All,
|
All,
|
Your approach is solid, and you are correct that approvals only apply to WSUS Target Groups. However, Patch Manager doesn't provide a way to manage WSUS Target Group memberships, except from an existing WSUS Target Group. So, you can use the report to identify the machines, but you'll need to select them from the existing group using Ctrl-Click in order to modify their existing group memberships. Another way you can approach this, though, is using the feature of the Update Management Wizard (UMW) to deploy a NotApproved update, by de-selecting the option to "include approved updates" on the options screen. Because the update is NotApproved, no client system can download/install the update on its own, but you can use the UMW to specifically target one or more systems for the installation of that update. |
Tested using UMW with these options in the vm environment and it worked perfectly. Also, I while not moving computers around in groups, I can still somewhat “keep up” with who is getting patched by using the task history (even exporting this list as a spreadsheet). Should things go awry, I’ll at least have a list of what machines were patched.
|
Also, those systems will report the package as Installed, even though it's NotApproved. From the Third Party Updates view, select the update and use the Computer Summary tab to see the machines that have the update installed. |
True. In my particular case, I’m already seeing a lot of systems with this update that’s Not Approved, as this process was not really managed before. |
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.