Kaseya Community

Patch management policy question

  • Each patch policy can be viewed by classification or product. Both views allow you to set the default approval status. So the question is what happens when the classification default approval status is different form the product default? For example on the classification view, the default for critical security updates is set to approve. But on the product view the default for XP is deny. So when MS releases a new critical security update for XP, will the policy show the update as approved or denied?

    If you have a link to Kaseya documentation that explains how this works, please post. Thanks in advance.

    Legacy Forum Name: Patch management policy question,
    Legacy Posted By Username: tbokman
  • The deny will win.

    I had forgotten about the drop down to switch to 'by classification'. I had a bunch of policy groups set to APPROVE for the default status.

    I couldn't figure out why some of the patches would automatically approve and others would be set to pending.

    Turned out that the Classification grouping had a few areas set to Pending as the default approval policy.

    Pending is more restrictive then Approve, so it 'won'.

    You need to change BOTH to get your desired level of approve/pending/deny.

    Sorry, I don't have a link, just experience (trial by fire)

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: pdxkid
  • Thanks for the reply. I thought it worked that way but would be nice if it was documented somewhere in Kaseya. Smile

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: tbokman