Categories

Windows Update Patch Policies and Schedules

You are here:

This document outlines BRITECITY’s default patching categories, schedules, and approval policies for all managed Windows Workstations and Servers. The patching strategy balances proactive security with operational stability, using severity- and classification-based rules for deployment.

See also: Daytime Patching

Patch Policy Overview

Patching policies are tailored to device type and structured to control:

  • When and how updates are installed
  • Reboot logic and whether user interaction is required
  • Severity-based installation logic
  • Classification-specific rules (e.g., Drivers, Feature Packs)
  • Deferred feature and quality updates based on ConnectWise NOC release timing

 

Windows Update Schedules & Policies

Machine Category Download & Install Schedule Reboot Window User Notification Update Assistant Mode Create Restore Point Baseline Patch Enforcement Feature/Quality Update Deferment
Workstations Nightly, 12–4 AM Sundays 8 PM–12 AM Ask > 24hr wait → Auto-allow (max 4×4hr snoozes) Managed – UI Disabled Yes Yes Deferred until released by ConnectWise NOC
Server Hosts Saturdays, 12–4 AM Saturdays, 5–6 AM No user notification Managed Yes Yes Deferred until released by ConnectWise NOC
Servers (VMs / Bare Metal) Sundays, 12–4 AM Sundays, 5–6 AM No user notification Managed Yes Yes Deferred until released by ConnectWise NOC

Windows Update Approval Matrix

Patch Category Workstations Servers
Security Updates Deploy (NOC Approved) Deploy (NOC Approved)
Critical Updates Deploy All Deploy Al
Updates Deploy All Deploy All
Feature Updates Deploy All Deploy All
Drivers Do Not Deploy Do Not Deploy
Feature Packs Deploy All Do Not Deploy
Update Rollups Deploy All Deploy All
Tools Deploy All Deploy All
OS Upgrade Off Off
Active Directory Rights Management Client Deny Severity-based
ASP.Net Web Frameworks Approve Severity-based
Bing Bar / Desktop / IME Deny Deny
CAPICOM Deny Approve
Definition Updates Approve Approve
Exchange Server Deny Approve
Microsoft Dynamics / Lync Server Deny Severity-based
Microsoft SQL Server / Works Deny Approve
Microsoft Office / Report Viewer Approve Approve
Silverlight / Service Packs Approve Severity-based
Skype for Windows Approve Deny
System Center Deny Severity-based

Severity-Based Settings

Severity Rating Workstations Servers
Unspecified Approve Approve
Low Approve Approve
Moderate Approve Approve
Important Approve Approve
Critical Approve Approve
CVSS Score > 1 Approve Approve
Jump to...