How Can We Help?
Windows Update Patch Policies and Schedules
This page outlines the default categories within the briteCITY Patch Management Policy for all Windows Workstations and Servers managed by briteCITY.
Categories with a policy of “Severity-based” are installed depending on the SEVERITY level indicated by Microsoft for that patch, and the SEVERITY categories’ approval settings themselves, indicated near the bottom of the table below.
See also: Daytime Patching
Windows Update Schedules & Policies
| Machine Category | Schedule | Reboot Policy | Daytime Patching Enabled | Windows Update Assistant Mode | Install Missing Baseline Patches | Create Windows Restore Point | Windows 10 Service Branch | Defer Feature/Quality Updates |
|---|---|---|---|---|---|---|---|---|
| Workstations | Nightly, 1-3 AM | During WU, Ask then Deny | Yes | Managed Mode – UI Disabled | Yes | Yes | Semi-Annual Channel | 15/7 Days |
| Servers (Host) | Sat, 1-3 AM | During WU, Ask then Allow | No | Managed Mode | Yes | Yes | Semi-Annual Channel | 15/7 Days |
| Servers (VMs, “bare metal”) | Sun, 1-3 AM | During WU, Ask then Allow | No | Managed Mode | Yes | Yes | Semi-Annual Channel | 15/7 Days |
Windows Update Approval Policies
| Windows Patch Category | Workstations | Servers |
| Active Directory Rights Management Services Client 2.0 | Deny | Severity-based |
| ASP.Net Web Frameworks | Approve | Severity-based |
| Bing Bar | Deny | Deny |
| Bing Desktop | Deny | Deny |
| Bing IME | Deny | Deny |
| CAPICOM | Deny | Approve |
| Critical Updates | Approve | Approve |
| Definition Updates | Approve | Approve |
| Drivers | Deny | Deny |
| Exchange Server | Deny | Approve |
| Feature Packs | Deny | Deny |
| Microsoft Dynamics | Deny | Severity-based |
| Microsoft Lync Server | Deny | Severity-based |
| Microsoft SQL Server | Deny | Approve |
| Microsoft Works | Deny | Approve |
| Microsoft Office | Approve | Approve |
| Report Viewer | Approve | Approve |
| Security Updates | Approve | Approve |
| Silverlight | Approve | Severity-based |
| Service Packs | Approve | Severity-based |
| Skype for Windows | Approve | Deny |
| System Center | Deny | Severity-based |
| Tools | Approve | Approve |
| Update Rollups | Approve | Severity-based |
| Updates | Approve | Severity-based |
| Upgrades | Approve | Deny |
| SEVERITY | – | – |
| Unspecified | Approve | Approve |
| Low | Approve | Approve |
| Moderate | Approve | Approve |
| Important | Approve | Approve |
| Critical | Approve | Approve |
| Common Vulnerability Scoring System (CVSS) | Approve > 1 | Approve > 1 |