One of application departments will not allow any patches to be deployed to their systems until the software vendor has approved the patches. Usually, this creates about a one month delay in patching between the patch's release date and when it can be deployed to those servers. The rest of our servers are patched weekly with all currently applicable patches.
We use the "Do Not Patch" function to block unapproved patches to those systems until the approval comes through. This works well, but managing the items that need to be added or removed from that status is a nightmare. Unless I'm missing something, when we add patches to the Do Not Patch status, we have to select each patch individually and click the Do Not Patch button, and follow the wizard that shows up. I don't see any way to add or remove more than one patch at a time to this status, as selecting more than one patch makes the button 'gray-out', as seen below:
This takes a considerable amount of time having to do it one patch at a time, especially if a large number of patches are released. Additionally, it takes even more time to remove the patches from the status, as the same process needs to be done when patches are approved and need to be deployed to the group.
Why doesn't this function the same way as other options, such as Update Cache or the Deploy button? Neither of those require you to select one patch at a time and the Do Not Patch function shouldn't either.
If anyone knows any other way around this, please let me know. Thanks!