A group policy setting can suppress any notification for required reboot avoiding the system to never reboot (possible) neither notify the user for a reboot. This can affect corporate systems where users typically are not actively involved in cycled update patching and generally hate for any patching involving reboot. This article will discuss different group policy settings that can impact either a computer or a user’s configuration for setting Automatic Windows Update for the system.
- (Option 1) Group Policy Object Editor >> User Configuration >> Administrative Templates >> Windows Components >> Windows Update
Remove access to use all Windows Update features
- (Option 2) Group Policy Object Editor >> Computer Configuration >> Administrative Templates >> System >> Internet Communication Management >> Internet Communication Settings
Turn off access to all Windows Update features
Both settings allows group policy administrators to remove access to Windows Update. When enabled, all Windows Update features are removed. This includes blocking access to the Windows Update Web site at http://windowsupdate.microsoft.com, from the Windows Update hyperlink on the Start menu, and also on the Tools menu in Internet Explorer. Windows automatic updating is also disabled; it will neither be notified about nor will it receive critical updates from Windows Update. This setting also prevents Device Manager from automatically installing driver updates from the Windows Update Web site. If this setting is disabled or not configured, users will be able to access the Windows Update Web site and enable automatic updating to receive notifications and critical updates from Windows Update.
- When Option 1 is enabled, “wuauclt /detectnow” command line does not work and WindowsUpdate.log reports an error message - Windows Update is disabled by policy for user. That indicates the logged on user trying to check new updates for the system is unable to check for updates because the group policy setting disallows any communication between the system and WSUS server (as invoked by the user). However, the system will check with the WSUS server within intervals as defined in the group policy automatically.
- When Option 1 or 2 is enabled, Automatic Updates Notification (as in image) is disabled and the logged on user does not receive any reboot notifications or prompts.
- When both Options are enabled, notifications as well as detectnow command lines do not work.
More information about Automatic Updates & Group Policy can be referenced from TechNet Websites, as below.
No comments:
Post a Comment