Windows 7 / Getting Started

---

Windows Update Client

Whether a client computer is configured to retrieve updates directly from Microsoft or from a WSUS server on your intranet, the same client downloads and installs the updates: Windows Update. Windows Update can notify users automatically of critical updates and security updates available either at Microsoft or at a specified WSUS server.

The Windows Update client (implemented as both a service and a Control Panel application) in Windows 7 replaces the Automatic Updates client available in Windows 2000 Service Pack 3 (SP3), Windows XP Home Edition, Windows XP Professional, and Windows Server 2003. Both Windows Update in Windows 7 and Automatic Updates in previous platforms are proactive "pull" services that allow for automatic detection, notification, download, and installation of important updates. Both clients will even reboot a computer at a scheduled time to ensure that updates take effect as soon as possible.

The Windows Update client provides for a great deal of control over its behavior. You can configure individual computers by using the Control Panel\Security\Windows Update\Change Settings page. Networks that use Active Directory Domain Services (AD DS) can specify the configuration of each Windows Update client by using Group Policy. In non-AD DS environments, you also can configure computers by changing local Group Policy settings or by configuring a set of registry values.

Systems administrators can configure Windows Update to automatically download updates and schedule their installation for a specified time. If the computer is turned off at that time, the updates can be installed as soon as the computer is turned on. Alternatively, Windows Update can wake a computer from standby and install the update at the specified time if the computer hardware supports it. This will not work if a computer is shut down, however. Downloading updates will also not affect a user's network performance because the Windows Update agent downloads the updates by using BITS.

If complete automation is not acceptable, you can also give users control over when updates are downloaded and installed. The Windows Update client can be configured by using Group Policy to only notify the user that updates are available. The updates are not downloaded or applied until the user clicks the notification balloon and selects the desired updates. For more information, see the section titled "Windows Update Group Policy Settings" later in this tutorial.

After the Windows Update client downloads updates, the client checks the digital signature and the Secure Hash Algorithm (SHA1) hash on the updates to verify that they have not been modified.

If Windows Update is configured to download or check for updates automatically and if WSUS or Configuration Manager 2007 R2 is not being used to manage updates, the Windows Update client will always update itself automatically. This ensures that the Windows Update client will continue to function correctly.