Logo
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
PREGNANCY
 
 
Windows Server

Windows Server 2008 R2 : Work with Windows Updates (part 3) - Use Group Policy to Configure Automatic Updates

7/25/2011 11:27:40 AM

7. Use Group Policy to Configure Automatic Updates

Automatic updates are great because you really don't want to go from server to server checking for updates and then installing those updates manually. You probably would much rather have the server take care of that. In addition, you don't need to go to each server in your network to enable the automatic updates on that server in the first place. Group Policy is a great resource for administrators to enforce configurations for automatic updates not only on a single server but on groups of servers and clients in your network.

To configure Group Policy to enable automatic updates, you will need to do the following:

  1. Open the Group Policy Management console.

  2. Select the policy you will edit (or create a new one).

  3. Right-click the policy, and choose Edit.

  4. Expand Computer Configuration.

  5. Expand Policies.

  6. Expand Administrative Templates.

  7. Expand Windows Components.

  8. Select Windows Update, as shown in Figure 8.

  9. You will notice that there are 16 options in this policy container having to do with Windows Update. When working with policies, remember that policies have three possible states: enabled, disabled, and not configured. To configure automatic updates using Group Policy, you will need to select the policy called Configure Automatic Updates, as shown in Figure 8. Double-click the policy, and then choose Enabled.

Figure 8. GPME for Windows Update

The Configure Automatic Updates policy setting has four different values that you will need to choose from when you enable this policy. They are numbered from 2 through 5, as shown in Figure 9:

2 This notifies you before downloading any updates and notifies you again before installing any updates.

3 This is the default setting. This downloads the updates automatically and then notifies you when they are ready to be installed.

4 This automatically downloads the updates and then automatically installs them based on a time scheduled in the Configure Automatic Updates policy setting.

5 This allows local administrators to select the configuration mode for automatic updates. This means the local administrators can choose when the updates will be installed by using their local Windows Update; however, they cannot turn off automatic updates.

Once you have selected one of the four options, you will likely need to establish the scheduled install day and time. There are eight options labeled 0 through 8. Don't ask us where the crazy numbering comes from—first 2 through 5, and now 0 through 8. Just smile and configure the settings.

Figure 9. Configure Automatic Updates policy setting's options

If you want the updates to install every day, choose option 0. If you want the updates to be installed only once a week on a given day, then choose the number representation for the day you want the updates to install:

0 = Every day

1 = Sunday

2 = Monday

3 = Tuesday

4 = Wednesday

5 = Thursday

6 = Friday

7 = Saturday

You will also need to establish a time for the updates to be installed on the scheduled day. The default here is 3 a.m. This setting is made using a 24-hour time setting, so if you wanted to have updates installed in the late evening hours, say at 11 p.m., you would select 23:00. Once this policy is set, you can apply it to servers in your network's sites, domains, or organizational units.

There is an additional setting here that will make automatic updates immediately install. When this setting is configured, it will allow an update to install immediately if the update does not require a restart of the Windows operating system or the interruption of Windows services.

Windows Server 2008 R2 will check for updates using an automatic update detection frequency of 22 hours by default. If you want to change that frequency, you can do so using the policy setting entitled Automatic Updates Detection Frequency. This setting when enabled will specify the number of hours between automatic update checks. The setting is interesting because the server will actually choose a value located somewhere between the actual setting in hours and 20 percent less than its value. This means that if you use a value of 20 hours, the server will check for automatic updates every 16 to 20 hours. This policy works in direct conjunction with Configure Automatic Updates and with Specify Intranet Microsoft Update Service Location.

The policy called Specify Intranet Microsoft Update Service Location is used to enable Windows Update from a server within your corporate network. This means you can provide a central network location to provide updates to your server and client computers inside your network. This can be very desirable in many cases because your server and clients are not getting their updates from an Internet property but rather from an internal network location that can be tightly monitored and controlled.

The desire to move to an even more automated system of updating servers located inside the corporate network and to provide as much automation as possible for Windows Updates will eventually lead you to a group of resources called Windows Server Update Services.

Other -----------------
- SQL Server 2005 : Privilege Escalation Without Ownership Chains
- SQL Server 2005 : Privilege and Authorization - Ownership Chaining
- SQL Server 2005 : Privilege and Authorization - Basic Impersonation Using EXECUTE AS
- Configuring Standard Permissions for Exchange Server 2010 (part 2) - Understanding & Assigning Advanced Exchange Server Permissions
- Configuring Standard Permissions for Exchange Server 2010 (part 1)
- Feature Overview of Microsoft Lync Server 2010 : Dial-In Conferencing & Enterprise Voice
- Feature Overview of Microsoft Lync Server 2010 : Instant Messaging & Web Conferencing
- Feature Overview of Microsoft Lync Server 2010 : Presence
- Installing Windows Small Business Server 2011
- Business Server 2011 : Planning Fault Tolerance and Avoidance - Disk Arrays
- Microsoft Dynamics GP 2010 : Improving financial reporting clarity by splitting purchasing accounts & Speeding up lookups with Advanced Lookups
- Microsoft Dynamics GP 2010 : Remembering processes with an Ad hoc workflow
- Microsoft Dynamics GP 2010 : Gaining additional reporting control with Account Rollups
- SharePoint 2010 Search : Replacing the SharePoint Search Engine (part 2) - FAST Search Server 2010 for SharePoint
- SharePoint 2010 Search : Replacing the SharePoint Search Engine (part 1) - Google Search Appliance
- Microsoft Dynamics NAV : Backing up and restoring with SQL Server
- Microsoft Dynamics NAV : Using HotCopy backup & Testing the database
- Microsoft Dynamics NAV : Creating and restoring backups using a Dynamics NAV client
- Microsoft SQL Server 2008 Analysis Services : Building Basic Dimensions and Cubes - Setting up a new Analysis Services project
- Windows Server 2008 Server Core : Managing IIS - Working with the ApplicationHost.CONFIG File
 
 
Most view of day
- Windows Phone 7 Programming Model : Asynchronous Programming - Background Threads
- Microsoft Excel 2010 : Protecting and Securing a Workbook - Setting Add-in Security Options
- Microsoft SharePoint 2013 : Working with Visio Services - Customizing Visio Services solutions
- Windows Server 2012 : Enhancements for Flexible Identity and Security (part 1) - Dynamic Access Control
- SharePoint 2010 : Farm Governance - Configuring a Managed account
- Windows Phone 8 : Localizing Your Phone Application
- Extending Dynamics GP with Free Software : Extending Dynamics GP with the Support Debugging Tool, Coloring windows by company
- Microsoft Visio 2010 : Linking External Data to Shapes (part 4) - Using the Database Wizard - Taking the Data-Linked Light Bulb Shape for a Spin
- Conducting Research in OneNote 2010 : Researching a Topic, Customizing the Research Task Pane
- Microsoft Visio 2010 : Working with Text (part 1) - Creating and Editing Text Blocks
Top 10
- Sharepoint 2013 : Overview of The Client-Side Object Model and Rest APIs - Client-Side Object Model API Coverage
- Sharepoint 2013 : Overview of The Client-Side Object Model and Rest APIs - REST and OData (part 3) - Creating, Updating, and Deleting
- Sharepoint 2013 : Overview of The Client-Side Object Model and Rest APIs - REST and OData (part 2) - Filtering and Selecting
- Sharepoint 2013 : Overview of The Client-Side Object Model and Rest APIs - REST and OData (part 1) - Getting Started with REST and OData
- Sharepoint 2013 : Integrating Apps for Office with SharePoint (part 2) - Apps for Office Integrated with an App for SharePoint
- Sharepoint 2013 : Integrating Apps for Office with SharePoint (part 1) - Standalone Apps for Office
- Sharepoint 2013 : The Office JavaScript Object Model (part 3) - App Security
- Sharepoint 2013 : The Office JavaScript Object Model (part 2) - Functional Capabilities by Office Client,Mailbox-based Apps
- Sharepoint 2013 : The Office JavaScript Object Model (part 1) - Document-based Apps
- Windows Phone 8 : Playing Music Through the Phone (part 5) - Sharing Music, Playing Music Using Smart DJ, Accessing Playlists
 
 
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
2015 Camaro