Server 2012 windows update group policy settings

The task runs in a random period of time up to 10 minutes to reduce the network load. For example, to remotely update user policy settings on a specific computer, you can use the following command:. Notify me of followup comments via e-mail. You can also subscribe without commenting. Leave this field empty. Home About. By default, domain controllers update GPO settings more often: every 5 minutes. The user can click the notification to open Windows Update and get more information about the software or install it.

The user can also click Close this message or Show me later to defer the notification as appropriate. In Windows 7, this policy setting will only control detailed notifications for optional applications. In Windows Vista, this policy setting controls detailed notifications for optional applications and updates. Specifies that users running Windows 7 will not be offered detailed notification messages for optional applications, and users running Windows Vista will not be offered detailed notification messages for optional applications or optional updates.

The Maintenance Scheduler extension of Group Policy contains the following settings:. The maintenance activation boundary is the daily scheduled time at which Automatic Maintenance starts. This setting is related to option 4 in Configure Automatic Updates. If you did not select option 4 in Configure Automatic Updates , it is not necessary to configure this setting. The maintenance random delay is the amount of time up to which Automatic Maintenance will delay starting from its activation boundary.

This setting is useful for virtual machines where random maintenance might be a performance requirement. Automatic Maintenance will delay starting from its activation boundary by up to the specified amount of time. The maintenance wake-up policy specifies whether Automatic Maintenance should make a wake-up request to the operating computer for daily scheduled maintenance.

If you enable this policy setting, Automatic Maintenance will attempt to set an operating system wake-up policy and make a wake-up request for the daily scheduled time, if required. The settings are listed in the same order as they appear in the Computer Configuration and User Configuration extensions in Group Policy, when the Settings tab of the Windows Update policy is selected to sort the settings alphabetically.

For each of these settings, you can use the following steps to enable, disable, or navigate between settings:. Specifies that the Install Updates and Shut Down option will appear in the Shut Down Windows dialog box if updates are available when the user selects the Shut Down option to shut down the computer.

If you enable this policy setting, Install Updates and Shut Down will not appear as a choice in the Shut Down Windows dialog box, even if updates are available for installation when the user selects the Shut Down option to shut down the computer. Specifies whether the Install Updates and Shut Down option will be the default option in the Shut Down Windows dialog box if updates are available for installation at the time the user selects the Shut Down option to shut down the computer.

Specifies whether the user's last shut down choice for example, Hibernate or Restart is the default option in the Shut Down Windows dialog box, regardless of whether the Install Updates and Shut Down option is available in the What do you want the computer to do?

This setting will remove all access to Windows Update features and no notifications will be shown. This setting will show notifications about restarts that are required to complete an installation. On computers running Windows 8 and Windows RT, if this policy is enabled, only notifications related to restarts and the inability to detect updates will be shown.

The notification options are not supported. Notifications on the sign-in screen are always displayed. This section provides addition information about using opening, and saving WSUS settings in Group Policies, and definitions for terms used in this guide.

The procedure that follows describes how to open the GPMC on your domain controller. You must be a member of the Domain Admins group or equivalent, to perform this procedure. The Group Policy Management Console opens. In the left pane, expand your forest. For example, double-click Forest: example. In the left pane, double-click Domains , and then double-click the domain for which you want to manage a Group Policy object. For example, double-click example.

To open an existing domain-level GPO for editing , double click the domain that contains the Group Policy object that you want to manage, right-click the domain policy you want to manage, and then click Edit. Right-click the domain for which you want to create a new Group Policy object, and then click Create a GPO in this domain, and Link it here. After you have opened the extension of Group Policy you want, you can use the following steps to enable, disable, or navigate between settings:.

In Options , if any options are listed, retain the default values or modify them as needed. To save your changes and proceed to the next setting, click Apply , and then click Next Setting. The following table summarizes key differences between the current and past versions of WSUS that are relevant to this guide. Casual reference automatic updates : The term used to describe when the Windows Update Agent automatically schedules and downloads updates.

A collection of settings in Group Policy that are used to control how users and computers to whom the policies apply can configure and use various Windows services and features. Administrators can use WSUS with Group Policy for client-side configuration of the Automatic Updates client, to help ensure that end-users can't disable or circumvent corporate update policies.

Client configuration can also be applied by using local group policy or by modifying the Windows registry. A casual reference to a network infrastructure that uses one or more WSUS servers to distribute updates. Use to refer to a downstream Windows Server Update Services WSUS server that mirrors the approvals and settings on the upstream server to which it is connected.

You cannot manage WSUS on a replica server. An Internet-based Microsoft download site: A Microsoft Internet site that stores and distributes updates for Windows computers device drivers , Windows operating systems and other Microsoft software products.

When you configure update policy, we recommend you to get acquainted with all the settings that are available in each option of Windows Update GPO section, and set the parameters suitable for your infrastructure and organization. To let the computers in the company to have all available patches installed, both policies can be configured so that the update service wuauserv is forced to start on the client.

We consider only a fairly simple way of binding the WSUS policies to clients. In real world, it is possible to link a single WSUS policy to all domain computers a GPO is assigned to the domain root , distribute different types of clients across different OUs as in our example, we created different WSUS policies for servers and workstations. Related Reading. Windows Update Stucks at Copying Packages to the December 17, November 18, November 9, For example, a configuration option might be whether local administrators can choose a scheduled installation time.

Local administrators won't be allowed to disable the configuration for Automatic Updates. Disabled Specifies that any client updates that are available from the public Windows Update service must be manually downloaded from the internet and installed.

Delay restart for scheduled installations Specifies the amount of time Automatic Updates will wait before proceeding with a scheduled restart. This policy applies only when Automatic Updates is configured to perform scheduled installations of updates. Options: If this setting is enabled, you can specify the amount of time in minutes Automatic Updates waits before proceeding with a scheduled restart. This policy setting enables you to specify whether the Install Updates and Shut Down option is permitted as the default choice in the Shut Down Windows dialog.

Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service. This information will enable future connections to Windows Update and other services, such as Microsoft Update or Microsoft Store.

This policy applies only when the computer is configured to connect to an intranet update service by using the Specify intranet Microsoft update service location policy setting.

Users who search for updates by using the Settings app or Control Panel will only see updates from the intranet update service. They won't be presented with the Check online for updates from Windows Update option.

Programs that use the Windows Update Agent APIs will be unable to search for updates against any service other than the intranet update service. Disabled Specifies that computers can retrieve information from public update services. This policy applies only when this computer is configured to support the specified target group names in WSUS. If the target group name doesn't exist in WSUS, it will be ignored until it's created.

If the Specify intranet Microsoft update service location policy setting is disabled or not configured, this policy has no effect. Specifies whether Windows Update will use the Windows Power Management or Power Options features to automatically wake up the computer from hibernation if updates are scheduled for installation. The computer will automatically wake only if Windows Update is configured to install updates automatically.

If the computer is in hibernation when the scheduled installation time occurs and there are updates to be applied, Windows Update will use the Windows Power Management or Power Options features to automatically wake the computer to install the updates. Windows Update will also wake the computer and install an update if an installation deadline occurs.

The computer won't wake unless there are updates to be installed. If the computer is on battery power, when Windows Update wakes it, it won't install updates.

The computer will automatically return to hibernation in two minutes. Specifies that to complete a scheduled installation, Automatic Updates will wait for the computer to be restarted by any user who is signed in, instead of causing the computer to restart automatically. Specifies the amount of time for Automatic Updates to wait before prompting again with a scheduled restart. Options: When this setting is enabled, you can specify the amount of time in minutes that will elapse before users are prompted again about a scheduled restart.

Specifies the amount of time for Automatic Updates to wait after a computer startup, before proceeding with a scheduled installation that was previously missed. If the status is set to Not Configured , a missed scheduled installation will occur one minute after the computer is next started.

Options: When this policy setting is enabled, you can specify a number of minutes after the computer is next started that a scheduled installation that did not happen earlier will occur. Specifies an intranet server to host updates from Microsoft Update. You can then use WSUS to automatically update computers on your network. This setting enables you to specify a WSUS server on your network that will function as an internal update service.

Instead of using the public Windows Update and Microsoft Update services on the internet, WSUS clients will search this service for updates that apply.

Enabling this setting means that users in your organization don't have to go through a firewall to get updates. It also gives you the opportunity to test updates before deploying them.

To use this setting, you must set two server name values: the server from which the client detects and downloads updates, and the server to which updated workstations upload statistics. The values don't need to be different if both services are configured on the same server.

Users will also see a Check online for updates from Windows Update option that enables them to use the public update services on the internet. You can remove this option by using the Do not connect to any Windows Update Internet locations policy. Applications can specifically request to use the public update services on the internet.

Disabled Specifies that clients connect directly to the Windows Update site on the internet. Options: When this policy setting is enabled, you must specify the intranet update service that WSUS clients will use when detecting updates, and the internet statistics server to which updated WSUS clients will upload statistics.

Example values:. This policy setting enables you to control whether users see detailed enhanced notification messages about featured software from the Microsoft Update service. Enhanced notification messages convey the value and promote the installation and use of optional software. This policy setting is intended for loosely managed environments in which you allow the user access to the Microsoft Update service. If you're not using the Microsoft Update service, the Software Notifications policy setting has no effect.

If the Configure Automatic Updates policy setting is disabled or is not configured, the Software Notifications policy setting has no effect. In Windows 7, this policy setting controls only detailed notifications for optional applications.

In Windows Vista, this policy setting controls detailed notifications for optional applications and updates. Disabled Specifies that users running Windows 7 won't be offered detailed notification messages for optional applications. It also specifies that users running Windows Vista won't be offered detailed notification messages for optional applications or optional updates. If you did not select option 4 in the Configure Automatic Updates setting, you don't need to configure these settings for the purpose of automatic updates.

The Maintenance Scheduler extension of Group Policy contains the following settings:. Automatic Maintenance Activation Boundary. Automatic Maintenance Random delay. This setting is related to option 4 in Configure Automatic Updates. If you did not select option 4 in Configure Automatic Updates , you don't need to configure this setting. This policy setting allows you to configure the random delay for Automatic Maintenance activation. The maintenance random delay is the amount of time up to which Automatic Maintenance will delay starting from its activation boundary.

This setting is useful for virtual machines where random maintenance might be a performance requirement. By default, when this setting is enabled, the regular maintenance random delay is PT4H.

The wake-up policy specifies whether Automatic Maintenance should make a wake-up request to the operating computer for daily scheduled maintenance. If the operating computer's power-wake policy is explicitly disabled, this setting has no effect. Remove access to use all Windows Update features. The settings are listed in the same order as they appear in the Computer Configuration and User Configuration extensions in Group Policy, when the Settings tab of the Windows Update policy is selected to sort the settings alphabetically.

For each of these settings, you can use the following steps to enable, disable, or move between settings. Windows automatic updates are also disabled.