In this post I will show you how to install Dell and Lenovo third-party updates using SCCM. With proper configuration we can easily deploy the 3rd party updates which are available as partner catalog for Dell, Lenovo and HP. This is just not limited to these 3 vendors only, we can add custom catalog as well such as Adobe or any other.

Requirement for configuring third-party updates

Configuring of SSL is one of the most important steps on WSUS and SUP setting. Enabling of SSL on SUP is only required when it’s remote.

Configure SSL on WSUS One of the important configurations is to configured SSL on WSUS which is used as Software Update Point Site System role. Follow the link on how to configure WSUS / SUP to use SSL for communication which will show you how to configure it. This consists of creating Web Server certificate through internal certificate authority for WSUS and enabling few of the web services directory to use SSL.

Configure SSL on SUP : This is a straight forward setting by enabling the check box “Require SSL communication to the WSUS server”. This setting can be found by launching Configuration manager console and navigating to AdministrationOverviewSite ConfigurationServers and Site System Roles and select the Site System Role with SUP installed. Under bottom pane (Site System Roles), double click Software update point role to open properties. Just check the box under WSUS Configuration showing “Require SSL communication”.

Require SSL communication to the WSUS server

Process to enable third-party updates

The process consists of several steps which publishes the third-party updates to Software update point (SUP) which can further be deployed to the clients. Belo mentioned process is valid for 3 kinds of partner catalogs such as:

  • Dell
  • Lenovo
  • HP

Enable third-party updates on SUP

On Configuration Manager console, navigate to AdministrationOverviewSite ConfigurationSites, select the site and click on Configure Site Components > Software update point.

Install3rdPartyUpdates 02

This will open Software Update Point Component Properties, click on Third Party Updates. Here you have to check the box “Enable third-party software updates”.

We also need to generate code signing certificate for WSUS signing certificate configuration. We have 2 options:

Enable third-party software updates
  • Configuration Manager manages the certificate – Selecting this option automatically manages the WSUS signing certificate.
  • Manually manage the certificate – You need to manually configure the certificate using PKI certificate or using System Center Updates Publisher (SCUP).

Let’s select Configuration Manager manages the certificate which will generate the certificate for you automatically.

Click on ok. Current WSUS signing certificate details will not be generated immediately.

You have to wait for next sync to happen or you can initiate it manually.

Once sync is completed, you will see certificate details got generated.

Configuration Manager manages the certificate

Generation of third-party signing certificate can be seen under wsyncmgr.log:

Successfully inserted new WSUS signing certificate with thumbprint
Checking for third-party signing certificate

You can also verify this certificate under local computer store on SUP. Launch certlm.msc to open Certificates- Local computer. You will see newly created folder WSUS > Certificates.  WSUS Publishers Self-signed certificate will be visible.

WSUS Publishers Self-signed Certificate

Enable third-party updates on Clients

Clients will not get third-party updates until unless it is not enabled in client settings. Navigate to AdministrationOverviewClient Settings, select existing Client settings. Under Software Updates:

Enable third party software updates, change the value to Yes.

Client Settings to enable third party software updates

Subscribe the Partner Catalog (Dell / Lenovo)

Once the sync is completed, partner catalog for Dell, HP and Lenovo will be created. Navigate to Software LibraryOverviewSoftware UpdatesThird-Party Software Update Catalogs, you will be able to see 3 Publisher Name:

  • Dell : Dell Business Client Updates Catalog
  • HP: HP Client Updates Catalog
  • Lenovo: Lenovo Updates
Partner catalog in SCCM

These are the 3 partner’s catalog got enable with the options we selected previously. We can also add custom catalog by clicking on Add Custom Catalog for Adobe and others.

Subscribe to Catalog

Select Dell and click on Subscribe to Catalog.

Dell drivers Subscribe to Catalog

This will launch Third-party Software Updates Wizard with Download URL for CAB file already listed (, this happened automatically as this is Partner Catalog (not custom catalog), click Next.

Install3rdPartyUpdates 10

Catalog will be downloaded, click Next.

Downloading the catalog

Under Review and approve > Approval to subscribe, you can view the certificate for Dell. Click on “I have read and understood this message” and click Next.

Approval to subscribe third-party update

Under Select Categories, we will have options to select update categories. I click on Select categories for Synchronization by selecting few devices only, click Next.

Select update categories for Dell

Under Stage update content, select Do not stage content, synchronize for scanning only (recommended) as we don’t want to download everything.

Do not stage content

Under Set custom schedule, specify the synchronization schedule which will run weekly / daily based upon the settings specified, click Next.

Synchronize Schedule

Verify the Summary and click Next to initiate the process.

Install3rdPartyUpdates 16

This will initiate the sync and after waiting for some time, we can see the Last sync status as “Success”.

Dell partner catalog success

You can view the synchronization of Dell updates through log file SMS_ISVUPDATES_SYNCAGENT.log located under <Microsoft configuration Manager Install location>logs with following info:

SyncUpdateCatalog: Starting download for catalog 'Dell Business Client Updates Catalog' from '' ...
SyncUpdateCatalog: Downloading file: '' to 'D:Program FilesMicrosoft Configuration'.
SyncUpdateCatalog: Download from '' completed successfully.
SyncUpdateCatalog: SyncUpdateCatalog : 41a7ad54-9744-4779-acd8-bf596e11e12f - Completed.

Install3rdPartyUpdates 18

Enable Dell Products under Software Update Point Component

As the first level of sync is completed for Dell, this would have created the catalog entry under All products. Navigate to AdministrationOverviewSite ConfigurationSites. Under Configure Site Components > Software Update Point > Products tab, we can see Dell category available, select the options and click on OK.

Dell Product Category update

Initiate then sync by navigating to Software LibraryOverviewSoftware UpdatesAll Software Updates and click on Synchronize Software Updates.

Once the sync is completed, we can see all Dell drivers available under All Software Updates.

Dell Driver update in SCCM console

The sync status of Dell drivers can be verified through log file wsyncmgr.log

Requested categories: Company=Adobe, Company=Dell, Product=Windows 10 and later drivers, Product=Windows 10, version 1903 and later, Servicing Drivers, Product=Office 2016, Product=Microsoft 365 Apps/Office 2019/Office LTSC, Product=Windows 11, Product=Microsoft SQL Server 2019, Product=Windows 10, Product=Windows 10, version 1903 and later, Product=Windows 10, version 1903 and later, Upgrade & Servicing Drivers, Product=Windows 11 Client, version 22H2 and later, Upgrade & Servicing Drivers, UpdateClassification=Security Updates, UpdateClassification=Update Rollups, UpdateClassification=Upgrades, UpdateClassification=Updates, UpdateClassification=Definition Updates, UpdateClassification=Critical Updates
Synchronizing update 7aa07c64-b6a7-4e7f-a520-470796344cfc - Dell Command | Update Windows Universal Application,4.4.0,A00
Synchronizing update 0c3c779b-80a8-441a-b7a8-facd9123a162 - Dell OpenManage Inventory Agent(for Dell Business Client Systems),
Install3rdPartyUpdates 21

Publish Third-party Software Update Content

The job is still not completed, though updates are available, we need to publish them. Before publishing the icon of the update is of Blue colour and Content information of the update is also blank.

Install3rdPartyUpdates 22

Right click the specific update / updates you want to publish and select Publish Third-Party Software Update Content.

Publish Third-Party Software Update Content
Publish Third-Party Software Update Content
Install3rdPartyUpdates 24

You can again verify the downloading of metadata in SMS_ISVUPDATES_SYNCAGENT.log. This has just downloaded the metadata but not the actual update.

Install3rdPartyUpdates 25
Install3rdPartyUpdates 25

One another sync is required for All software Updates, this can be checked through wsyncmgr.log which will eventually do the sync with 3rd party updates and make the metadata available in SCCM database.

Once this is done, you can see the icon changed to Green and Content information status of specific driver update is also visible. Another change we can see is: Metadata Only showing as No as it contains complete information of updates unlike other Dell updates which are still showing “Metadata Only” as “Yes”.

Download and Deploy Dell Driver updates

We are ready to download the drivers. It will take some time to show the count for Required updates as devices has to go through next Software Update Scan Cycle. Once this is done, you will be seeing few systems showing the update as required if they have old drivers.

Select the driver, right click and select Download.

Dell Driver updates Configuration Manager

Select “Create a new deployment package”, provide name and Package source location. Click Next.

Install3rdPartyUpdates 30

On Distribution Points page, add DP and click Next.

Install3rdPartyUpdates 31

On Distribution Settings, click on “Automatically download content when packages are assigned to distribution points” and click Next.

Install3rdPartyUpdates 32

On Download Location, click on Download software updates from the Internet and click Next.

Install3rdPartyUpdates 33

Verify the Summary and click Next to start downloading the update.

Downloading third-party updates

Once downloaded you will see the completion message info.

Install3rdPartyUpdates 35

You may verify the downloading of driver updates through Patchdownloader.log with following info:

Contentsource = .
Query to run: select f.FileName, c.ContentUniqueID from SMS_CIToContent c join SMS_CIContentFiles f on c.ContentID = f.ContentID where c.ContentID in (16787543) and f.FileHash = 'SHA1:3A0BE110C6E03BD2F7215D97243D30B6C2EDDB64'
File  does not exist under current download destination.
Query to run: select f.FileName, ct.ContentSource from SMS_CIToContent c join SMS_CIContentFiles f on c.ContentID = f.ContentID join SMS_Content ct on c.ContentID = ct.ContentID where c.ContentDownloaded = 1 and f.FileHash = 'SHA1:3A0BE110C6E03BD2F7215D97243D30B6C2EDDB64' Checking machine config Created hard link: \localhostd$SourceSoftware UpdateDell -> \localhostd$SourceSoftware Content already downloaded. Created link for ContentID = 16787543,  FileName = Renaming \localhostd$SourceSoftware UpdateDell R001c3c779b-80a8-441a-b7a8-facd9123a162.1 to \localhostd$SourceSoftware UpdateDell R001c3c779b-80a8-441a-b7a8-facd9123a162 Successfully moved \localhostd$SourceSoftware UpdateDell R001c3c779b-80a8-441a-b7a8-facd9123a162.1 to \localhostd$SourceSoftware UpdateDell R001c3c779b-80a8-441a-b7a8-facd9123a162
Install3rdPartyUpdates 36

Dell driver update patch is downloaded and ready to deployed further.


Deploying third-party updates looks like a complex process. But this is all about securing your WSUS with SSL and creating Code signing certificate. If we follow proper instructions (lots of Microsoft documentation also available), we can make this task easy. Rest other things on Configuration manager to enable third-party updates are pretty much easy to implement. Previously SCUP (System Center Update Publisher) was the only option available for deploying third-party updates but with new changes with configuration manager, this has now become possible.

The process remains the same for Lenovo and HP Partner Catalog. Though for Custom Catalog such as Adobe and others, it is not totally different for initial configuration, but for publishing the catalog you have to add custom catalog which is not published automatically as part of enabling third-party updates.

Important Links

Enable third-party updates – Configuration Manager | Microsoft Docs

Available third-party software update catalogs – Configuration Manager | Microsoft Docs