Deny Patches in Default Policy From Centralized ITGLue KBIDs

Summary

The script will gather the KBIDs from the New Patch Deny Process and deny the patches listed.

Time saved by automation: 20 minutes

Sample Run

Dependencies

Proval IT Glue Documentation

Variables

@KBID@: Stores the output of the PowerShell query fetching the KBIDs from Proval IT Glue Documentation.
@ApprovalPolicyID@: Stores the ID of the default approval policy.

Process

Step 1: Add the KBIDs of the patches to be denied after the Patches_To_DENY: string under the URL Proval IT Glue Documentation. KBIDs should be comma-separated, with no spaces in between or after the IDs. As shown in the attached screenshots:
Step 1 Screenshot

Step 2: A PowerShell query will fetch those KBIDs to the script and store them under the @KBID@ variable.

Step 3: The default approval policy ID will be saved under the @ApprovalPolicyID@ variable.

Step 4: The script will fetch the hotfix ID for each KBID and deny those hotfix IDs for @ApprovalPolicyID@, regardless of the current state.

Output

The output can be checked from the Approval section of the patch manager.

Summary​

Sample Run​

Dependencies​

Variables​

Process​

Output​