An approved status for a patch means that, according to the network administrator, it is a valid and trusted update. The approved status also indicates that when a patch is deployed, it will be an optimal fit for the systems within that network and will also behave in the predictable manner as intended by the vendor.
Patch Manager Plus has the capability of automating the entire patch deployment process, from identifying the missing patches to dispatching them to the relevant endpoints. It is a prerequisite that a patch is approved for it to be eligible for automated deployment.
There are three ways to approve patches in Patch Manager Plus and they are as follows:
Follow the steps given below to manually approve specific patches:
For all the newly released patches to be approved, immediately after their addition to the database, follow these steps in order to configure the settings:
By default, all newly released patches will then display as approved. However, if you want to ignore a specific patch, then you will have to decline the patch manually.
It is best practice to choose the approval mode as 'Test and Approve' as it offers the following benefits:
With Patch Manager Plus, the test and approval phase can be fully or semi-automated. Given below is a summary of the automated 'Test and Approve' process:
|: Since the approval method is 'Test and approve' all newly released patches will by default, be displayed as 'Unapproved'.|
In the next section, detailed steps will be provided on how to automatically test and approve patches, starting from creating a test group to approving the patches for deployment.
Watch the below video to know how to automate patch testing
With the Custom Groups feature, a group of client systems can be created for the purpose of testing patches.
For the testing method to be effective, it is recommended that the machines in the test groups have all the features that are present in the machines in the rest of the network to which the patches will be deployed. These features include OS versions, third-party applications as well as hardware components.
Follow these steps for formulating a test group:
After a test group has been created, follow the steps given below in order to create a test group deployment task:
|: Separate test groups have to be created for each platform (Windows, Mac, Linux).|
If a patch is downloaded and installed automatically in at least one of the systems in the test group, and has not failed in any of the other systems, then it satisfies the primary requirement for automatic approval.
In addition, you can configure the settings such that the automatic approval occurs either immediately or after a certain number of days. Patch Manager Plus only checks for successful installation. Therefore, postponing the automatic approval by a specific number of days after testing, can provide insight about the stability of the patch in the various production environments.
After the patches have been deployed to the systems within the test group, you can click the test group to view the details on the patches which are successfully tested and are waiting for approval. Then, you can choose to manually approve the patches. However, if the test results showed that certain patch is unfit for your network, you can also manually decline those patches.
The automated test and approval is only available in the Enterprise edition. The methods of patch approval in the Professional edition are: