Pushing out specific Windows KB's

  • 16 February 2023
  • 1 reply



I am working on a set of policies when zero day patches happen. Something I could not figure out is how to target multiple specific patches in one policy. I did create multiple advanced polices targeting the patches and ran those. Is there something that I missing or is there a better way to do this. 


Best answer by JohnG-Automox 16 February 2023, 14:12

View original

1 reply

Userlevel 3

Hi Walker,


The Patch Only policy will allow you to target multiple KBs using the Package Targeting filter.  

You can add as many packages as you’d like to this list:

Please note that the KBs or packages must first be available for the devices in Windows Update before they will appear in the Package Targeting list.


This is a great way to separate out a Policy that only patches specific packages. The Windows Security Definitions, Servicing Stack, or Feature Updates are a great example of this!


You can learn more about the Patch Only policy here:


For out of band packages that are not available via Windows Update natively, you can use a custom worklet for enforcing deployment.

Here are some examples of that,


I hope this helps. Have a great day!