Join Brien Posey for an in-depth discussion in this video Configure automatic approval rules in WSUS, part of Windows 10: Plan and Implement Software Updates.
- [Instructor] Although the Windows Server Update Services do allow you to approve updates manually, you can also create automatic approval rules. This frees you from the tedious task of having to approve or deny individual updates. So the way that you create an automatic approval rule is by going through the console and clicking on Options. And you'll notice that within Options we have an option here called Automatic Approvals. I'm going to go ahead and click on that. And this takes me into the Automatic Approvals dialog box.
Now there is a default automatic approval rule, but this rule doesn't run automatically. This is something that you have to make a conscious decision to implement, and the way that you would do that is by selecting this check box and then clicking on Run Rule. But what is this automatic approval rule? Well, if you look down here in the Rule Properties section, you can see that the basic criteria that make up this rule is that when an update is in critical updates or security updates, then the rule will automatically approve the update for all computers.
Now that's great but you can create your own rule. You don't have to use the default automatic approval rule. So if you want to create your own rule, then what you would do is click on New Rule and this brings up the Add Rule dialog box. So the first step is to select the rule properties. And we have a few different options here. We have when an update is in a specific classification, when an update is in a specific product, or when you want to set a deadline for the approval. So let's take a look at when an update is in a specific classification.
I'm going to select the corresponding checkbox and you'll notice that when I do that, text down here is populated. So now we have when an update is in and then it says any classification. But any classification is hyperlinked meaning that we can click on this and choose specific classifications. So I'm going to click on Any classification and here we have all the various classifications that are available to us. So if I ran this rule right now, it would automatically approve all classifications of updates. And we probably don't want to do that.
So what you can do instead is clear the all classifications checkbox and then just pick the classifications that you want to automatically approve. Maybe you want to automatically approve security updates, critical updates, and maybe update rollups. So I'll click okay and then you'll notice that the text here changed to reflect our selections. The next thing that we have is down here, Approve the update for all computers. So right now if I were to run this rule, then any critical updates, security updates, or update rollups would be automatically approved for every computer that WSUS is aware of.
But we can be a bit more selective. So what I'm going to do is click on all computers and when I do that, what we're taken to is a list of our computer groups. Now all computers and unassigned computers are default groups. Windows Server 2016 and WSUS, those are custom groups that I created. So if you create a custom group structure, that custom group structure is going to be exposed right here. So if I wanted to only automatically approve updates for the Windows Server 2016 crew, then what I would do is clear the all computers checkbox, select the Windows Server 2016 checkbox and click okay.
So now if we take a look at our rule, it says when an update is in, critical updates, security updates, and update rollups, approve the update for the computers in the Windows Server 2016 group. The last thing that we have to do is specify a name for the rule that we're creating. I'm going to call this Updates for Windows Server 2016, and of course you would probably want to be a bit more descriptive in a real world environment.
I'm going to click okay and I'll click okay one more time. And so now our rules should have been created. I'm going to click on Automatic Approvals and now we can see that we have our default rule but we also have the updates for Windows Server 2016. And if I wanted to run that rule, I would simply select the checkbox and click Run Rule. So that's how you create automatic approvals in the Windows Server Update Services.
- Deploying updates manually
- Monitoring deployments
- Configuring automatic deployment rules
- Analyzing log files
- Approving and declining updates in Intune
- Deploying software from SCCM, WSUS, and Intune