Automatic Approval Rules

Automatic patch approvals ensures that typical system patches or system critical patches are downloaded and installed when they become available without waiting for review.

There may be patches that you and your customers always want to schedule for download and installation once they have been detected. For example, one customer may be confident that all Microsoft patches except device drivers and tools can be installed automatically on their laptops and workstations, rather than waiting for you to verify and approve them manually. Another customer may be more cautious and may want only Microsoft Critical and Security Update patches installed automatically, preferring to wait for other patches to be manually approved.

After adding automatic approval for patches to rules, patching can take place without further input from you, or waiting for your review. For information on the approval types definitions, see Approval Definitions.

Automatic approvals do not overwrite existing approvals by default; automatic approvals only apply to patches with no current existing approval or in other words patches that show "No Approval". You can force an override of existing approvals:

  1. Click Configuration Patch Management.

  2. Click Automatic Approvals.

  3. Click the check box for the rule and click Run Rule Now, then click Clear and Re-evaluate.

This will clear any existing approvals and replace those approvals with the rule you are running.

Note that once you approve a patch, the approval is processed as a background task that may take some time to complete, depending on a number of factors. Because of this, the N-able N-central screen may not immediately reflect your selection.

If a patch is re-issued by Microsoft, Patch Manager remembers the existing approval status of patches to ensure that the approval you defined remains and you do not have to re-select and reset the approvals.

To create automatic approvals, ensure at a minimum, the following role permissions are applied:

  • Patch: Patch Approval and Patch Configuration
  • Monitoring: Filters and Rules


When creating automatic approval rules, you are able to target specific devices on which to apply these automatic approvals. Under the Targets tab, you can select collections of filtered devices (called rules). You can create these by adding a new rule.

Reorder Automatic Approval Rules

Re-arranging the automatic approval rules defines which automatic rules take precedence. Re-arrange automatic approval rules into the desired order by dragging and dropping them on the Automatic Approval Rules screen. After re-ordering the Automatic Approval Rules can be re-run. This in turn modifies the approvals for patches to be rolled out to your customer devices (and groups of devices). The phased roll out of patches can be achieved by a combination of modifying automatic approval rules over time and setting them up with delays.

Hierarchy & rule order

Patch approvals ensure that the patches a device is looking for or wants to download is legitimate and will not cause any issues or conflicts. Conflicts can occur when devices belong in multiple patching rules. When conflicting patch approval statuses are applied to a device from either a rule or a device level approval, precedence is given according to strict approval hierarchies outlined in the table below. It is best to have devices using only one rule.

Example of an Automatic Approval flow

Follow a visual example of what happens when new patches go through the automatic approval rules flow.

Example Scenarios

These example scenarios lay out the differences in automatic approval rules that have the same target versus ones that don't.