Patches can be auto approved/denied or auto-deferred for up to 30 days. This can be done based on the Windows Update category, or you can choose to approve individual patches manually.

Automate Patch Approval

Patch automation can be done using a policy; see Automated Windows Updates Using Policies for further information.

Testing Patches

There may be instances where you would like to test a specific patch before it is rolled out to the production environment or deny a specific patch if the patch falls under a category that has been marked to Automatically Install.

To test a patch on a computer before it is rolled out to the production environment, you will need to create two policies; one for the test group and another for the production environment.

The test computers will use a policy where the Update Category under which the patch falls is marked to Automatically Install.

The production environment will use a policy where the Update Category under which the patch falls is not marked in any column. This means the patch approval for this category is now manual. In this case, the Drivers category has been set to manual approval.

Approving / Denying Individual Patches

Individual Patches can be approved or denied from the Windows Update Control grid.

To Approve or Deny individual patches:

1. Select the Control Grid tab on the top menu bar.

2. Navigate to the Windows Updates tab.

3. Scroll down to the Pending Windows Updates grid.

4. Click the Search icon and enter a name or KB number to locate.

5. Select the Pending Windows Update; the ACTION TOOLBAR will now appear.

6. Click APPROVE or DENY.

7. Approve the update by clicking APPROVE UPDATE on the confirmation dialog.