-->![Get Updates For Other Microsoft Products Missing Get Updates For Other Microsoft Products Missing](https://filedb.experts-exchange.com/incoming/2014/06_w23/854327/winupdate.jpg)
![Free Free](https://live.paloaltonetworks.com/legacyfs/online/7723_missing%20patch3.JPG)
- Get Updates For Other Microsoft Products Missing 2016
- Get Updates For Other Microsoft Products Missing 2017
- Updates For Other Microsoft Products Missing
Applies to
Get updates for other Microsoft products option missing! A week ago on Windows 7 Windows Update was trying to force me into installing Wjndows 10 and the update 3035583 was getting annoying. I kept hiding the Install Windows 10 update but it kept showing back up, so I read if I opt out of the 'get updates for other Microsoft products' I wouldn. Yeah, duh, I was just in there when I clicked the link to get to this site. What's the deal? How does one enable all Microsoft Updates for a Windows 2008 server. I can do this in 2003 easily by going to the Microsoft Update website. 2008 however, this appears to be impossible and apparently no one else in the world has noticed this.
- Windows 10
Looking for consumer information? See Windows Update: FAQ
Important
Due to naming changes, older terms like CB and CBB might still be displayed in some of our products, such as in Group Policy or the registry. If you encounter these terms, 'CB' refers to the Semi-Annual Channel (Targeted)--which is no longer used--while 'CBB' refers to the Semi-Annual Channel.
WSUS is a Windows Server role available in the Windows Server operating systems. It provides a single hub for Windows updates within an organization. WSUS allows companies not only to defer updates but also to selectively approve them, choose when they’re delivered, and determine which individual devices or groups of devices receive them. WSUS provides additional control over Windows Update for Business but does not provide all the scheduling options and deployment flexibility that Microsoft Endpoint Configuration Manager provides.
When you choose WSUS as your source for Windows updates, you use Group Policy to point Windows 10 client devices to the WSUS server for their updates. From there, updates are periodically downloaded to the WSUS server and managed, approved, and deployed through the WSUS administration console or Group Policy, streamlining enterprise update management. If you’re currently using WSUS to manage Windows updates in your environment, you can continue to do so in Windows 10.
Requirements for Windows 10 servicing with WSUS
![Get Updates For Other Microsoft Products Missing Get Updates For Other Microsoft Products Missing](https://filedb.experts-exchange.com/incoming/2014/06_w23/854327/winupdate.jpg)
To be able to use WSUS to manage and deploy Windows 10 feature updates, you must use a supported WSUS version:
- WSUS 10.0.14393 (role in Windows Server 2016)
- WSUS 10.0.17763 (role in Windows Server 2019)
- WSUS 6.2 and 6.3 (role in Windows Server 2012 and Windows Server 2012 R2)
- KB 3095113 and KB 3159706 (or an equivalent update) must be installed on WSUS 6.2 and 6.3.
Important
Both KB 3095113 and KB 3159706 are included in the Security Monthly Quality Rollup starting in July 2017. This means you might not see KB 3095113 and KB 3159706 as installed updates since they might have been installed with a rollup. However, if you need either of these updates, we recommend installing a Security Monthly Quality Rollup released after October 2017 since they contain an additional WSUS update to decrease memory utilization on WSUS's clientwebservice.If you have synced either of these updates prior to the security monthly quality rollup, you can experience problems. To recover from this, see How to Delete Upgrades in WSUS.
WSUS scalability
To use WSUS to manage all Windows updates, some organizations may need access to WSUS from a perimeter network, or they might have some other complex scenario. WSUS is highly scalable and configurable for organizations of any size or site layout. For specific information about scaling WSUS, including upstream and downstream server configuration, branch offices, WSUS load balancing, and other complex scenarios, see Choose a Type of WSUS Deployment.
Configure automatic updates and update service location
When using WSUS to manage updates on Windows client devices, start by configuring the Configure Automatic Updates and Intranet Microsoft Update Service Location Group Policy settings for your environment. Doing so forces the affected clients to contact the WSUS server so that it can manage them. The following process describes how to specify these settings and deploy them to all devices in the domain.
To configure the Configure Automatic Updates and Intranet Microsoft Update Service Location Group Policy settings for your environment
- Open Group Policy Management Console (gpmc.msc).
- Expand ForestDomainsYour_Domain.
- Right-click Your_Domain, and then select Create a GPO in this domain, and Link it here.NoteIn this example, the Configure Automatic Updates and Intranet Microsoft Update Service Location Group Policy settings are specified for the entire domain. This is not a requirement; you can target these settings to any security group by using Security Filtering or a specific OU.
- In the New GPO dialog box, name the new GPO WSUS – Auto Updates and Intranet Update Service Location.
- Right-click the WSUS – Auto Updates and Intranet Update Service Location GPO, and then click Edit.
- In the Group Policy Management Editor, go to Computer ConfigurationPoliciesAdministrative TemplatesWindows ComponentsWindows Update.
- Right-click the Configure Automatic Updates setting, and then click Edit.
- In the Configure Automatic Updates dialog box, select Enable.
- Under Options, from the Configure automatic updating list, select 3 - Auto download and notify for install, and then click OK.ImportantHow to mods on civ 5 for mac. Use Regedit.exe to check that the following key is not enabled, because it can break Windows Store connectivity: ComputerHKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateDoNotConnectToWindowsUpdateInternetLocationsNoteThere are three other settings for automatic update download and installation dates and times. This is simply the option this example uses. For more examples of how to control automatic updates and other related policies, see Configure Automatic Updates by Using Group Policy.
- Right-click the Specify intranet Microsoft update service location setting, and then select Edit.
- In the Specify intranet Microsoft update service location dialog box, select Enable.
- Under Options, in the Set the intranet update service for detecting updates and Set the intranet statistics server options, type http://Your_WSUS_Server_FQDN:PortNumber, and then select OK.NoteThe URL
http://CONTOSO-WSUS1.contoso.com:8530
in the following image is just an example. In your environment, be sure to use the server name and port number for your WSUS instance.NoteThe default HTTP port for WSUS is 8530, and the default HTTP over Secure Sockets Layer (HTTPS) port is 8531. (The other options are 80 and 443; no other ports are supported.)
As Windows clients refresh their computer policies (the default Group Policy refresh setting is 90 minutes and when a computer restarts), computers start to appear in WSUS. Now that clients are communicating with the WSUS server, create the computer groups that align with your deployment rings.
Create computer groups in the WSUS Administration Console
Note
The following procedures use the groups from Table 1 in Build deployment rings for Windows 10 updates as examples.
You can use computer groups to target a subset of devices that have specific quality and feature updates. These groups represent your deployment rings, as controlled by WSUS. You can populate the groups either manually by using the WSUS Administration Console or automatically through Group Policy. Regardless of the method you choose, you must first create the groups in the WSUS Administration Console.
To create computer groups in the WSUS Administration Console
- Open the WSUS Administration Console.
- Go to Server_NameComputersAll Computers, and then click Add Computer Group.
- Type Ring 2 Pilot Business Users for the name, and then click Add.
- Repeat these steps for the Ring 3 Broad IT and Ring 4 Broad Business Users groups. When you’re finished, there should be three deployment ring groups.
Now that the groups have been created, add the computers to the computer groups that align with the desired deployment rings. You can do this through Group Policy or manually by using the WSUS Administration Console.
Use the WSUS Administration Console to populate deployment rings
Adding computers to computer groups in the WSUS Administration Console is simple, but it could take much longer than managing membership through Group Policy, especially if you have many computers to add. Adding computers to computer groups in the WSUS Administration Console is called server-side targeting.
In this example, you add computers to computer groups in two different ways: by manually assigning unassigned computers and by searching for multiple computers.
Manually assign unassigned computers to groups
Midi file player for mac. When new computers communicate with WSUS, they appear in the Unassigned Computers group. From there, you can use the following procedure to add computers to their correct groups. For these examples, you use two Windows 10 PCs (WIN10-PC1 and WIN10-PC2) to add to the computer groups.
To assign computers manually
- In the WSUS Administration Console, go to Server_NameComputersAll ComputersUnassigned Computers.Here, you see the new computers that have received the GPO you created in the previous section and started communicating with WSUS. This example has only two computers; depending on how broadly you deployed your policy, you will likely have many computers here.
- Select both computers, right-click the selection, and then click Change Membership.
- In the Set Computer Group Membership dialog box, select the Ring 2 Pilot Business Users deployment ring, and then click OK.Because they were assigned to a group, the computers are no longer in the Unassigned Computers group. If you select the Ring 2 Pilot Business Users computer group, you will see both computers there.
Search for multiple computers to add to groups
Another way to add multiple computers to a deployment ring in the WSUS Administration Console is to use the search feature.
To search for multiple computers
- In the WSUS Administration Console, go to Server_NameComputersAll Computers, right-click All Computers, and then click Search.
- In the search box, type WIN10.
- In the search results, select the computers, right-click the selection, and then click Change Membership.
- Select the Ring 3 Broad IT deployment ring, and then click OK.
You can now see these computers in the Ring 3 Broad IT computer group.
## Use Group Policy to populate deployment ringsThe WSUS Administration Console provides a friendly interface from which you can manage Windows 10 quality and feature updates. When you need to add many computers to their correct WSUS deployment ring, however, it can be time-consuming to do so manually in the WSUS Administration Console. For these cases, consider using Group Policy to target the correct computers, automatically adding them to the correct WSUS deployment ring based on an Active Directory security group. This process is called client-side targeting. Before enabling client-side targeting in Group Policy, you must configure WSUS to accept Group Policy computer assignment.
To configure WSUS to allow client-side targeting from Group Policy
- Open the WSUS Administration Console, and go to Server_NameOptions, and then click Computers.
- In the Computers dialog box, select Use Group Policy or registry settings on computers, and then click OK.NoteThis option is exclusively either-or. When you enable WSUS to use Group Policy for group assignment, you can no longer manually add computers through the WSUS Administration Console until you change the option back.
Now that WSUS is ready for client-side targeting, complete the following steps to use Group Policy to configure client-side targeting:
To configure client-side targeting
Tip
When using client-side targeting, consider giving security groups the same names as your deployment rings. Doing so simplifies the policy-creation process and helps ensure that you don’t add computers to the incorrect rings.
- Open Group Policy Management Console (gpmc.msc).
- Expand ForestDomainsYour_Domain.
- Right-click Your_Domain, and then click Create a GPO in this domain, and Link it here.
- In the New GPO dialog box, type WSUS – Client Targeting – Ring 4 Broad Business Users for the name of the new GPO.
- Right-click the WSUS – Client Targeting – Ring 4 Broad Business Users GPO, and then click Edit.
- In the Group Policy Management Editor, go to Computer ConfigurationPoliciesAdministrative TemplatesWindows ComponentsWindows Update.
- Right-click Enable client-side targeting, and then click Edit.
- In the Enable client-side targeting dialog box, select Enable.
- In the Target group name for this computer box, type Ring 4 Broad Business Users. This is the name of the deployment ring in WSUS to which these computers will be added.
Warning
The target group name must match the computer group name.
Get Updates For Other Microsoft Products Missing 2016
- Close the Group Policy Management Editor.
Now you’re ready to deploy this GPO to the correct computer security group for the Ring 4 Broad Business Users deployment ring.
To scope the GPO to a group
- In GPMC, select the WSUS – Client Targeting – Ring 4 Broad Business Users policy.
- Click the Scope tab.
- Under Security Filtering, remove the default AUTHENTICATED USERS security group, and then add the Ring 4 Broad Business Users group.
The next time the clients in the Ring 4 Broad Business Users security group receive their computer policy and contact WSUS, they will be added to the Ring 4 Broad Business Users deployment ring.
Automatically approve and deploy feature updates
For clients that should have their feature updates approved as soon as they’re available, you can configure Automatic Approval rules in WSUS.
WSUS respects the client device's servicing branch. If you approve a feature update while it is still in one branch, such as Insider Preview, WSUS will install the update only on devices that are in that servicing branch. When Microsoft releases the build for Semi-Annual Channel, the devices in the Semi-Annual Channel will install it. Windows Update for Business branch settings do not apply to feature updates through WSUS.
To configure an Automatic Approval rule for Windows 10 feature updates and approve them for the Ring 3 Broad IT deployment ring
- In the WSUS Administration Console, go to Update ServicesServer_NameOptions, and then select Automatic Approvals.
- On the Update Rules tab, click New Rule.
- In the Add Rule dialog box, select the When an update is in a specific classification, When an update is in a specific product, and Set a deadline for the approval check boxes.
- In the Edit the properties area, select any classification. Clear everything except Upgrades, and then click OK.
- In the Edit the properties area, click the any product link. Clear all check boxes except Windows 10, and then click OK.Windows 10 is under All ProductsMicrosoftWindows.
- In the Edit the properties area, click the all computers link. Clear all the computer group check boxes except Ring 3 Broad IT, and then click OK.
- Leave the deadline set for 7 days after the approval at 3:00 AM.
- In the Step 3: Specify a name box, type Windows 10 Upgrade Auto-approval for Ring 3 Broad IT, and then click OK.
- In the Automatic Approvals dialog box, click OK.NoteWSUS does not honor any existing month/week/day deferral settings. That said, if you’re using Windows Update for Business for a computer for which WSUS is also managing updates, when WSUS approves the update, it will be installed on the computer regardless of whether you configured Group Policy to wait.
Now, whenever Windows 10 feature updates are published to WSUS, they will automatically be approved for the Ring 3 Broad IT deployment ring with an installation deadline of 1 week.
Warning
The auto approval rule runs after synchronization occurs. This means that the next upgrade for each Windows 10 version will be approved. If you select Run Rule, all possible updates that meet the criteria will be approved, potentially including older updates that you don't actually want--which can be a problem when the download sizes are very large.
Manually approve and deploy feature updates
You can manually approve updates and set deadlines for installation within the WSUS Administration Console, as well. It might be best to approve update rules manually after your pilot deployment has been updated.
To simplify the manual approval process, start by creating a software update view that contains only Windows 10 updates.
Note
If you approve more than one feature update for a computer, an error can result with the client. Approve only one feature update per computer.
To approve and deploy feature updates manually
- In the WSUS Administration Console, go to Update ServicesServer_NameUpdates. In the Action pane, click New Update View.
- In the Add Update View dialog box, select Updates are in a specific classification and Updates are for a specific product.
- Under Step 2: Edit the properties, click any classification. Clear all check boxes except Upgrades, and then click OK.
- Under Step 2: Edit the properties, click any product. Clear all check boxes except Windows 10, and then click OK.Windows 10 is under All ProductsMicrosoftWindows.
- In the Step 3: Specify a name box, type All Windows 10 Upgrades, and then click OK.
Now that you have the All Windows 10 Upgrades view, complete the following steps to manually approve an update for the Ring 4 Broad Business Users deployment ring:
- In the WSUS Administration Console, go to Update ServicesServer_NameUpdatesAll Windows 10 Upgrades.
- Right-click the feature update you want to deploy, and then click Approve.
- In the Approve Updates dialog box, from the Ring 4 Broad Business Users list, select Approved for Install.
- In the Approve Updates dialog box, from the Ring 4 Broad Business Users list, click Deadline, click One Week, and then click OK.
- If the Microsoft Software License Terms dialog box opens, click Accept.If the deployment is successful, you should receive a successful progress report.
- In the Approval Progress dialog box, click Close.
Steps to manage updates for Windows 10
Learn about updates and servicing channels |
Prepare servicing strategy for Windows 10 updates |
Build deployment rings for Windows 10 updates |
Assign devices to servicing channels for Windows 10 updates |
Optimize update delivery for Windows 10 updates |
Deploy updates using Windows Update for Business or Deploy Windows 10 updates using Windows Server Update Services (this topic) or Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager |
Related topics
-->Applies to
- Windows 10
Looking for consumer information? See Windows Update: FAQ
You can use Group Policy settings or mobile device management (MDM) to configure the behavior of Windows Update (WU) on your Windows 10 devices. You can configure the update detection frequency, select when updates are received, specify the update service location and more.
Summary of Windows Update settings
Group Policy setting | MDM setting | Supported from version |
---|---|---|
Specify Intranet Microsoft update service location | UpdateServiceUrl and UpdateServiceUrlAlternate | All |
Automatic Updates Detection Frequency | DetectionFrequency | 1703 |
Remove access to use all Windows Update features | Update/SetDisableUXWUAccess | All |
Do not connect to any Windows Update Internet locations | All | |
Enable client-side targeting | All | |
Allow signed updates from an intranet Microsoft update service location | AllowNonMicrosoftSignedUpdate | All |
Do not include drivers with Windows Updates | ExcludeWUDriversInQualityUpdate | 1607 |
Configure Automatic Updates | AllowAutoUpdate | All |
Important
Additional information about settings to manage device restarts and restart notifications for updates is available on Manage device restarts after updates.
Additional settings that configure when Feature and Quality updates are received are detailed on Configure Windows Update for Business.
Scanning for updates
With Windows 10, admins have a lot of flexibility in configuring how their devices scan and receive updates.
Specify Intranet Microsoft update service location allows admins to point devices to an internal Microsoft update service location, while Do not connect to any Windows Update Internet locations gives them to option to restrict devices to just that internal update service. Automatic Updates Detection Frequency controls how frequently devices scan for updates.
You can make custom device groups that'll work with your internal Microsoft update service by using Enable client-side targeting. You can also make sure your devices receive updates that were not signed by Microsoft from your internal Microsoft update service, through Allow signed updates from an intranet Microsoft update service location.
Finally, to make sure the updating experience is fully controlled by the admins, you can Remove access to use all Windows Update features for users.
For additional settings that configure when Feature and Quality updates are received, see Configure Windows Update for Business.
Specify Intranet Microsoft update service location
Specifies an intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network.This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network.
To use this setting in Group Policy, go to Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows UpdateSpecify Intranet Microsoft update service location. You must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server. An optional server name value can be specified to configure Windows Update Agent to download updates from an alternate download server instead of the intranet update service.
If the setting is set to Enabled, the Automatic Updates client connects to the specified intranet Microsoft update service (or alternate download server), instead of Windows Update, to search for and download updates. Enabling this setting means that end users in your organization don’t have to go through a firewall to get updates, and it gives you the opportunity to test updates after deploying them.If the setting is set to Disabled or Not Configured, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet.
The alternate download server configures the Windows Update Agent to download files from an alternative download server instead of the intranet update service.The option to download files with missing Urls allows content to be downloaded from the Alternate Download Server when there are no download Urls for files in the update metadata. This option should only be used when the intranet update service does not provide download Urls in the update metadata for files which are present on the alternate download server.
Note
If the 'Configure Automatic Updates' policy is disabled, then this policy has no effect.
If the 'Alternate Download Server' is not set, it will use the intranet update service by default to download updates.
The option to 'Download files with no Url..' is only used if the 'Alternate Download Server' is set.
To configure this policy with MDM, use UpdateServiceUrl and UpdateServiceUrlAlternate.
Automatic Updates detection frequency
Specifies the hours that Windows will use to determine how long to wait before checking for available updates. The exact wait time is determined by using the hours specified here minus zero to twenty percent of the hours specified. For example, if this policy is used to specify a 20-hour detection frequency, then all clients to which this policy is applied will check for updates anywhere between 16 to 20 hours.
To set this setting with Group Policy, navigate to Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows UpdateAutomatic Updates detection frequency.
If the setting is set to Enabled, Windows will check for available updates at the specified interval.If the setting is set to Disabled or Not Configured, Windows will check for available updates at the default interval of 22 hours.
Note
The “Specify intranet Microsoft update service location” setting must be enabled for this policy to have effect.
If the “Configure Automatic Updates” policy is disabled, this policy has no effect.
To configure this policy with MDM, use DetectionFrequency.
Remove access to use all Windows Update features
By enabling the Group Policy setting under Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows updateRemove access to use all Windows update features, administrators can disable the 'Check for updates' option for users. Any background update scans, downloads and installations will continue to work as configured.
Do not connect to any Windows Update Internet locations
Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Microsoft Store.
Use Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows updateDo not connect to any Windows Update Internet locations to enable this policy. When enabled, this policy will disable the functionality described above, and may cause connection to public services such as the Microsoft Store, Windows Update for Business and Delivery Optimization to stop working.
Note
This policy applies only when the device is configured to connect to an intranet update service using the 'Specify intranet Microsoft update service location' policy.
Enable client-side targeting
Specifies the target group name or names that should be used to receive updates from an intranet Microsoft update service. This allows admins to configure device groups that will receive different updates from sources like WSUS or Configuration Manager.
This Group Policy setting can be found under Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows updateEnable client-side targeting.If the setting is set to Enabled, the specified target group information is sent to the intranet Microsoft update service which uses it to determine which updates should be deployed to this computer.If the setting is set to Disabled or Not Configured, no target group information will be sent to the intranet Microsoft update service.
If the intranet Microsoft update service supports multiple target groups, this policy can specify multiple group names separated by semicolons. Otherwise, a single group must be specified.
Note
This policy applies only when the intranet Microsoft update service the device is directed to is configured to support client-side targeting. If the “Specify intranet Microsoft update service location” policy is disabled or not configured, this policy has no effect.
Get Updates For Other Microsoft Products Missing 2017
Allow signed updates from an intranet Microsoft update service location
This policy setting allows you to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location.
To configure this setting in Group Policy, go to Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows updateAllow signed updates from an intranet Microsoft update service location.
If you enable this policy setting, Automatic Updates accepts updates received through an intranet Microsoft update service location, as specified by Specify Intranet Microsoft update service location, if they are signed by a certificate found in the “Trusted Publishers” certificate store of the local computer.If you disable or do not configure this policy setting, updates from an intranet Microsoft update service location must be signed by Microsoft.
Note
Updates from a service other than an intranet Microsoft update service must always be signed by Microsoft and are not affected by this policy setting.
To configure this policy with MDM, use AllowNonMicrosoftSignedUpdate.
Installing updates
To add more flexibility to the update process, settings are available to control update installation.
Configure Automatic Updates offers 4 different options for automatic update installation, while Do not include drivers with Windows Updates makes sure drivers are not installed with the rest of the received updates.
Do not include drivers with Windows Updates
Allows admins to exclude Windows Update (WU) drivers during updates.
To configure this setting in Group Policy, use Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows updateDo not include drivers with Windows Updates.Enable this policy to not include drivers with Windows quality updates.If you disable or do not configure this policy, Windows Update will include updates that have a Driver classification.
Configure Automatic Updates
Enables the IT admin to manage automatic update behavior to scan, download, and install updates.
Configuring Automatic Updates by using Group Policy
Under Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows updateConfigure Automatic Updates, you must select one of the four options:
Updates For Other Microsoft Products Missing
2 - Notify for download and auto install - When Windows finds updates that apply to this device, users will be notified that updates are ready to be downloaded. After going to Settings > Update & security > Windows Update, users can download and install any available updates.
3 - Auto download and notify for Install - Windows finds updates that apply to the device and downloads them in the background (the user is not notified or interrupted during this process). When the downloads are complete, users will be notified that they are ready to install. After going to Settings > Update & security > Windows Update, users can install them.
4 - Auto download and schedule the install - Specify the schedule using the options in the Group Policy Setting. For more information about this setting, see Schedule update installation.
5 - Allow local admin to choose setting - With this option, local administrators will be allowed to use the settings app to select a configuration option of their choice. Local administrators will not be allowed to disable the configuration for Automatic Updates.
If this setting is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, users must go to Settings > Update & security > Windows Update.
If this setting is set to Not Configured, an administrator can still configure Automatic Updates through the settings app, under Settings > Update & security > Windows Update > Advanced options.
Configuring Automatic Updates by editing the registry
Note
Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require you to reinstall the operating system. Microsoft cannot guarantee that these problems can be resolved. Modify the registry at your own risk.
In an environment that does not have Active Directory deployed, you can edit registry settings to configure group policies for Automatic Update.
To do this, follow these steps:
- Select Start, search for 'regedit', and then open Registry Editor.
- Open the following registry key:
- Add one of the following registry values to configure Automatic Update.
- NoAutoUpdate (REG_DWORD):
- 0: Automatic Updates is enabled (default).
- 1: Automatic Updates is disabled.
- AUOptions (REG_DWORD):
- 1: Keep my computer up to date is disabled in Automatic Updates.
- 2: Notify of download and installation.
- 3: Automatically download and notify of installation.
- 4: Automatically download and scheduled installation.
- ScheduledInstallDay (REG_DWORD):
- 0: Every day.
- 1 through 7: The days of the week from Sunday (1) to Saturday (7).
- ScheduledInstallTime (REG_DWORD):n, where n equals the time of day in a 24-hour format (0-23).
- UseWUServer (REG_DWORD)Set this value to 1 to configure Automatic Updates to use a server that is running Software Update Services instead of Windows Update.
- RescheduleWaitTime (REG_DWORD)m, where m equals the time period to wait between the time Automatic Updates starts and the time that it begins installations where the scheduled times have passed. The time is set in minutes from 1 to 60, representing 1 minute to 60 minutes)NoteThis setting only affects client behavior after the clients have updated to the SUS SP1 client version or later versions.
- NoAutoRebootWithLoggedOnUsers (REG_DWORD):0 (false) or 1 (true). If set to 1, Automatic Updates does not automatically restart a computer while users are logged on.NoteThis setting affects client behavior after the clients have updated to the SUS SP1 client version or later versions.
To use Automatic Updates with a server that is running Software Update Services, see the Deploying Microsoft Windows Server Update Services 2.0 guidance.
When you configure Automatic Updates directly by using the policy registry keys, the policy overrides the preferences that are set by the local administrative user to configure the client. If an administrator removes the registry keys at a later date, the preferences that were set by the local administrative user are used again.
To determine the WSUS server that the client computers and servers connect to for updates, add the following registry values to the registry:
- WUServer (REG_SZ)This value sets the WSUS server by HTTP name (for example, http://IntranetSUS).
- WUStatusServer (REG_SZ)This value sets the SUS statistics server by HTTP name (for example, http://IntranetSUS).