Patch approval by device
By manually approving patches you ensure that only the system and security critical patches needed by a customer, and fully tested patches, are downloaded and installed. Approving patches by device enables you to approve specific patches to specific devices. When you click By Device, the wizard starts on the device screen displaying a list of all Microsoft Windows systems that have Patch Management enabled.
SolarWinds MSP recommends that you manage Patching through Rules. Patch approval by device should only be used for individual devices that cannot have a specific patch applied.
Outstanding patches are those that have an Existing Approval status of No Approval, which means no approval decision has been made.
- In the navigation pane, click Configuration > Patch Management.
- In the Patch Approval section, click By Device.
- Select the devices you would like to patch and click Next.
- Select the Show Device Counts check box at the top of the screen to identify which patches are currently outstanding.
- On the right-hand side of the screen, click Show Filter to identify patches by a classification that may not have automatic approval.
Patches with an Existing Approval value of Approved for Install, Mixed, or Declined may have some devices still needing the patches listed underneath them that have not been approved. Using Show Device Counts clarifies this situation.
The search field employs a number of operators to enhance the search capability of the filter such as the operators "%", "*" and "?". The filter feature uses case-insensitive POSIX regex to search in the KB Number, Patch Name, and Patch Description fields.
4041?8?returns patch numbers 4041687 and 4041085.
^40to search for a patch starting with 40.
41$to search for patches ending with 41.
For more options, see section 22.214.171.124, Regular Expression Escapes in the PostgreSQL documentation at https://www.postgresql.org/docs/9.3/static/functions-matching.html.
You can also filter on patch products as well as status. On the bottom of the filter window, click the Products tab.
Some Microsoft patches do not accurately report their product. To cover this situation, click the Product filter option and click Product Unknown. Combined with a keyword, you can automatically approve patches where the product has not been defined by Microsoft.
Only select Perform Action Immediately to install the patch right away and not follow the patching schedule. Use this option only if you are approving one or two critical patches.
In the New Approval column, click the pencil icon to select the new approval property.
Third party software patches are not incremental. This means that configuring a third party patch as Approved for Removal will remove the entire application from the device and not just the software patch itself.
During the patch maintenance window, SolarWinds N-central downloads and installs the selected approved patches.
Patch status and approval values
The patch status is a combination of the individual patch status values across all applicable devices. The combined Status value can be one of:
- Not Needed
The highest-ranked of these statuses found on any device will be reported as the combined status for the patch. For example, if one device had a status of Failed, while two other devices have a status of Needed, the patch would have an overall combined status of Failed.
The Existing Approval value of each patch is a combination of the individual Approval values of that patch across all computer groups. The Approval values are combined as:
- Approved for Install + Approved for Removal = Mixed
- Approved for Install + Declined = Mixed
- Approved for Removal + Declined = Mixed
- Approved for Install + Not Approved = Approved for Install
- Approved for Removal + Not Approved = Approved for Removal
- Declined + Not Approved = Declined