Home » Features >> Patch Approval Settings
srch-icn
 

Patch Approval Settings

Endpoint Central MSP allows you to automate patch deployment process, from identifying the missing patches, to deploying them to the required computers. There might be cases where you would like to test a critical patch in few computers before rolling it out to the entire network. Endpoint Central MSP   allows you to create test groups to test those patches before approving them. This feature is available only for customer running Endpoint Central MSP  build # 92092 and later versions and Enterprise Edition.

  • If you are using Endpoint Central professional edition or build # lower than 92092, follow these steps.

    For Enterprise Edition and build # 92092 & later versions

    Patch approval process can be performed from, Endpoint Central web console -> Patch Mgmt -> Deployment -> Test and approve settings. You can choose one of the below mentioned mode:

    Automatically approve all patches

    All the patches will be approved automatically, which means all the approved patches will be deployed using Automated Patch Deployment. If you want to ignore deploying a specific patch, then you will have to decline the patch manually.

    Test and approve patches

    This feature allows you to create test groups to test the patches before approving them. You will have to create test groups for each platform separately. It is recommended to create a test group, which contains all the major versions of the OSs, so that the testing could be effective. Once the patches are successfully deployed to the test groups, then you can choose to approve them either manually or automate the approval process. If the patch deployment has failed, then the patches will not be approved. When a patch is not approved, those patches will not be deployed using Automated Patch Deployment tasks. You can either deploy them manually or approve it, for the deployment to happen.

    Manually approve tested patches

    After testing the patches, you can choose to approve the tested patches manually. You can click the test group to view the details on the patches which are successfully tested and are waiting for approval, those patches will be marked as "Not Approved". You will have to choose them manually and approve it, if the deployment need to be automated. If they are not approved, then you will have to deploy them manually.

    Approve tested patches automatically

    Once the patches are successfully deployed to the test group, you can configure a time interval for the patches to be approved. This will allow you to identify the stability of the patches once they are deployed. Assume a patch is tested successfully and it has no adverse effects for 7 days after deployment, then you can choose to approve those patches. When those patches are approved, they become available for Automated Patch Task and are deployed to the complete network. This time delay for approval is completely optional and provides you an extra buffer time before approving the patches.

    Change "automatic approval" to "test and approve"

    If you change the approval settings from automatic approval to test and approve, you will have to create a test group for testing the patches and the testing process remains the same as explained above. Once the patches are tested, you can choose to approve the patches either manually or automatically.

    Change "test and approve" to "automatic approval"

    All the test groups that you have created will be removed. All the patches will be approved by default.

    For Professional Edition and build # lower than 92092

    Endpoint Central allows you to automate patch deployment from identifying the missing patches and to deploy them on to the required computers. The automation is done irrespective of the patches and applications. There might be cases where you would like to test a critical patch in few computers before rolling it out to the entire network. In such cases, you can choose to approve the patches manually. Only the patches that are approved will be deployed via Automated Patch Management. Patch Approval process can be automated or patches can be approved manually. Patch approval process can be performed from, Endpoint Central MSP web console -> Patch Mgmt -> Settings -> Approval Settings.  This section explains you on the following:

    Automatic Patch Approval process

    All the patches will be approved by default, which means all the patches will be deployed through "Automated Patch Deployment Tasks". If you want to restrict a specific patch from being deployed, then you will have to decline it manually.

    Manual Patch Approval process

    By enabling this option, you will have to choose the specific patch/application to be marked as Approved. Only the patches that are approved, can be deployed via Automated Patch Management. When you choose "manual approval", all the patches will be marked as "Not Approved" by default and you will have to choose to decline or approve patches.

    Change Patch Approval Settings from "Automatic" to "Manual"

    When the Patch Approval settings is changed from "Automatic" to Manual mode, users will be provided with the following options:

    Retain the Approval status of the Existing Patches

    You can choose to retain the existing Approval status of the patches, which means the patches that are marked as "Approved" will be retained as Approved. Patches  that were marked as "Declined" will be retained as "Declined". All the patches that are discovered henceforth will be marked as "Not Approved".

    Mark the Existing patches as "Not Approved"

    By choosing this option, all the patches other than "Declined Patches" will be marked as "Not Approved".  All the patches that are discovered henceforth will be marked as "Not Approved", you can choose to decline the patches manually.

    Change Patch Approval Settings from "Manual" to "Automatic"

    When the Patch Approval settings is changed from "Manual" to "Automatic" mode, all the patches except "Declined" patches will be marked as Approved. Patches that are discovered henceforth will be marked as "Approved" automatically.