It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda RMM
formerly Managed Workplace
Overview Documentation Training Certification Materials

Applying Microsoft Patch Policies

  • Last updated on
Creating Rules to Automatically Include Devices

Automatic approval rules determine which devices are eligible to have the Microsoft patch policy applied. For example, if you are creating a patch policy for workstations only, you can set up an automatic approval rule to exclude devices with the word "server" in the OS name.

The approval rules do not come into effect until the patch policy has been applied, either by adding it to a service and then applying the service to a group or site or by adding it to a service in a service plan, which can also be applied to a group or site.

The process for setting up approval rules is the same for patch policies as it is for all other policy types (For example, monitoring, automation, and Avast Antivirus). For more detailed instructions on setting up automatic approval rules, including examples, see Creating Automatic Inclusion Rules for a Monitoring Policy.

  1. In Service Center, click Service Delivery Policies > Patching.
  2. Click the name of the patch policy to which you want to create an automation inclusion rule.
  3. Click the Automatic Application tab.
  4. Click Add.
  5. Do any of the following:

    • Select an option in the Type box.

      When adding devices using auto-application rules, you can create multiple rules that add devices when those devices meet those criteria. If you use the And operator, devices are added when they meet all the criteria you set up. If you use the Or operator, devices are added when they meet any of the criteria.

    • Select the criteria to search in the Rule box.

    • Select an operator in the Operator box.

    • Select an option in the Value box.

  6. Click Add.

  7. Repeat step 4 until the rule is complete.

  8. Click Save.

Adding Devices or Groups to a Patch Policy
  1. In Service Center, click Service Delivery Policies > Patching.
  2. Click the name of the patch policy to which you want to add devices or groups.
  3. Click the Manual Application tab.
  4. Do one of the following to apply the patch policy to a group or device:
    • In the Applied Groups area, click Add. Filter on the Group Type, if desired. Click the group and click OK.
    • In the Applied Devices area, click Add. Filter the list of devices. Select the check box beside the device and click OK.

You can view the patch policies applied to service and site groups on the Groups page, by going to Service Delivery > Groups, clicking the group name, and then clicking the Policies tab. For more information, see Viewing the Policies Applied to a Group.

Previewing Automatic Application Rules for Microsoft Patch Policies

After creating the automatic inclusion rules and defining a scope, you can preview the devices that will be included by the rules. Previewing lets you verify that the automatic application rules you created will add all the devices you want included.

  1. In Service Center, click Service Delivery Policies, then click the type of policy.
  2. Click the policy name.
  3. Click the Automatic Application tab.
  4. Click Preview.
  5. When you are finished previewing, click Close.
  6. If you are satisfied with the results, click Save.

The Auto-Application Preview page displays a list of devices, including information such as the site, IP Address, a description, and a green check mark to indicate whether it is SNMP- or WMI-enabled.

Removing Devices or Groups from a  Microsoft  Patch Policy
  1. In Service Center, click Service Delivery Policies > Patching.
  2. Click the name of the patch policy to which you want to add devices or groups.
  3. Click the Manual Application tab.
  4. Do one of the following:
    • To select one device or group at a time, select the check box that corresponds with each device you want to remove.
    • To select all the devices or groups at once, select the check box at the top of the column.
  5. Click Remove.
Excluding Devices from a Microsoft Patch Policy

You can exclude specific devices from a patch policy. When you add a device to the exclusion list, it will never have this patch policy applied, even if the device meets the criteria outlined in the automatic application rules, and the patch policy is applied to the site or group to which the device belongs.

  1. In Service Center, click Service Delivery Policies > Patching.
  2. Click the name of the patch policy from which you want to exclude devices.
  3. Click the Excluded Devices tab.
  4. Click Add.
  5. Use the filters at the top to narrow your selection, and click Filter.
  6. Select the check box beside each device you want to exclude from the policy.
  7. Click OK.
  8. Click Save.

 

You can exclude multiple devices in a site or group by selecting Site or Group from the Filter By list, and then selecting the check box at the top of the list of returned devices to exclude all devices listed.

Renaming a Microsoft Patch Policy

  1. In Service Center, click Service Delivery Policies > Patch.
  2. Click the name of the patch policy that you want to edit.
  3. Click Modify.
  4. Type a new name in the Policy Name box.
  5. Click Save.
Deleting a Patch Policy

When you delete a patch policy, you are removing Microsoft patch management from any devices that have the policy applied. If this patch policy has been included in a service, you should first ensure the service has another patch policy included before deleting this patch policy.

  1. In Service Center, click Service Delivery Policies > Patch.
  2. Select the check box beside the patch policy you want to delete.
  3. Click Delete.