Home » Patch Approval Settings

Patch Approval Settings

The Test and Approve feature

Endpoint Central allows you to automate the patch deployment process, from identifying the missing patches, to deploying them to the required computers. Besides the evaluation performed the Endpoint Central, if the IT admins wishes to re-evaluate the compatibility or integrity of the patches, you can leverage Endpoint Central's "Test and Approve" feature to achieve it.For example, there might be cases where you would like to test a critical patch in few computers before rolling it out to the entire network to avoid any disruption in service. Our patch module allows you to create test groups to test those patches before approving them.

To configure the Patch approval process,

  • Navigate to the product web console -> Patch Mgmt -> Deployment -> Test and approve settings -> Patch Approval Status.
  • In Patch Approval Status, click Modify and select Test and Approve option.
  • Select the approval status for existing patches
  • Create a test group to test the patches before approval. The patches will be tested on the devices in this group. Once the testing is completed successfully, the patches can be deployed to the managed devices.

Patch Approval Settings

You can choose one of the below mentioned modes: 

Automatically approve all patches without testing

All the patches will be approved automatically, which means all the approved patches will be deployed using Automated Patch Deployment. If you want to ignore deploying a specific patch, then you will have to decline the patch manually.

Test and approve patches

This feature allows you to create test groups to test the patches before approving them. You will have to create test groups for each platform separately. It is recommended to create a test group, which contains all the major versions of the OSs, so that the testing could be effective. Once the patches are successfully downloaded and deployed automatically to the test groups, you can choose to approve them either manually or automate the approval process. If the patch deployment has failed, then the patches will not be approved. When a patch is not approved, those patches will not be deployed using Automated Patch Deployment tasks. You can either deploy them manually or approve it, for the deployment to happen.

Manually approve tested patches

After testing the patches, you can choose to approve the tested patches manually. You can click the test group to view the details on the patches which are successfully tested and are waiting for approval, those patches will be marked as "Not Approved". You will have to choose them manually and approve it, if the deployment needs to be automated. Note that, the Automated Patch Deployment ignores the "Not Approved" patches in its deployment cycle. If they are not approved, then you will have to deploy them manually.

Approve tested patches automatically

Once the patches are successfully deployed to the test group, you can configure a time interval for the patches to be approved. This will allow you to identify the stability of the patches once they are deployed. Assume a patch is tested successfully and it has no adverse effects for 7 days after deployment, then you can choose to approve those patches. When those patches are approved, they become available for Automated Patch Task and are deployed to the complete network. This time delay for approval is completely optional and provides you an extra buffer time before approving the patches.

Change "Automatic Approval" to "Test and Approve"

If you change the approval settings from automatic approval to test and approve, you will have to create a test group for testing the patches and the testing process remains the same as explained above. Once the patches are tested, you can choose to approve the patches either manually or automatically.

Change "Test and Approve" to "Automatic Approval"

All the test groups that you have created will be removed. All the patches will be approved by default.