> Patch Management > Add an automatic approval rule

Add an automatic approval rule

Automatic patch approvals ensure that typical system patches or system critical patches are downloaded and installed without waiting for review. Automatic approvals ensure that timely system and security critical patches are immediately approved when they become available so the customer's devices are safe and up-to-date. For more information, see Approving patches automatically with rules.

You configure patch approvals once you have configured a patch profile and applied it to a device using a rule.

  1. Click Configuration > Patch Management .
  2. In the Patch Approval area, click Automatic Approval, and click Add.
  3. Enter a name and description for the Patch Approval Rule.
  4. In the Products and Classifications section, select the classification of updates for the rule.
  5. Select products by clicking the pencil icon for a product and click Selected.
  6. To ensure that you select both the top level and the children under the top level, click the pencil icon and click Apply to Children.

  7. Click the Targets tab for a list of SO and Customer-level sites and rules.
  8. Select the pencil icon for the desired rule and select Approved for Install.
  9. You can select the top level to apply approvals across all Rules, however, SolarWinds MSP recommends that you perform your approvals against the patch rules you have created. You can review the list of patch enabled rules by going to Configuration > Patch Management.

  10. For each Rule, select the appropriate approval from the list.
  11. It is recommended that you do not select Perform Action Immediately unless it is a critical update that you are concerned about, as this will install auto-approved patches immediately, ignoring the installation schedule.

  12. Click Save.

With the new approval rule, when a patch for the selected product becomes available, MSP N-central will automatically download and install the patch on the customer's devices during the next patch install maintenance window.

If a patch is re-issued by Microsoft, Patch Manager remembers the existing approval status of patches to ensure that the approval you defined remains and you do not have to re-select and reset the approvals.

Some software patches require the target device be re-started to complete the installation. Until the target device is re-started, patches will be reported as Approved but not installed even after a successful installation.

After you set up automatic approvals, there will still be patches that are not covered by these Rules. You will need to perform some maintenance by manually approving and declining patches that are not covered by the automatic rules. For more information, see Approving patches manually.