Which takes precedence in WSUS, Automatic Approvals, or Manually Declined Updates?


I was wondering, which takes precedence, automatic approvals that would approve a botched update, or an administrator explicitly denying that same update?  In retrospect I vaguely remember when declining an update it warning me that its prior approvals would be removed.  Ordinarily I am not this micromanagement or OCD'ish, I just want to make sure that this is what actually happens because of the scope of potential problems.

Finally, does this approval get rescinded from a computer that the night prior has connected to WSUS and seen it as approved, but has the setting to not download or install without user intervention?  Like will the declined command, remove that update from the list on the local computer the following night (or whatever default time interval) when it next contacts the WSUS server?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JAN PAKULAICT Infranstructure ManagerCommented:
Decline and Approval are mutually exclusive, so if  an  update is declined -- it is declined. Nothing will change that.

Automatic Approvals are only applied at synchronization.

have a look on that


WSUS does not automatically decline superseded updates, and it is recommended that you do
not assume that superseded updates should be declined in favor of the new, superseding update.
Before declining a superseded update, make sure that it is no longer needed by any of your client
computers. The following are examples of scenarios in which you might need to install a
superseded update:
- If a superseding update supports only newer versions of an operating system, and some of
your client computers run earlier versions of the operating system.
-If a superseding update has more restricted applicability than the update it supersedes, which
would make it inappropriate for some client computers.
- If an update no longer supersedes a previously released update because of new changes. It
is possible that through changes at each release, an update no longer supersedes an update
it previously superseded in an earlier version. In this scenario, you will still see a message
about the superseded update, even though the update that supersedes it has been replaced
by an update that does not.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CnicNVAuthor Commented:
Ok perfect, this was what I was after.  Just wanted to be sure.

Thanks a lot.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.