Patch Mgmt > Patch Approval
Patch Approval gives you control over machines set for Automatic Update. Patch Approval lets you approve a patch first before it gets generally deployed to all your managed machines. Define separate approval policies for each machine collection. For example, by setting up a separate approval policy for each of collection, you can automatically deploy a patch to all your workstations while blocking deployment to servers.
When you create a new Patch Approval policy, all patches are approved by default. You can then deny any of those patches you want to block for this collection. When new patches are released, the system automatically denies them in the policy. These are displayed as Pending Approval to distinguish them from previously denied patches. This gives you the chance to test and verify a patch in your environment before the patch automatically pushes out.
If a machine is a member of two collections and each collection has a separate policy, and if a patch is denied by either collection then the patch is denied for that machine. Note that if one collection does not have any policy set, then only the policy that is set is used.
Collection selector
Select a collection by name from the drop down control. Machines that are not a member of any collection are automatically approved.
Automatically approve all patches for this collection
Check this box to approve all patches for all machines in this collection. Uncheck the box to approve individual patches for the selected collection. Unchecking the box displays a list of all patches that apply to all machines in the selected collection.
NOTE: Checking the box to approve all patches permanently deletes the approval policy. If you then uncheck the box, you must recreate the policy.
Approve / Deny
Clicking these buttons approves or denies the checked patches from the list.
Patch Groupings
To facilitate patch approval, patches are displayed in the following groupings:
Operating System Related Service Packs
Operating System Related Patches
Office Related Service Packs
Office Related Patches
Links are provided for each of these groups along with” Back to top…” links to facilitate navigation on the screen. Each grouping has “Select All” / “Unselect All” links that act only on the grouping. There are also “Select All Service Packs and All Patches” and “Unselect All Service Packs and All Patches” that act on the entire page.