> Patch Management > Approving patches manually

Approving patches manually

Manually approving patches ensures that typical system patches or system critical patches are downloaded and installed after reviewing that they are safe for the customer's environment. By manually approving patches you ensure that only the system and security critical patches needed by a customer, and fully tested patches, are downloaded and installed.

You configure patch approvals once you have configured a patch profile and applied it to a device using a rule.

There are two ways you can manually approve patches: by patch or by device. Approving by patch ensures that new devices will have previously approved patches applied. Approving by device is useful in Break/Fix situations or exclusions.

SolarWinds MSP recommends manually approving by patch.

Third party software patches are not incremental. This means that configuring a third party patch as Approved for Removal in MSP N-central will remove the entire application from the device and not just the software patch itself.

Patch approval by patch

Approving individual patches provides a way for you to approve or decline patches through Rules associated to devices.

Outstanding patches are those that have an Existing Approval status of No Approval because no approval decision has been made.

  1. Click Configuration > Patch Management.

  2. In the Patch Approval section, click By Patch.
  3. Select the Show Device Counts check box at the top of the screen to identify which patches are currently outstanding.
  4. Patches with an Existing Approval value of Approved for Install, Mixed, or Declined may have some devices still needing the patches listed underneath them that have not been approved. Using Show Device Counts clarifies this situation.

  5. On the right-hand side of the screen, click Show Filter to identify patches by a classification that may not have automatic approval. You can filter on patch products as well as status. On the bottom of the filter window, click the Products tab.
  6. Select the desired patches and click Next.
  7. Only select Perform Action Immediately to install the patch right away and not follow the patching schedule. Use this option only if you are approving one or two critical patches.

  8. In the New Approval column, click the pencil icon to select the new approval property.

    Third party software patches are not incremental. This means that configuring a third party patch as Approved for Removal will remove the entire application from the device and not just the software patch itself.

  9. Click Next, and if applicable, the EULA for the selected patches will open to accept the agreement.
  10. Click Next and review the list of approvals to confirm that the configuration is correct.
  11. Click Finish.

During the patch maintenance window, MSP N-central will download and install the selected approved patches.

Patch approval by device

Approving patches by device enables you to approve specific patches to specific devices. When you click By Device, the wizard starts on the device screen displaying a list of all Microsoft Windows systems that have Patch Management enabled.

SolarWinds MSP recommends that you manage Patching through Rules. Patch approval by device should only be used for individual devices that cannot have a specific patch applied.

Outstanding patches are those that have an Existing Approval status of No Approval, which means no approval decision has been made.

  1. In the navigation pane, click Configuration > Patch Management.
  2. In the Patch Approval section, click By Device.
  3. Select the devices you would like to patch and click Next.
  4. Select the Show Device Counts check box at the top of the screen to identify which patches are currently outstanding.
  5. Patches with an Existing Approval value of Approved for Install, Mixed, or Declined may have some devices still needing the patches listed underneath them that have not been approved. Using Show Device Counts clarifies this situation.

  6. On the right-hand side of the screen, click Show Filter to identify patches by a classification that may not have automatic approval. You can filter on patch products as well as status. On the bottom of the filter window, click the Products tab.
  7. Select the check boxes for the patches to install and click Next.
  8. Select the desired patches and click Next.
  9. Only select Perform Action Immediately to install the patch right away and not follow the patching schedule. Use this option only if you are approving one or two critical patches.

  10. In the New Approval column, click the pencil icon to select the new approval property.

    Third party software patches are not incremental. This means that configuring a third party patch as Approved for Removal will remove the entire application from the device and not just the software patch itself.

  11. Click Next, and if applicable, the EULA for the selected patches will open to accept the agreement.
  12. Click Next and review the list of approvals to confirm that the configuration is correct.
  13. Click Finish.

During the patch maintenance window, MSP N-central will download and install the selected approved patches.

Patch status and approval values

The patch status is a combination of the individual patch status values across all applicable devices. The combined Status value can be one of:

  • Failed
  • Needed
  • Installed
  • Not Needed

The highest-ranked of these statuses found on any device will be reported as the combined status for the patch. For example, if one device had a status of Failed, while two other devices have a status of Needed, the patch would have an overall combined status of Failed.

The Existing Approval value of each patch is a combination of the individual Approval values of that patch across all computer groups. The Approval values are combined as:

  • Approved for Install + Approved for Removal = Mixed
  • Approved for Install + Declined = Mixed
  • Approved for Removal + Declined = Mixed
  • Approved for Install + Not Approved = Approved for Install
  • Approved for Removal + Not Approved = Approved for Removal
  • Declined + Not Approved = Declined