Configuring automatic Updating
Windows 7 organizes updates into the following broad categories:
- Important updates Includes critical updates, security updates, update rollups, and service packs for the operating system and programs that ship with the operating system
- Recommended updates Includes updates to drivers that are provided with the operating system and recommended optional updates
- Microsoft product updates Includes updates for other Microsoft products that are installed on the computer as well as new optional Microsoft software
- Point and print drivers Includes updates to drivers that provide client-side rendering capability
Note By default, Windows Update includes updates to Web compatibility lists from Microsoft. Sites listed are displayed in Compatibility view automatically. You can configure this feature by using administrative Templates policies for Computer Configuration under Windows Components\Internet explorer\Compatibility View.
When you are using Home, Ultimate, or professional editions of Windows 7, Windows Update continues to search for compatible point and print drivers if it fails to find any on the computer itself or on the Windows Update site. If the computer does not find a match, it attempts to create a mismatch connection by using any available driver that supports the hardware. However, when you are using Windows 7 enterprise edition, you must explicitly enable the extend point and print Connection To Search Windows Update policy to obtain the same behavior. This policy is found in administrative Templates policies for Computer Configuration under printers.
By default, Windows 7 is configured to automatically install important updates. You can configure automatic updates on a per-computer basis by completing the following steps:
- In Control Panel, click System And Security. Click Windows Update. This displays the Windows Update page.
- In the left panel, click Change Settings. This displays the Change Settings page.
- Specify whether and how updates should occur.
- If you've enabled updates and also want to install drivers and optional updates, select the Give Me Recommended Updates The Same Way I Receive Important Updates check box.
- If you want to allow standard users to install updates, select the Allow All Users To Install Updates On This Computer check box.
- If you want to get updates for Microsoft products and optional Microsoft software, select the Give Me Updates For Microsoft Products And Check For New Optional Microsoft Software When I Update Windows check box.
- Click OK.
In an Active Directory domain, you can centrally configure and manage automatic updates by using the Administrative Templates policies for both Computer Configuration and User Configuration under Windows Components\Windows Update. Table below summarizes the key policies.
Policies for Managing Automatic Updates
Policy | Function |
Allow Automatic Updates Immediate Installation | When enabled, this setting allows automatic updates to immediately install updates that do not interrupt Windows services or require the computer to be restarted. These updates are installed immediately after they are downloaded. |
Allow Non-Administrators To Receive Update Notifications | When enabled, this setting allows any user logged on to a computer to receive update notifications as appropriate for the automatic updates configuration. If disabled or not configured, only administrators receive update notifications. |
Automatic Updates Detection Frequency | When enabled, this setting defines the interval to be used when checking for updates. By default, computers check approximately every 22 hours for updates. If you enable this policy and set a new interval, that interval will be used with a wildcard offset of up to 20 percent of the interval specified. This means that if you set an interval of 10 hours, the actual polling interval would depend on the computer and be between 8 and 10 hours. |
Configure Automatic Updates | When you enable this setting, you can configure how automatic updates work using similar options to those described later in this tutorial. You can also schedule the installation |
Delay Restart For Scheduled Installations | By default, when a restart is required after an automatic update, the computer is restarted after a 15-minute delay. To use a different delay, enable this policy, and then set the delay time. |
Enable Client-Side Targeting | When enabled, this setting allows an administrator to define a target group for the current Group Policy object. Client-side targeting allows administrators to control which updates are installed on specified groups of computers. Before an update is deployed, it must be authorized for a particular target group. |
Enabling Windows Update Power Management To Automatically Wake Up The System To Install Scheduled Updates | When this policy is enabled and the computer is configured for automated, scheduled installation of updates, Windows Update uses the computer's power management features to wake the computer from hibernation at the scheduled update time and then install updates. This wake-up-and-install process does not occur if the computer is on battery power. |
No Auto-Restart With Logged On Users For Scheduled Automatic Updates Installations | When enabled, this setting specifies that the computer will not automatically restart after installing updates that require a restart if a user is currently logged on. Instead, the user is notified that a restart is needed. Restarting the computer enforces the updates. |
Re-Prompt For Restart With Scheduled Installations | When enabled and when automatic updates are configured for scheduled installation of updates, this setting ensures the logged-on user is prompted again after a set interval if a restart was previously postponed. If this setting is disabled or not configured, the default reprompt interval of 10 minutes is used. |
Remove Access To Use All Windows Update Features | When you enable this setting, all Windows Update features are removed. Users are blocked from accessing Windows Update, and automatic updating is completely disabled. |
Reschedule Automatic Updates Scheduled Installations | When enabled, this setting specifies the amount of time to wait after system startup before proceeding with a scheduled installation that was previously missed. |
Specify Intranet Microsoft Update Service Location | When enabled, this setting allows you to designate the fully qualified domain name of the Microsoft Update Services server hosted by your organization and of the related statistics server. Both services can be performed by one server. |
Turn On Recommended Updates Via Automatic Updates | When this policy is enabled, recommended updates, including those for drivers and other optional updates, are installed along with other updates. |
Be aware that it is still possible that an update could damage your system. Windows Update creates a restore point for your system before installing the available updates. If a problem does occur, you can always roll back a system to its state before the update (see "Installing and Removing Software," later in this tutorial).
In this tutorial:
- Windows 7 and Other software Up to Date
- Understanding Windows Live
- Updates versus upgrades
- Why updates are important
- Windows Update
- Windows Update: The essentials
- Types of Updates
- Completing an Update
- Configuring automatic Updating
- Windows Update Applet and Functions
- Manually Install Updates Using Windows Update
- Action Center
- Updates Do Not Install Properly
- Other Windows Update Settings
- Configuring Windows 7 Update to Use a Proxy Server
- Can't Find Hidden Update
- Viewing and Changing Installed Updates
- Can't Uninstall Current Update
- Upgrade Windows Anytime
- Understanding Windows Server Update Services
- Windows Update Policies
- Updating Drivers
- Using Device Manager to Update Drivers
- Windows Update Driver Settings
- Windows 7 Service Packs
- Basic Service Pack Information
- Installation of Service Packs
- Installing and Removing Software
- Installation via CD or DVD
- Problem Installing from Disc
- Installation via Downloaded Program
- Viewing and Changing Programs
- Uninstalling Software
- Compatibility Issues in 64-Bit Version
- Upgrade Issues with 64-Bit Windows 7
- Other Program Compatibility Issues
- Side-by-Side Installs and Virtual Registries
- Removing Updates from Windows 7
- Thwarting Exploits with DEP
- Microsoft Baseline Security Analyzer
- Picking Computers to Scan
- Vulnerability Checks
- Installing MBSA
- Running the MBSA
- Running the MBSACLI
- MBSACLI Location
- Running in an Isolated Environment
- Using Windows Server Update Services
- WSUS Updates
- WSUS Requirements
- Installing, Configuring, and Using WSUS
- Adding the Application Server and Web Server (IIS) Roles
- Installing the Report Viewer
- Installing WSUS
- Configuring Group Policy Settings for WSUS
- Creating a GPO to Configure Clients to Use WSUS
- Verifying That Clients Are Using GPO Settings for WSUS
- Verifying That Clients Are Using GPO Settings with GPResult
- Creating Computer Groups on WSUS
- Approving Updates in WSUS
- Viewing WSUS Reports