Precedence rules for applying policies

By creating multiple patch policies and patch policy exceptions that are either directly attached to a server or attached to a group of servers, you control the patches that should be installed or not installed on a server. A precedence hierarchy in Patch Management delineates how a patch policy or a patch policy exception is applied to a patch installation. This hierarchy is based on whether the patch policy or patch policy exception is attached at the server or device group level.

The following precedence rules apply to policies and exceptions:

  • Patch policy exceptions that are directly attached to a server always take precedence over patch policies that are directly attached to a device group.
  • Patch policies that are directly attached to a server take precedence over patch policies and patch policy exceptions that are attached to a public device group.
  • Patch policy exceptions that are attached to a public device group take precedence over patch policies that are attached to a public device group.
  • If a server is in multiple public device groups, a Never Installed patch policy exception type always take precedence over an Always Installed patch policy exception type for the same patch.