KB Override

Patch Mgmt > KB Override

The KB Override page sets overrides of the default approval status of patches set using Approval by Policy by KB Article for all patch policies. It also sets the approval status for existing patches by KB Article for all patch policies. This page only displays for master administrators. Changes affect patches in all patch policies installed by all administrators. See Methods of Updating Patches, Configuring Patch Management, Patch Processing, Update Classification and Patch Failure for a general description of patch management.

For example, KB890830, "The Microsoft Windows Malicious Software Removal Tool" is released monthly. If you decide to approve all patches associated with this KB Article using KB Override, then not only are existing patches approved but all new patches associated with this KB article are automatically approved each month the new patch is released.

Setting Patch Approval Policies

Patch policies contain all active patches for the purpose of approving or denying patches. An active patch is defined as a patch that has been reported by a patch scan by at least one machine in the VSA. Any machine can be made a member of one or more patch policies.

For example, you can create a patch policy named servers and assign all your servers to be members of this patch policy and another patch policy named workstations and assign all your workstations to be members of this policy. This way, you can configure patch approvals differently for servers and workstations.

• The patches of machines that are not a member of any patch policy are treated as if they were automatically approved.
• When a new patch policy is created the default approval status is pending approval for all patch categories.
• The default approval status for each category of patches can be individually set.
• If a machine is a member of multiple patch policies and those policies have conflicting approval statuses, the most restrictive approval status is used.
• Initial Update and Automatic Update require patches be approved before these patches are installed.
• Approval by Policy approves or denies patch by policy.
• Approval by Patch approves or denies patches by patch and sets the approval status for that patch in all patch policies.
• KB Override overrides the default approval status by KB Article for all patch policies and sets the approval status for patches associated with the KB Article in all patch policies.
• Patch Update and Machine Update can install denied patches.
• Standard administrators can only see patch policies they have created or patch policies that have machine IDs the administrator is authorized to see based on the administrator roles they are assigned.

KB Article

Enter the KB Article to approve or deny.

Note: See Approval by Policy or Approval by Patch for a listing of all available KB Articles.

Approve

Click Approve to approve patches associated with this KB Article. Multiple patches can be associated with a KB Article.

Deny

Click Deny to deny patches associated with this KB Article. Multiple patches can be associated with a KB Article.

KB Article

Click the KB Article link to display the knowledge base article.

Override Status

Approved or Denied. Applies to all patches associated with this KB Article.

Admin

The administrator who approved or denied patches associated with this KB Article.

Changed

The date and time the administrator approved or denied patched associated with this KB Article.

Topic 3901: Send Feedback. Download a PDF of this online book from the first topic in the table of contents.