Windows Update Group Policy Settings
You can configure Windows Update client settings using local or domain Group Policy settings. This is useful for the following tasks:
- Configuring computers to use a local WSUS server
- Configuring automatic installation of updates at a specific time of day
- Configuring how often to check for updates
- Configuring update notifications, including whether non-administrators receive update notifications
- Configuring client computers as part of a WSUS target group, which you can use to deploy different updates to different groups of computers
Windows Update settings are located at Computer Configuration\Administrative Templates \Windows Components\Windows Update. The Windows Update Group Policy settings are:
- Configure Automatic Updates Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. You also use this setting to configure whether the updates are installed automatically and what time of day the installation occurs.
- Specify Intranet Microsoft Update Service Location Specifies the location of your WSUS server.
- Automatic Updates Detection Frequency Specifies how frequently the Automatic Updates client checks for new updates. By default, this is a random time between 17 and 22 hours.
- Allow Non-Administrators To Receive Update Notifications Determines whether all users or only administrators will receive update notifications. Non-administrators can install updates using the Windows Update client.
- Allow Automatic Updates Immediate Installation Specifies whether Automatic Updates will install updates immediately that don't require the computer to be restarted.
- Turn On Recommended Updates Via Automatic Updates Determines whether client computers install both critical and recommended updates, which might include updated drivers.
- No Auto-Restart For Scheduled Automatic Updates Installations Specifies that to complete a scheduled installation, Automatic Updates will wait for the computer to be restarted by any user who is logged on instead of causing the computer to restart automatically.
- Re-Prompt For Restart With Scheduled Installations Specifies how often the Automatic Updates client prompts the user to restart. Depending on other configuration settings, users might have the option of delaying a scheduled restart. However, the Automatic Updates client will remind them automatically to restart based on the frequency configured in this setting.
- Delay Restart For Scheduled Installations Specifies how long the Automatic Updates client waits before automatically restarting.
- Reschedule Automatic Updates Scheduled Installations Specifies the amount of time for Automatic Updates to wait, following system startup, before proceeding with a scheduled installation that was missed previously. If you don't specify this amount of time, a missed scheduled installation will occur one minute after the computer is next started.
- Enable Client-Side Targeting Specifies the group to which the computer is a member. This option is useful only if you are using WSUS; you cannot use this option with SUS.
- Enable Windows Update Power Management To Automatically Wake Up The System To Install Scheduled Updates If people in your organization tend to shut down their computers when they leave the office, enable this setting to configure computers with supported hardware to start up automatically and install an update at the scheduled time. Computers will not wake up unless there is an update to be installed. If the computer is on battery power, the computer will return to Sleep automatically after 2 minutes.
Additionally, the following two settings are available at the same location under both Computer Configuration and User Configuration:
- Do Not Display 'Install Updates And Shut Down' Option In Shut Down Windows Dialog Box Specifies whether Windows XP with SP2 or later versions shows the Install Updates And Shut Down option.
- Do Not Adjust Default Option To 'Install Updates And Shut Down' In Shut Down Windows Dialog Box Specifies whether Windows XP with SP2 or later versions automatically changes the default shutdown option to Install Updates And Shut Down when Automatic Updates is waiting to install an update.
Finally, the last user setting is available at Administrative Templates\Windows Components \Windows Update:
- Remove Access To Use All Windows Update Features When enabled, prevents the user from accessing the Windows Update interface.
You should create separate Group Policy objects for groups of computers that have different update installation requirements. For example, if you deploy updates to the IT department first as part of a pilot deployment, IT computers should have their own Group Policy object with settings that place them in a specific WSUS target group for the pilot project.
In this tutorial:
- Managing Software Updates
- Methods for Deploying Updates
- Windows Update Client
- Windows Server Update Services
- System Center Configuration Manager 2007 R2
- Manually Installing, Scripting, and Removing Updates
- Overview of Windows 7 Update Files
- How to Script Update Installations
- How to Remove Updates
- Deploying Updates to New Computers
- Other Reasons to Use a Private Network for New Computers
- Managing BITS
- BITS Behavior
- BITS Group Policy Settings
- Configuring the Maximum Bandwidth Served For Peer Client Requests Policy
- Managing BITS with Windows PowerShell
- Windows Update Group Policy Settings
- Configuring Windows Update to Use a Proxy Server
- Tools for Auditing Software Updates
- The MBSA Console
- MBSACLI
- Scheduling MBSA
- Troubleshooting the Windows Update Client
- The Process of Updating Network Software
- Assembling the Update Team
- Inventorying Software
- Creating an Update Process
- Discovering Updates
- Evaluating Updates
- Speeding the Update Process
- Retrieving Updates
- Testing Updates
- Installing Updates
- Removing Updates
- Auditing Updates
- How Microsoft Distributes Updates
- Security Updates
- Update Rollups
- Service Packs
- Microsoft Product Life Cycles