How do I automatically approve important updates from WSUS?
Solution 1:
My advice is to only configure Auto Approval rules for a limited set of Windows Updates, generally anything that is classified a Security Update, and only to a limited set of your servers and workstations.
You can then manually approve those updates for a wider set of your servers and workstations after a period of testing.
As an aside, be aware that there is a distinction between Classifications vs. Severity. Microsoft has helpfully reused the term 'critical' to refer to both a classification of Windows Update and a Severity Rating so you have Critical Updates that fix a specific problem that addresses a critical, non-security-related bug (Classification) and you have Security Updates that have Severity Rating of Critical. You will notice the same applied to Updates with a Severity of 'Important'.
My focus with Windows Update is primarily to ensure that security vulnerabilities are fixed, hence I only really have Auto Approval rules for Updates that are classified as Security Updates irregardless of their severity. If I find a Critical Update that needs to be deployed that is generally a one-off for our organization. I don't bother with any others.
Also be aware that Service Packs and Feature Rollups contain Security Updates along with a host of other things. You need to think very, very carefully about how you want to handle these Classifications of updates because of how much other stuff they include. Again, my organization's focus is on security vulnerabilities so we do not approve Service Packs or Update Rollups on any automatic or wide-spread basis unless we have a specific need to do so.
I would advise that you only auto approve Security Updates and you are more selective with Critical Updates but it is really what works best in your organization.
WSUS Auto Approval Rules
Solution 2:
I think the confusion isn't with the auto-approval process, but with Microsoft's terminology. Updates listed as important are really just Security Updates. That being said, there are multiple ways to approve these updates, whether you prefer GUI or powershell is up to you.
Also, remember that Critical Updates are non security related updates that MS has deemed critical. Critical security updates are listed as security updates with the Critical severity rating.