Patch Approval Actions
After running a scan, Patch Management for Windows reports back the device's patch status.
To allow full control over whether these patches are deployed, you can:
- Set the auto-approval action based on patch classification in the Patch Management Feature Policy.
- Configure actions for specific Patches down to the site level in the Management Workflow dialog.
- Choose what to do with individual patches on a device in the device's Manage Patches on Individual Devices through the Patches tab tab.
Hierarchy of Settings:
- The Device type level setting can be turned On or Off, establishing the base configuration for devices of that type (server / workstation).
- The Client level setting can be inherited (Use Parent) from the Device type level , allowing for consistent application across clients, or be set On or Off for particular clients.
- The Site level setting can be inherited (Use Parent) from the Client level, enabling streamlined management across multiple sites, or be set On or Off for particular sites.
- Individual device settings can be inherited from the Site level (Use Policy Setting), or be set On or Off, ensuring device-specific control when needed.
Approval actions
| Action | Description |
|---|---|
| Approve | Sets the patch as 'approved' for installation during next scheduled remediation run. |
| Ignore | Sets the patch as 'ignored', preventing it from installing in future remediation runs. As long as the patch remains in an 'ignored' state. |
| Do Nothing | Sets the patch to NOT have any Patch Approval Action apply to it. The patch status will instead reflect what is set in the applied Feature Policy. |