locked
Anyone using Automatic Approvals? RRS feed

  • Question

  • Hello,

    I have enable the Automatic Approvals option for certain targeted groups for critical/security updates, but does anyone have this set for all their OU's or Target groups or do you think this a bit risky?  I guess there is always a chance one of these updates is bad.

    Thanks

    Tuesday, June 13, 2017 3:23 PM

All replies

  • Hi,

    Not yet I enable Automatic Approvals, because I'm newer on Administration on WSUS, but I think 3 months I can able to do it, but not for my all workstations, because I have groups for tests and after release for my other computers, here we have more than 3k computers, so I can't think what problem I'll have if I release one update with problem for all this computers, so because it I prefer use tests groups.


    Tuesday, June 13, 2017 5:45 PM
  • I have a test group that all my updates get auto-approved for. They are 1 or 2 computers from every department. Once an update is installed and working for a week, I approve it to the rest of the network. Occasionally, depending on the update's severity, I'll immediately approve it to the whole network if it's vital enough to warrant the bypass.

    Adam Marshall, MCSE: Security
    http://www.adamj.org

    Wednesday, June 14, 2017 3:59 AM
  • In my opinion it totally depends on the criticality of the server/clients in your environment. There is no harm even if you auto approve Critical/Security updates, as approval is different than downloading and installing the updates. In our environment Critical/Security updates are auto approved for servers and clients both however GPO is different for servers (Auto download and notify for install) and Clients (Auto download and schedule the install) along with other policies (as per our requirement).

    Thanks! Sachin Kumar (MSCE, MCSA) | You can also reach me @ v-2sakum@hotmail.com

    Wednesday, June 14, 2017 4:59 AM
  • Auto approval will allow us to not have to approve and then select all the different target groups.

    It just means we can't test them before they are released, but what risk is that do you think?

    Wednesday, June 14, 2017 6:46 AM
  • Hi TB303,

    Sometimes, we will see others report that after installing updates, their environment will meet some issues. So, it's recommended to apply the updates to test environment before applying them to product environment.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, June 15, 2017 5:52 AM