Membership: Patch Policy

Patch Mgmt > Patch Policy: Membership

The Membership page assigns machine IDs to one or more patch policies. Patch policies contain all active patches for the purpose of approving or denying patches. An active patch is defined as a patch that has been reported by a patch scan by at least one machine in the VSA. Any machine can be made a member of one or more patch policies.

For example, you can create a patch policy named servers and assign all your servers to be members of this patch policy and another patch policy named workstations and assign all your workstations to be members of this policy. This way, you can configure patch approvals differently for servers and workstations.

• The patches of machines that are not a member of any patch policy are treated as if they were automatically approved.
• When a new patch policy is created the default approval status is pending approval for all patch categories.
• The default approval status for each category of patches can be individually set.
• If a machine is a member of multiple patch policies and those policies have conflicting approval statuses, the most restrictive approval status is used.
• Initial Update and Automatic Update require patches be approved before these patches are installed.
• Approval by Policy approves or denies patch by policy.
• Approval by Patch approves or denies patches by patch and sets the approval status for that patch in all patch policies.
• KB Override overrides the default approval status by KB Article for all patch policies and sets the approval status for patches associated with the KB Article in all patch policies.
• Patch Update and Machine Update can install denied patches.

Standard administrators can only see patch policies they have created or patch policies that have machine IDs the administrator is authorized to see based on the administrator roles they are assigned.

Add

Click Add to add selected machine IDs to selected patch policies.

Remove

Click Remove to remove selected machine IDs from selected patch policies.

Assign machines to a patch policy

Click one or more patch policy names to mark them for adding or removing from selected machine IDs.

Always show all Patch Policies to Standard Administrators

If checked, standard admininstrators can see all patch policies. This allows standard administrators to deploy patch policies, even if they did not create the patch policies and don't have machines yet that use them. If blank, standard administrators only see patch policies that contain machines to which they have access or those which they created. Master administrators always see all patch policies. This option only displays for master administrators.

Machine.Group ID

The list of Machine ID.Group IDs displayed is based on the Machine ID / Group ID filter and the machine groups the administrator is authorized to see using System > Group Access.

Policy Membership

Displays a comma separated list of patch policies that each machine ID is a member of.

Topic 218: Send Feedback. Download a PDF of this online book from the first topic in the table of contents.