# Automated Windows Updates Using Policies ## Automate Patch Management Using Policies Policies are used to automate patch management by selecting/deselecting Windows Update Categories; they can be approved/denied/deferred in the **Policies** tab on the **Control Grid** View. Navigate to the **Policies** tab on the **Control Grid** view, select **Create New Policy** > **Windows** **Policy**. Go to the **Windows Updates** tab once the policy comes up. Depending on the **Update Mode** selected (for more information on Update Modes, see [Policy Update Mode](https://docs.faronics.com/faronicsdeploy/policy-update-mode)) under the policy General Settings, Windows Update categories will be set to Automatically Install or Install Only if Approved. The screenshot below shows all Windows Updates automatically installed (the Update Mode for this Policy is **Semi-Automatic**). ![Semi-Automatic Update Mode - All Windows Updates are automatically installed ](https://3007061244-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MRkQfx_2cLnNNBX1muO%2F-MVOEICKS8HpPunXDn5r%2F-MVOJIh1zcOtbqBCGgu_%2Fimage.png?alt=media\&token=5a39153b-0918-4cf4-b2b2-94fe9d35630c) Alternatively, if the **Manual Update Mode** is selected (shown in the screenshot below), the following will appear in the Policy screen for Windows Updates. {% hint style="info" %} Note that you can deselect the top three **Windows Update Types (**Critical Update, Security Update, and Definition Update); they are there by default. {% endhint %} ![Manual Update Mode - Only 3 Windows Updates are automated](https://3007061244-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MRkQfx_2cLnNNBX1muO%2F-MVOEICKS8HpPunXDn5r%2F-MVOJoPlRH4k9mquyvtM%2Fimage.png?alt=media\&token=5a5e0a50-7abc-4744-bb7a-c8894066d4a3) ### Approve Categories To approve a Windows Update Category and automatically install it on all computers using this Policy, select the box under the Automatically Install column beside the category name you want to approve (Security Update in this example). ![Approve the Security Update Category for automatic install](https://3007061244-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MRkQfx_2cLnNNBX1muO%2F-MVOUuXiRpiwKrN4L4e3%2F-MVOVRIuh0go9EbXAYqo%2Fimage.png?alt=media\&token=5c61c289-39e6-426c-a93f-6ce7e3f8d777) ### Deny Categories To deny a Windows Update Category, select the box under the **Denied** column beside the category name(s) you want to Deny (Critical, Security, Rollup, and Tools in this example). ![Critical, Security, Rollup and Tool Categories Denied updates in this Policy](https://3007061244-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MRkQfx_2cLnNNBX1muO%2F-MVOEICKS8HpPunXDn5r%2F-MVOTyAnl1d-uuLeE1qt%2Fimage.png?alt=media\&token=7cb926f1-3d5b-4d3d-b9fa-efb3f03e69fd) ### Defer The **“Automatically Install” Deferral** column is used to specify the number of days for the deferral. If set to 20 days, patches under that category will only install 20 days after release. {% hint style="info" %} Note that the Automatic Install column needs to be checked and the "Automatically Install" Deferral Days need to be set for a deferral. {% endhint %} ![Security Update Automatic Deferral for 20 days ](https://3007061244-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MRkQfx_2cLnNNBX1muO%2F-MVOfI-DTIrLY8Ae5gNN%2F-MVOh6jnLSM10flYagIG%2Fimage.png?alt=media\&token=95aac98e-a031-465d-abc0-b6812dffbf0b) ### Install Only if Approved / Manual Approval To manually approve or deny patches under a certain category, the boxes beside the category name under the columns **Automatically Install** and **Denied** should be **unchecked**. ![Install unchecked Windows Updates Categories only if approved manually](https://3007061244-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MRkQfx_2cLnNNBX1muO%2F-MVOUuXiRpiwKrN4L4e3%2F-MVOWUEfuff1et_iQKuW%2Fimage.png?alt=media\&token=90c7524f-65eb-4e12-9e5e-5e31ca57f707) Patches under these categories can then be manually approved or denied using the **Windows Updates** Control Grid.