none
Auto Approve WSUS Updates RRS feed

  • Question

  • Hi

    Can anyone recommend if its a good idea to set WSUS to auto approve updates? Specifically security and critical updates. 

    Thanks

    Shane 

    Friday, June 5, 2015 9:40 AM

Answers

  • Hi

     I always prefer to set auto approve for security&critical updates for clients.But don't prefer this for servers cause of restart needed.

    Also you can check this detailed best practice article about wsus

    https://technet.microsoft.com/en-us/library/cc720525(v=ws.10).aspx

    Friday, June 5, 2015 9:56 AM
  • Hi

    Can anyone recommend if its a good idea to set WSUS to auto approve updates? Specifically security and critical updates. 

    Thanks

    Shane 

    I would say you already know the answer to this question depending on your existing attitude to patching. If you are happy to install updates shortly after they are released then you can set them to auto approve. If you prefer to wait and see if there are any issues reported with updates prior to deciding if you want to roll them out then do not set auto approval.

    As stated above you can customise this with different policies for clients and servers by placing them each in separatre WSUS groups and setting the auto approval rules accordingly.

    Friday, June 5, 2015 2:21 PM

All replies

  • Hi

     I always prefer to set auto approve for security&critical updates for clients.But don't prefer this for servers cause of restart needed.

    Also you can check this detailed best practice article about wsus

    https://technet.microsoft.com/en-us/library/cc720525(v=ws.10).aspx

    Friday, June 5, 2015 9:56 AM
  • Hi

    Can anyone recommend if its a good idea to set WSUS to auto approve updates? Specifically security and critical updates. 

    Thanks

    Shane 

    I would say you already know the answer to this question depending on your existing attitude to patching. If you are happy to install updates shortly after they are released then you can set them to auto approve. If you prefer to wait and see if there are any issues reported with updates prior to deciding if you want to roll them out then do not set auto approval.

    As stated above you can customise this with different policies for clients and servers by placing them each in separatre WSUS groups and setting the auto approval rules accordingly.

    Friday, June 5, 2015 2:21 PM
  • Thank you for the reply.

    My main concern with auto approval was if there was any issues once the update had been auto approved for all computers. Does anyone have any suggestions on say auto approving for one group of computers, waiting a week then approving for the remaining group? I have about 20 groups in WSUS and about 600 computers so trying to work out the best way to manage them. 

    Wednesday, June 17, 2015 8:39 AM
  • Hi

     this is ideal,as you said create test group on WSUS console,and move several pc in this group,if the updates do not cause a issue,you could apply this updates on your current groups.

    Wednesday, June 17, 2015 8:58 AM
  • Hi, in our environment we have two kind of computer group : Prod and Test

    We automatically approve Security updates in Test Groups and If all goes smooth, I approve in Prod Group.


    David COURTEL

    IT Technician

    Wsus Third-Party Softwares Publishing : Wsus Package Publisher

    Outlook 2013 PST Backup : Pst Backup 2013

    Wednesday, June 17, 2015 9:09 AM