Patch Mgmt > Patch Approval

Patch Approval gives you control over machines set for Automatic Update. Patch Approval lets you approve a patch first before it gets generally deployed to all your managed machines. Define separate approval policies for each machine collection. For example, by setting up a separate approval policy for each of collection, you can automatically deploy a patch to all your workstations while blocking deployment to servers.

When you create a new Patch Approval policy, all patches are approved by default. You can then deny any of those patches you want to block for this collection. When new patches are released, the system automatically denies them in the policy. These are displayed as Pending Approval to distinguish them from previously denied patches. This gives you the chance to test and verify a patch in your environment before the patch automatically pushes out.

If a machine is a member of two collections and each collection has a separate policy, and if a patch is denied by either collection then the patch is denied for that machine. Note that if one collection does not have any policy set, then only the policy that is set is used.

Collection selector

Select a collection by name from the drop down control. Machines that are not a member of any collection are automatically approved.

Default Approval Status selector

Available only when the selected collection has a defined policy. Select a default approval status for this collection. This default value will be used to automatically set the approval status of newly identified patches to this value for this collection.

Remove Policy

Available only when the selected collection has a defined policy. Clicking this button will delete the current policy and automatically approve all current and all future patches for this collection.

NOTE: Clicking this button to remove this policy permanently deletes the approval policy. To enable an approval policy, you must recreate the policy.

Filter patches by Approval Status selector

Available only when the selected collection has a defined policy. Filters the list of patches in this policy based upon the selected approval status.

Approve / Deny

Available only when the selected collection has a defined policy. Clicking these buttons approves or denies the checked patches from the list.

Set Policy

Available only when the selected collection does not have a defined policy. Clicking this button will create a new patch approval policy for this collection.

Patch Groupings

To facilitate patch approval, patches are displayed in the following groupings:

Links are provided for each of these groups along with” Back to top…” links to facilitate navigation on the screen.  Each grouping has “Select All” / “Unselect All” links that act only on the grouping.  There are also “Select All Service Packs and All Patches” and “Unselect All Service Packs and All Patches” that act on the entire page.