths - User profiles on the same device that share the same user profile path.
On each of these reports you will be able to see the Computer name, Account name, Last logged in date, Age and Size of the user profile.
The donut chart breaks down profiles based on size on disk.
The User Profiles chart gives you a full list of inventoried user profiles on client devices but also you have the ability to delete a users profile from a device too.
Each profile entry includes a Delete button, allowing administrators to remove a user profile from the device entirely.
Warning: This action permanently deletes the local user profile, including all associated files and settings, from the device.
Advanced Insights IIS Application Pool Identity
Starting with version 2.4.1, the installation of Advanced Insights supports the configuration of a custom IIS Application Pool identity. A default installation of Advanced Insights sets 'LocalSystem' as the identity for both the Advanced Insights Api and Frontend IIS application pools.
A custom identity (Active Directory account) can be set as part of the installation either for a new install or upgrade. When using a custom identity, the account is also granted full control file system permissions on the following directory path: C:\ProgramData\AdvancedInsights.
The IIS application pool identity can also been modified for existing installs too.
Applies to: Advanced Insights
Dashboard will only return data on devices managed by Windows Update for Business (WuFB)
At the top of this dashboard you can see how many devices have reported Microsoft Update Inventory Data, count of Critical and Security updates required by one or more devices, Drivers required by one of more devices and Classifications and/or Products for required updates that you are not currently synchronising into Configuration Manager.
On the Windows Update Scanning Sources Donut chart you have 2 sources:
Windows Updates - Only does updates for the Windows Operating system itself. These updates also include Windows components such as Internet Explorer, DirectX, .NET and Windows Media Player. It also includes security and service pack updates.
Microsoft Update - Includes all of the items that Windows Update covers as well as other Microsoft products such as Office, SQL and Exchange all in one place.
On the All Required Updates report you get a list of updates available from Microsoft which 1 or more device require an update for which are not sync'd in your software update point for deployment.
For full functionality of this dashboard, MBAM should be integrated with ConfigMgr as outlined in this document:
The User Profiles data on this page requires the deployment of the
The Delete user profile button on this page requires the Approval of the run Script
See -
See -
This dashboard requires deployment of the
Prerequisites for installing the Publisher with Configuration Manager.
Applies to: On-premises Publisher
Before you get started, make sure you take advantage of our free trial!
When installing the Publisher for Configuration Manager, please ensure you meet the following requirements:
Microsoft .NET Framework 4.6.2 or above
Internet connection
Install the Publisher on top-most WSUS/Software Update Point in the environment
Appropriate disk space depending on the number of products enabled
Install the Configuration Manager console
Supported Operating Systems
Windows Server 2012, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2019 and Windows Server 2025
Windows Server Update Services (WSUS) installed and configured
More information on supported Configuration Manager and WSUS versions can be found at https://patchmypc.com/supported-versions-of-configuration-manager-and-wsus-for-patch-my-pc
The Patch My PC Publisher will require the user launching the Publisher tool to be a local administrator on the server. This requirement is for both the installation as well as running the Publisher after it has been installed and configured.
The Publisher is a lightweight Windows application with a GUI frontend and a Windows service backend. The hardware requirements can be found below.
CPU: 2 CPU or more
Memory: 8GB of RAM or more
Disk Space: 80GB of disk space or more
The amount of disk space required will depend on the number of selected products.
This guide will walk you through the process of installing the publisher in a Configuration Manager environment.
Applies to: On-premises Publisher
Here are a few important resources below you get started.
Before you get started, make sure you take advantage of our free trial!
Tip: Did you know you can schedule a free setup call with an engineer if you prefer to have an engineer from Patch My PC perform a guided install with you in your environment?
If you prefer using a video guide, you can watch the video version below.
Next up, start with the requirements
Download the latest version of the Patch My PC Publisher and walk through the installation.
Applies to: On-premises Publisher
Start the installation by double-clicking the downloaded MSI.
Depending on user account control settings, you may need to run an elevated command prompt and launch the MSI from the command prompt.
Once the installation starts you'll be greeted by the welcome screen in our installer wizard, click Next.
Read the End-User License Agreement. After that, select I accept the terms in the License Agreement and click Next.
Ensure the option Enable Microsoft Intune standalone mode is not selected. Enabling this will disable any prerequisite checks for integration with WSUS/ConfigMgr and also hide options for publishing to WSUS/ConfigMgr after installation.
This option is for customers who intend to publish only to Microsoft Intune.
Click Next.
By default the Publisher is installed in C:\Program Files\Patch My PC\Patch My PC Publishing Service. This location is where we store all of the product's configuration information.
Click Install.
Once the Publisher has finished installing, click Finish to close the installation wizard.
By default, the "Launch Patch My PC Publishing Service" is enabled - this will launch the Publisher when you click Finish.
Initial Updates configuration. It's always a good idea to start with the basics.
Applies to: On-premises Publisher
To enable products to publish, check the Enable publishing of third-party updates checkbox.
Once the option is selected, you'll be able to enable other products.
Tip: When first getting started with the product, it is recommended that you only choose one or two products to reduce the time of the first sync and to validate your implementation quickly. We have found that Notepad++ and 7-Zip tend to be great initial use case tests.
To find and enable these products, you can search the list of updates using Ctrl + F or by clicking on the magnifying glass in the lower right corner.
When you select the search button a dialogue will open, type in one of our example products and hit enter, or click OK.
Once you have found the product you want to patch, click the checkbox for your preferred architecture choice and click Apply.
Tip: You can right-click All Products, Vendors, or individual Products to apply custom installation options as described in the article below.
If you happen to hit OK instead of Apply, don't worry the publisher will close after saving the changes. You can just re-open and keep right on working.
Next, you will need to enable the product in Configuration Manager to ensure the updates appear and become deployable via Configuration Manager. To do this first, you will need to complete a normal publisher sync. This will insert the updates into the WSUS database for each product selected. Once the updates are in the WSUS database, we will then need to pull them into ConfigMgr with a Software Update Point sync. You can run a publisher sync at any time from the sync schedule tab. Within that tab, there is an option to “Trigger SCCM software update point sync when new third-party updates are published”. With that option enabled, a Software Update Point sync will occur after the publisher sync. Alternatively, you can leave that box unchecked and run a SUP sync manually. Upon completion of the publisher and SUP sync a new product called 'Patch My PC' will become available in the software update point configuration tab. To reach this tab you will need to navigate to sites, right click the primary or CAS, select configure site components and choose Software Update Point.
Note: If your SUP is remote, you will need to Configure the SMS Provider connection before running the publisher and SUP sync. This can be done under the Sync Schedule tab, by selecting “Configure SMS Provider connection..”.
Once this loads, select products and check the entire Patch My PC category.
Once enabled, the next software update point sync will pull in all updates created by Patch My PC.
When working with a Configuration Manager or WSUS implementation, proper certificate configuration is crucial. Microsoft requires all updates to be signed.
Applies to: On-premises Publisher
When working with a Configuration Manager or WSUS implementation, proper certificate configuration is crucial. One way Microsoft helps ensure an update is considered secure and from a trusted source is through the utilization of a code signing certificate. This requirement means all custom updates must be code signed before injection into WSUS. We provide three different ways to configure the certificate.
In most organizations, allowing Configuration Manager to manage the certificate is acceptable and the easiest option. There may be external requirements that prevent the usage of self-signed certificates. To read our in-depth guide on certificates click the link below.
If a self-signed certificate managed by Configuration Manager, is acceptable for your organization complete the steps below.
If you are running SCCM 1806 or newer, you can enable the option for “Configuration Manager manages the certificate” in the Software Update Point configuration. To configure this setting complete the following steps.
Begin by opening the configuration manager console and then
Select Administration
Expand Site Configuration and select sites
Select your topmost Site (If you have a CAS, select the CAS) - Right click the site
Select Configure Site Components
Select Software Update Point from the fly-out.
This will open up the software update point management component tab. From this window complete the following steps if not already done.
Select the Third Party Updates Tab
Validate Enable third-party software updates is checked.
Validate Configuration Manager manages the certificate option is selected.
Select Apply
If your software update point site system is remote from the site server, SSL needs to be configured on WSUS for the option Configuration Manager manages the certificate to work. If SSL is not configured in this scenario, you will need to use an alternative method described here create and deploy the WSUS signing certificate.
Note: Switching WSUS to require SSL does not require client authentication certificates on all devices, it only requires a SSL certificate on the WSUS server that clients trust.
Once enabled, SCCM will automatically generate the signing certificate during the next software update point sync. You can force a software update point sync at any time. To force a software update point sync, complete the following steps.
Browse to Software Library
Expand and Software Updates > Right-click All Software Updates
Select Synchronize Software Updates
Hit OK on the pop-up message.
If you want to watch, and confirm the certificate is properly created, you can open the wsyncmgr.log this log is located in %ConfigMgr Install Directory%\Logs\wysnmgr.log. Alternatively, you can click the button displayed below in the Publisher General Tab.
The Open wsyncmgr.log will only show up if the Publisher is installed on the site server. This may not be the case if your top-level software update point is not the site server.
With the log file open you'll want to watch for the entry stating the certificate was inserted. This indicates the certificate has been generated and is ready to be used.
You can ascertain if the certificate exists and is ready for use by clicking the Show Certificate button in the publisher.
Getting started with a Sync Schedule for the patch my pc publisher and understanding product timing.
Applies to: On-premises Publisher
By default, we recommend the Publisher sync runs on a daily basis. The sync schedule only controls when updates or applications are published to your environment. Patch My PC does not automatically create deployments in Configuration Manager for you.
Tip: Generally, Patch My PC releases an update to the catalog three to five times a week. These updates are released usually posted by 4:00 PM Eastern Time.
When Patch My PC releases these new updates, the sync schedule is what automates the publication process. You can also manually start the sync and publication process at any time by selecting the Run Publishing Service Sync option.
Prerequisites for installing the Publisher with Intune.
Applies to: On-premises Publisher
When installing the Publisher for an Intune-only configuration, ensure you meet the following requirements:
An Internet connection
Appropriate disk space depending on the number of products enabled
Supported Operating Systems
Windows 10 or Windows 11
Note
Windows Server 2012, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2025
When using Windows Server, only the WSUS API component needs to be installed, not full WSUS.
Note
The Publisher displays the following dialog if the WSUS prerequisites are not installed: Windows Server Update Services is not installed.
The Publisher is a lightweight Windows application with a GUI frontend and a Windows service backend. The hardware requirements can be found below.
CPU: 2 CPU or more
Memory: 8GB of RAM or more
Disk Space: 80GB of disk space or more
The amount of disk space required will depend on the number of selected products.
Getting started with Configuration Manager Apps. Please note, this portion of the guide is for base installations. For more in depth recommendations check out our configuration guides.
Applies to: On-premises Publisher
To activate any of the tabs in Patch My PC Publisher, the corresponding checkbox must be checked. If you do not check this option the product selection tree for the corresponding tab cannot be used.
If you are using the ConfigMgr Apps tab, these options are NOT optional. You must configure them to be able to create applications.
The application Options button has a lot of different features. This installation guide will not cover the options in detail but instead give you a quick, straightforward guide to getting the product installed. For more detailed documentation, click the more info links in the Publisher.
Let's get started to begin, click the Options button next to the enablement checkbox.
This will load the options panel in the Publisher.
Defining the SMS Provider is required, and it lets the Publisher know how to talk to your ConfigMgr site to create applications and trigger a software update point sync. By default, when a synchronization, the service will connect to ConfigMgr using SYSTEM context.
Note: When running the Publisher, the ConfigMgr connection will be under the context of the user running the Publisher.
After clicking the Configure option, the below pop-up will appear.
Once you enter the name of the server select Test to validate the configuration.
Important: The connection to the SMS Provider is performed using the SYSTEM account of the server where the Publisher is installed.
In the event the test result fails, you will instead see the following message.
If the connection fails, click Create ConfigMgr Security Role to automatically create a new security role with the minimum required permissions. Please see the article below for more details.
Once you have completed a successful connection to the SMS provider select OK to finalize the configuration.
Next, you'll want to provide a UNC share to store the application content. This path needs to be accessible by the computer account of the machine running the publisher as well as the ConfigMgr site server, or a dedicated service account
Important: As the Patch My PC Publisher will run in the SYSTEM context, therefore computer account the Publisher is installed on will need WRITE permissions to the share configured for source content of ConfigMgr Apps.
When you choose a path, we will create a sub-folder called Applications and then create a folder for each vendor and product in use. Keep this in mind when selecting the UNC path you will use to store source files.
The above configuration would create the below folder structure similar to the structure below.
Below are the default settings which will work fine for most setups. Our product provides a lot of customization options.
To learn the details about all items on this page, check out the article below.
Once you have the base options selected, you are ready to check out a simple application for testing. We recommend using 7-zip. Its small size makes it ideal for testing. Use the search icon in the bottom right or the Ctrl+F key combination to search for Igor
Select Apply. We do provide a large number of right-click options to fully customize the application installation process, those steps as described in the article below.
The Advanced tab contains many features related to troubleshooting and completing complicated maintenance tasks for WSUS. Our install guide covers two important components.
Applies to: On-premises Publisher
The products that need to be downloaded and stored locally are listed below.
All settings within the publisher are backed up the publisher is closed using the "OK" button, or the "Apply" button. These settings are stored in the backup directory where the Publisher is installed. You can get an immediate backup of the publisher at any time using the options in the Advanced tab.
This guide will walk you through the process of installing the publisher in an Intune Only environment.
Applies to: On-premises Publisher
Here are a few important resources below to get you started.
If you prefer using a video guide, you can watch the video version below.
Next up, start with the requirements
Applies to: Advanced Insights
In order to function and to help improve our product and services, Advanced Insights collects and stores the following telemetry data.
You've got the requirements, now lets go over where you can download the newest version of the Product, and walk through the installation.
Applies to: On-premises Publisher
You can always download the latest MSI installer of the publishing service using the following URL:
Start the installation by double clicking the downloaded MSI.
Depending on user account control settings, you may need to run an elevated command prompt and launch the MSI from the command prompt.
Once the installation starts you'll be greeted by the welcome screen in our installer wizard, click next.
The next step will be to accept the EULA. Make sure you select the "I accept the terms in the Agreement" and hit next.
When installing the product we provide an option called Intune Standalone mode. If you do NOT intend to use the product with Configuration Manager, ensure the option is checked and select next.
By default, we install the publisher service in C:\Program Files\Patch My PC\Patch My PC Publishing Service\ This location is where we store all of the products configuration information.
You are now ready to install the product! Click Install, and grab a drink of water.
Once the publisher has finished installing, just hit the finish button to close the install wizard.
Note
By default, the Launch Patch My PC Publishing Service checkbox is checked, meaning when you click Finish, Publisher will open automatically.
How 2FA works in Advanced/Patch Insights. You will need to be an Administration to enable 2FA.
2FA - Administrator settings
To enable 2FA, first go to Administration -> Settings -> Security and tick Enable two factor user login.
Once enabled, you can also enable the ability to allow users to trust the browser they are using. This skips 2FA on subsequent logins but this is optional.
As an admin, you can also enable and disable 2FA for a user. This will override the users 2FA settings.
Go to Administration -> Users -> and click on the Actions button for the user you want to modify. Then on the dropdown click Edit.
On the user properties modal, click Two factor authentication enabled and then Save.
When logged in, click on your user profile in the top right of the webpage, then click My Settings from the dropdown.
You will now be presented with your users settings. You will see a banner at the bottom to enabled 2FA
Click Enable, then the modal will load with the steps to enable 2FA.
Scan the QR code using your authenticator app of choice.
Enter the code generated by your autenticator app to confirm correct settings
Click Download on the security code, the continue button will now enable.
Your account will now have 2FA enabled, click done.
Once you have enabled 2FA, you will be greeted on login for a code.
To disable 2FA, go back into My Settings, on the bottom you will see two new buttons called Recovery codes and disable. Click disable and then enter the code generated in your 2FA app.
Before you get started, make sure you take advantage of our !
4.6.2 or above
The relevant
When using Windows 10/11, the needs to be installed.
See the section of the Knowledge Base article for details on how to install RSAT.
See the Knowledge Base article for details on how to resolve this.
First Select the Configure. This is how you will ensure that the system where the Publisher is installed has access to the configuration manager site.
If the server that the Publisher is installed on is remote from the SMS Provider, the SYSTEM Account of the Publisher server may need to be added to the SMS Admins Group, or DCOM permissions may need to be updated ()
Tip: If you need to create the security role, you will need to manually add the computer account to the role after it's automatically created as described .
Certain require the content to be downloaded ahead of time into a known folder. This typically is related to specific vendors who's content can only be downloaded after logging in or paying for the software.
Before you get started, make sure you take advantage of our !
Tip: Did you know you can schedule a free setup call with an engineer if you prefer to have an engineer from Patch My PC perform a guided install with you in your environment?
Product Name
Download Location
Cisco AnyConnect Suite
Oracle Java Runtime Environment 8
Oracle Java SE Development Kit 8
Mimecast for Outlook
Right Click Tools
Bluebeam Revu
BluebeamOCR
Pulse Connect Secure
Kofax Power PDF 4 Advanced
Duo Authentication for Windows Logon
TeamViewer MSI
Installer Telemetry
To track installations and their success state.
Activation
Collected by our licensing API to tell us which products have been activated.
Installed version
Collected by our licensing API to tell us which version of software has been installed.
How to get your Patch My PC license, properly assigned in the publisher service.
Applies to: On-premises Publisher
When the publisher first launches, you will be required to provide a license key. If you have not yet purchased and received your license key, we provide two additional free options for testing our product.
The first option is to enable the Limited Trial Mode. This limited trial mode does have some restrictions including a limited number of products as covered in the link above. We encourage you to request a free thirty-day trial from our website. When you receive your full-trial or customer license email, it will contain your 20 character license key.
The full-access 30-day trial contains all features and access to all products.
If the license validation is successful, it should look like the below image.
If you receive an error when clicking Validate URL, please review our knowledge base article Troubleshooting License Activation Issues. License activation errors are often related to firewall or proxy configurations.
Applies to: On-premises Publisher
This article covers integrating the Patch My PC Publisher with your Intune tenant. We will go over creating an app registration in your Azure AD environment and configuring the Graph API permissions required for the Publisher to automatically create, update and assign Win32 applications in your Intune tenant; as well as configuring the tenant authority, application ID and application secret within the Publisher.
Topics covered in this article:
In order for our service to have permissions to your Intune tenant for application management, start by navigating to your environment’s Azure AD portal, head to App registrations, and click New registration in the top left of the main pane.
Give your app registration a relevant name such as “Patch My PC – Intune Connector”. Configure the account types based on your tenant requirements. For the Redirect URI, leave it to the default unless you have specific requirements for configuring the Redirect URI. Then click Register.
A full Intune API reference KB article for the Publisher can be found at https://patchmypc.com/patchmypc-publisher-api-reference
After you register a new application, we will need to delegate certain permissions in order for the Patch My PC Publisher to create and update Win32 applications in your Intune tenant, as well as view Azure groups and create assignments for the applications automatically.
Once the new app is registered, navigate to the API permissions node in the left column of the newly created app’s page. In the API permissions page, click the button to Add a permission, then in the right pane that appears, select the Microsoft Graph API.
Then, you are prompted for what type of permissions your app requires select Application permissions. In the Select permissions table view, search for “DeviceManagement” and under those permissions, enable the following:
DeviceManagementApps.ReadWrite.All
(View and create applications in Intune)
DeviceManagementConfiguration.Read.All
(View properties and relationships of assignment filters)
NOTE: The DeviceManagementConfiguration.Read.All permission is not needed if you are on the deprecated Intune Essentials subscription.
DeviceManagementManagedDevices.Read.All
(View device inventory for the auto-publish feature)
DeviceManagementRBAC.Read.All
(View scopes to be assigned to applications)
DeviceManagementServiceConfig.ReadWrite.All
(Update Enrollment Status Page configurations)
Then, search for “GroupMember”, and under Group permissions, enable:
GroupMember.Read.All
View Azure AD groups to enable automatic application deployment
Click Add permissions.
To approve the new permissions, click Grant admin consent for. Choose Yes if you are prompted to consent for the required permissions. You must be logged into an Azure AD account with permissions to perform this task.
Note: Granting admin consent may require one of the following roles: Global Administrator or Privileged Role Administrator.
The result is shown below.
A certificate is considered more secure than a client secret for authentication to the new app registration as it is something you have (private key) rather than something you know (password). A client secret is the easiest configuration method but is considered less secure.
More guidance on why a certificate should be used instead of a client secret can be found at https://learn.microsoft.com/en-us/azure/active-directory/develop/security-best-practices-for-app-registration#certificates-and-secrets
Choose either Option 1 or Option 2 from the steps below to create an authentication credential for use with the new app registration. We strongly recommend using Option 1.
Certificate-based authentication is the preferred authentication method when connecting to an Azure App Registration. This document will focus on creating a self-signed certificates for use with the Patch My PC Publisher: Create a self-signed public certificate to authenticate your application.
Self-signed certificates with long expiry dates may use outdated hash and cipher suites that may not be strong enough as industry standards and best practices change. For this reason, choose short expiry dates or purchase a certificate signed by a well-known certificate authority.
The following are the current requirements for using certificate-based authentication that apply to both purchased and self-signed certificates:-
A 2048-bit key length. While longer values are supported, the 2048-bit size is highly recommended for the best combination of security and performance.
Uses the RSA cryptographic algorithm. Azure AD currently supports only RSA.
The certificate is signed with the SHA256 hash algorithm (Entra ID also supports certificates signed with SHA384 and SHA512 hash algorithms).
The certificate is valid for only one year.
Follow the steps below to create a self-signed certificate using the New-SelfSignedCertificate and Export-Certificate PowerShell cmdlets:-
Open a PowerShell window on the same computer where the Patch My PC Publisher is installed. Be sure to elevate the prompt by choosing Run as Administrator.
Copy the following code snippet to and paste into the elevated PowerShell window.
Verify the certificate was created successfully in the Local Machine Personal Certificate Store by running certlm.msc.
We need to export the Public Key and upload it to the new app registration for the Patch My PC Intune connector. Follow the steps below:-
Open PowerShell window on the same computer where the Patch My PC Publisher is installed. Be sure to elevate the prompt by choosing Run as Administrator.
Copy the following code snippet to and paste into the elevated PowerShell window.
Verify the certificate was exported successfully in the C:\temp\certs folder.
If you receive the message "The system cannot find the path specified" (as shown below), please ensure the credentials used to launch the PowerShell session have permission to create a folder at C:\temp or specify a new path for the $certFolder variable where you do have permission to create the folder.
In the browser, navigate to the App registration created in Step 1 and select the Certificates & secrets node in the left column. Select the Certificates and click Upload certificate.
Browse to the C:\temp\certs folder, select the certificate that was exported earlier, click Open and then click Add.
Verify the public key is listed correctly in the app registration.
If you have already followed the instructions for Option 1, you do not need to create a client secret. Instead, go to Step 4
A client secret, a password string that our app will use to prove its identity when requesting a token. Navigate to the Certificates & secrets node in the left column, and click the button to add a New client secret. Decide on a description and expiration date (in months) that best suits your organization’s needs, then click Add.
Microsoft recommends a client secret of no longer than 6 months
Copy the Value for the Client Secret you created. Save this value to a secure location, you will enter the value under Application Secret in the Intune Options of the Publisher.
You may receive an error similar to ‘An error occurred while connecting to Intune: AADSTS7000215: Invalid client secret is provided.’ within the PatchMyPC.log file. If you receive this error please repeat option 2 above to create a new secret, or review your existing secret configuration within the Publisher to ensure you are using the correct value.
Navigate to the Overview node of the app registration, and copy the Application (client) ID. Save this value to a secure location along with your secret key value.
If you do not know your Intune tenant domain, navigate to the tenant status page in your Intune tenant, and look at the property for Tenant name.
Now, it is time to go to the Intune Options window of the Publisher Patch My PC Publisher to configure the following:-
Authority Application ID Certificate or Application Secret (depending on whether you followed Step 3 option 1 or option 2)
The Authority value is a URL made up from the Microsoft authentication endpoint and your tenant name. The newer Microsoft authentication endpoint should be used:- https://login.microsoftonline.com
Referring to the screenshot above, replace tenantname.onmicrosoft.com with the Tenant name you found in the tenant status page of your Intune tenant. The construct of the URL should look something like https://login.microsoftonline.com/<<Tenant name>> The complete Authority value should look similar to this example below:- https://login.microsoftonline.com/tenantname.onmicrosoft.com
Paste the Application ID that you recorded earlier.
If you chose to use a Certificate for authentication, click the certificate option and browse the Local Machine store for the correct certificate and click Ok.
If you chose to use a Client Secret for authentication, click the Application Secret option and enter the Client Secret value you recorded earlier.
Click Test to view the Intune Connection Status and validate that the Publisher can connect to your Intune tenant. If the listed permissions all have a green checkmark under Enabled, you can now begin to publish applications to your Intune tenant.
If the associated tenant is on GCC High, the changes below are required: Authority: https://login.microsoftonline.us Authentication URL: https://graph.microsoft.us Graph Base URL: https://graph.microsoft.us/beta
Enabling and creating Intune Applications in the Patch My PC publishing service.
Applies to: On-premises Publisher
To enable products to publish, check the "Enable creation of Win32 applications in Microsoft Intune" checkbox.
Once the option is selected, you'll be able to enable other products. When first getting started with the product, it is recommended that you only choose one or two products to reduce the impact on the first sync and to validate your implementation quickly. We have found that Notepad++ and 7-Zip tend to be great initial use case tests.
Tip: We recommend enabling Manage Conflicting Processes for Notepad++
To find and enable these products, you can search the list of products using Ctrl + F or by clicking on the magnifying glass in the lower right corner.
When you select the search button a dialogue will open, type in one of our example products and hit enter, or click OK.
Once you have found the product you want to patch, click the checkbox for your architecture choice and click Apply.
Tip: You can right-click All Products, Vendors, or individual Products to apply custom installation options as described in the article below.
If you hit OK instead of Apply, don't worry as the Publisher will close after saving the changes. You can just re-open and keep right on working.
Details of port and external site requirements and supported browsers.
Applies to: Advanced and Patch Insights
Advanced Insights use the following ports, and the installer will automatically create Windows firewall exceptions for these ports.
Advanced Insights Frontend - tcp/443 (or whatever you have customised this to in the installer)
Advanced Insights API - tcp/44301 (cannot be changed)
The Advanced Insights server needs access to various domains and APIs to function fully.
api.patchmypc.com:443
Reason: For licensing
learn.microsoft.com:443
Reason: For ConfigMgr, Windows, and Office 365 release and support statements
Important: To activate and use Advanced Insights, you must permit outbound access for api.patchmypc.com:443
api.msrc.microsoft.com:443
Reason: The Threat Analytics dashboard uses data from this external API
services.nvd.nist.gov:443
Reason: The Threat Analytics dashboard uses data from this external API for PMPC CVE data
access.redhat.com:443
Reason: The Threat Analytics dashboard uses data from this external API for PMPC CVE data
getcallisto.io:443
Reason: The Advanced Insights inventory extensions
api.callisto.co:443
Reason: The Advanced Insights Threat Analytics API
supportapi.lenovo.com:443
Reason: To retrieve data from the Lenovo warranty service
apigtwb2c.us.dell.com:443
Reason: To retrieve data from the Dell warranty service
support.dynabook.com:443
Reason: To retrieve data from the Toshiba warranty service
eu.daas.api.hp.com:443 or daas.api.hp.com:433 (depending on your region)
Reason: To retrieve data from the HP Workforce Experience warranty service
To use these features of Advanced Insights, you will need outbound access to the above addresses.
We do not support Internet Explorer for Advanced Insights. Please use Firefox, Edge, Chrome or any other modern browser to access Advanced Insights.
Applies to: Advanced and Patch Insights
Version 2.1 of Advanced Insights removes SQL Server dependency. Advanced Insights configuration data previously stored in SQL Server will now be maintained in a SQLite database which is stored in %ProgramData%\AdvancedInsights\Data\Api\AdvancedInsightsConfig.db
Example upgrade summary page when migrating from SQL to SQLite db:
All data will be migrated to this new database from SQL Server when the application first starts up following upgrade.
Once this is complete (you can confirm this by logging into Advanced Insights post-install) you can safely remove the PMPCAdvancedInsights SQL database. If you had installed SQL Express to support this requirement, this can also be removed.
Change the Advanced Insights IIS application pool identity.
This section describes the steps required to change the IIS Application pool identity used for an existing Advanced Insights deployment.
The ability to change the IIS application pool identity using the modify feature is supported in version 2.4.1 and later.
Review the IIS Application pool identity details here: IIS Application Pool Identity
In the configuration modification page, select the checkbox for 'IIS Application Pool Identity' then click 'Change Identity':
Select 'Local System' or to set a custom identity using an Active Directory account, select 'Specific User':
In this example we will set a custom identity using an Active Directory account. After entering the account username and password, (The domain value should already be pre-populated by the installer) the 'Check Credentials' button can be used to validate the account credentials entered.
Click OK
The confirmation page is then displayed. Click close to exit the installer.
This completes the steps required to modify the IIS Application Pool identity.
How to modify an existing custom dashboard
Applies to: Advanced Insights
To modify an existing custom dashboard, we navigate to the 'Custom Dashboards' node in the 'Administration' section and click the 'Edit' option.
To add new items to the dashboard, select them from the list and click 'Add to Dashboard'.
To rearrange items on the dashboard, you can click and drag.
Software Registered in Add/Remove Programs
Applies to: Advanced Insights
The User Installed Apps data on this page requires the deployment of the Advanced Insights Inventory Extensions
The Client Inventory dashboard provides you with high-performance access to Configuration Manager's software inventory data.
The statistics across the top list the counts of applications installed in the user profiles across your estate and how many devices have applications installed in this way. Plus a count of 32 and 64-bit applications.
The table lists all apps in a quickly searchable and filterable way. Each discovered application is listed by Publisher and Display name. Where multiple versions of an application are present in the environment a count of versions is shown.
Operating system last boot time data
Applies to: Advanced Insights
This dashboard displays the Windows OS Uptime data and when the last hardware inventory occured from the device clients.
Applies to: Advanced Insights and Patch Insights
This dashboard you can see the compliance data where a windows feature upgrade is detected as needed or installed.
Applies to: Advanced Insights and Patch Insights
Applies to: Advanced Insights
Applies to: Advanced Insights
The Update Installation Trend dashboard shows the deployment trend of installation of a update.
The top row of shows how many days it took for the first device to install the update, 50%, 90% and 100% Installation targeted.
You can filter the chart by collection, select which update and the number of days you want to see the trend for.
Some devices may become compliant without having installed this update via this deployment and these will not show in the installation data here.
This portlet shows enforcement activity for managed client devices for this update.
How to get your Patch My PC license, properly assigned in the publisher service.
Applies to: On-premises Publisher
When the publisher first launches, you will be required to provide a license key. If you have not yet purchased and received your license key, we provide two additional free options for testing our product.
The first option is to enable the Limited Trial Mode. This limited trial mode does have some restrictions including a limited number of products as covered in the link above. We encourage you to request a free thirty-day trial from our website. When you receive your full-trial or customer license email, it will contain your 20 character license key.
The full-access 30-day trial contains all features and access to all products.
If the license validation is successful, it should look like the below image.
If you receive an error when clicking Validate URL, please review our knowledge base article Troubleshooting License Activation Issues. License activation errors are often related to firewall or proxy configurations.
Getting notified when there are new updates available to deploy, or when something doesn't quite go as expected.
Applies to: On-premises Publisher
To keep you informed when new updates are ready for deployment in your environment, we provide three different ways to get notifications in your environment:
Configurations for SMTP can vary greatly between environments, use the image below as a reference for your environment.
Select a Common Provider if applicable
Enable The feature to send e-mails
Specify YOUR sender e-mail
Specify who should receive the e-mail
Configure Email Authentication
Provide login details as needed, and security port details
If you have issues setting up SMTP emails, check out our troubleshooting guide below.
The Microsoft Teams webhook is a simple way to get a notification for each application as it is prepared for your environment. Simply create a new connector in teams, and paste the Web URL into the field.
Need help creating the webhook in teams? No problem, check out our complete guide to creating a Teams webhook.
The Slack webhook is another simple way to get a notification for each application as it is prepared for your environment. Simply create a new webhook in Slack, and paste the Web URL into the field.
Need help creating the webhook for Slack? No problem, check out our complete guide to creating a Slack webhook.