Approving Microsoft Patches for Installation

By default, patches are set to be Not Approved. If you don't approve a patch, it remains as Not Approved, which means it is effectively put on hold or ignored. In this case, the update will remain in the default list of available updates, but will not be installed.

You can approve the installation of updates for all the computers in your network or for different approval groups.

In the patches list, you can research what new Microsoft updates are available and approve them for use at your customer sites.

1. In Service Center, click Patch Management > Patch Approval.

2. To filter the patch list to display the patches you want to see, click the Advanced Filtering icon  and do any of the following:

   • Choose an option in Products and Classifications.

   • Choose an option in Patch Supersedence.

   • Choose an option in Release Date.

   • Type a patch name or part of a patch name in Title Contains.

   • Choose a patch status in Status.

   • Choose an approval status in Approval.

   • Choose a group in Approval Group.

   You can combine these filters to focus the list of patches. For example, if you choose a group in Approval Group and the status of Not Approved in Approval, you see a list of patches that have not been approved for that Approval Group. Or, if you choose the group All Computers in Approval Group and the status Needed in Approval, you see all the patches that are needed for a certain approval group.

3. Click Apply.

4. Do one of the following:

   • To select one patch at a time, select the check box of each patch for which you want to change the default approval setting.

   • To select all patches, select the check box in the column header.

5. Click Change Approvals.

6. Do one of the following:

   • To approve the update for all computers, from the Approval list select Install.

   • To approve the update for a specific approval group, in the Approval column, click the link and select Install from the list.

7. Do one of the following to set when the patch should be installed (Install has been selected from the Approval list):

   • To not set a deadline, ensure None is showing beside Deadline.
     Depending on how often the agent policy is set to check for updates (the default is every 22 hours), the device will install a patch when it checks into update services and gets the instruction to do so. The deadline is used to force the patch to be installed by a certain time in the event that the Notify for Download and Notify for Install or the Auto Download and Notify for Install option button is selected in the patch policy and the local user on the box delays the operation when the notification pops up.

   • To set a deadline but let users determine patch installation time, click None and ensure the Use client settings to determine patch installation time is selected and click OK.

   • To set a deadline but specify a patch installation time, click None and select the Install patch by the selected date and time. Then select the date and time and click OK.

   You can set a deadline in the past to force immediate installs.

8. Click OK.
   The patches are dealt with in the order that they appear on the Patch Approvals page. If any patches require you to accept or decline an End User License Agreement (EULA), you will be prompted before the patch is approved for installation. For example, you want to approve these patches:

   1.   7548456

   2.   7589456 (EULA)

   3.   7656585

   4.   7636958 (EULA)

   5.   7785483

See Also

• Declining Microsoft PatchesPreview

• Approving Microsoft Updates for RemovalPreview

• Automatically Approving Microsoft Patches for an Approval GroupPreview