Automated Windows Updates Use Case: Testing Patches
Patches can be auto approved/denied or auto-deferred for up to 30 days. This can be done based on the Windows Update category, or you can choose to approve individual patches manually.
Patch automation can be done using a policy; see Automated Windows Updates Using Policies for further information.
There may be instances where you would like to test a specific patch before it is rolled out to the production environment or deny a specific patch if the patch falls under a category that has been marked to Automatically Install.
To test a patch on a computer before it is rolled out to the production environment, you will need to create two policies; one for the test group and another for the production environment.
Test Group Policy that automatically installs all Windows Updates
The test computers will use a policy where the Update Category under which the patch falls is marked to Automatically Install.
The production environment will use a policy where the Update Category under which the patch falls is not marked in any column. This means the patch approval for this category is now manual. In this case, the Drivers category has been set to manual approval.
Production Group Policy - Drivers are not automatically updated
Individual Patches can be approved or denied from the Windows Update Control grid.
To Approve or Deny individual patches:
Search for a Pending Windows Patch to approve
1. Select the Control Grid tab on the top menu bar.
2. Navigate to the Windows Updates tab.
3. Scroll down to the Pending Windows Updates grid.
4. Click the Search icon and enter a name or KB number to locate.
5. Select the Pending Windows Update; the ACTION TOOLBAR will now appear.
Approve the Update for Removal of Adobe Flash on 5 Computers
6. Click APPROVE or DENY.
7. Approve the update by clicking APPROVE UPDATE on the confirmation dialog.
Approve confirmation dialog
Approve all patches in a Windows Update Category
Last modified 1yr ago