locked
WSUS multiple Patches approval for specific group ? RRS feed

  • Question

  • Hi Team,

    I Need to approve multiple patches in WSUS ( 2012 R2) to specific group so what is the best way to make sure only it will approve to specif group?

    When i selected multiple patches and right client approve and it showing All groups inducing All computers and unassigned computer - Approval status - Keep existing approval. If i select specif group and approve for installed then it will installed patches for other group also? so i thought Selected all the patches and not approval for all computer and click ok and again select the same patches and it still showing same message "Keep existing approval"

    can you please help to approve patch each group in specifce time like 2nd week only test group 3rd week only Tets.

    As we have all the computer schedule is Thursday specific time so i need make sure  when i approve the test patches then it will approve only for test otherwise it will go for Dev and prod as we have schedul time the same.

    Looking for best option. thanks.


    • Edited by Rakpatel2 Monday, August 13, 2018 5:40 AM
    Monday, August 13, 2018 1:05 AM

All replies

  • Hello Rakpatel2,

     

    Glad to help.

     

    "If i select specif group and approve for installed then it will installed patches for other group also?"

     

    The important point is that, approval status is for computer group. The approve operation for a certain group will not affect the approval status of other groups. In other words, the approval status for other group will be "keep existing approval".

     

    So the answer is that it will not install patches for other group.

     

    "As we have all the computer schedule is Thursday specific time so i need make sure when i approve the test patches then it will approve only for test otherwise it will go for Dev and prod as we have schedul time the same."

     

    According to above conclusion, if you approve only for test, it will not go for Dev and prod. If updates work well on Test for a while, then you could approve them for Dev and prod.

     

    If needed, you could set up automatic approval for test group.

     

     

    Hope my answer could help you and look forward to your feedback.

     

    Best Regards,

    Ray Jia


    Please remember to mark the replies as answers if they help.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, August 13, 2018 5:49 AM
  • Thanks for your response.

    Okay. Two more question- 

    1)   i select from all update, filter:  approval - Any  Except decline and Status -Need and select all the update and right click , approve and first i need click on All computer and Remove all update , click ok and again go to approve and approve for installed on specific group. Is it must, first need to remove from all computer so it will not inherited to below group ?

    2) One more thing, when i select multiple patches and approve for specific group and again if i select same patches then i can not see previous group which i had already approved, is there any way to select same multiple patches and see which gorup already approved ?

    For auto approval - i also would like to go with that but here in current project Application team want .net - security and critical update only ( no update and update rollups) and for OS i'm approving Critical, Security , update and update roll-ups  so i cant use auto approval, Do you know any way i can customize to use auto approval in current situation ? 

    Appreciate for your time .Thanks 


    • Edited by Rakpatel2 Monday, August 13, 2018 12:16 PM
    Monday, August 13, 2018 11:26 AM
  • Hello,

     

    Thanks for your feedback.

     

    1. Select "Approved for Install" for specific group is enough, don't need any other operations for All Computer or other groups first, just leave their status as "Not approved" or "Keeping existing approval". The update would not be installed on them (unless you approve some before). Refer to following screenshot.

     

      

    2. I am afraid that your needs are not supported yet in the current WSUS version. You could only check the approval status by selecting an update at one time. However, it is easier in SCCM, in where you could add multiple updates into a certain group and deploy them to different device collection as your need, and you could check and modify the deployment easily.

     

    3. Using auto approval, you could automatic approve updates of specific classification and products for specific Group. You could create different rules for different purpose. Refer to following screenshots:

     

     

     

    Check if above rules could meet your needs.

     

    If this answer could help you, please mark it as answer.

     

    Look forward to your feedback.

     

    Best Regards,

    Ray Jia


    Please remember to mark the replies as answers if they help.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.



    Tuesday, August 14, 2018 2:35 AM
  • Thanks for you response.

    When we select multiple Patches and approve to some other group and after if i select the same patches then i can not see what group i had approve before , is it right? TO check which group patches approved i need to go each patch and see what group it was approved. 

    I think Auto approval rules i can use for my Test machines but i can not use for Dev and Production.

    Tuesday, August 14, 2018 11:07 AM
  • Hello,

    Yes. 

    Another method is that check "Status Report" of multiple updates. However, you also need select single update to check its approval status for different group in the report.



    Best Regards,

    Ray Jia  


    Please remember to mark the replies as answers if they help.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, August 15, 2018 1:42 AM