none
Windows 7 GPO ideas to make it very clear that Windows Updates are ready to be installed?

    Question

  • I noticed that on Windows 7 the yellow shield in the taskbar does not exist and the blue updates icon is hidden away in the notification area.  The user will not see it unless they go searching for it to see the hidden icons in the notification area.

    If they miss the initial balloon notification, there is no further warning of pending updates and when the installation deadline passes, their laptop will just silently install the updates in the background and then suddenly initiate a reboot with no warning at all.  In XP, there was a warning prompt saying the computer will reboot in 5 minutes or 15 minutes etc..  

    If there is no deadline, the updates simply don't get installed at all because they forget about them or postpone them indefinitely.

    They may have no idea that the updates have been downloaded to their laptop for several days waiting for them to install manually prior to the deadline.

    Is there any way to configure a GPO to make the "Updates Are Ready" balloon notice to redisplay more than once and/or to force the Windows Updates icon to always appear in the task bar when updates have been downloaded rather than being hidden?

    Sunday, July 21, 2013 9:24 AM

Answers

  • the deadlines you're talking about, are "install" deadlines, not "reboot" deadlines.
    WU doesn't offer a way to specifically schedule the reboots, only to temporarily avoid them.

    I use ConfigMgr, and ConfigMgr uses the WUAgent to do some of the heavy lifting for patching.
    ConfigMgr use the WU API's to poke WUAgent into doing only what is needed, and ConfigMgr controls the reboot behaviour in almost all cases. (excepting for the cases where there's a mid-stream restart, like an OS servicepack).

    ConfigMgr allows for a bit more control over when installation deadlines are reached, and, the restart suppression.
    WU/WSUS on it's own, doesn't give you anything to schedule when the restarts occur, but you can usually control the time of update installation, which is the trigger for restarts.

    ConfigMgr allows for the management by Maintenance Windows, which is a window in time, on a very controllable schedule, and only when the MW is open, is when updating/installation can occur (unless the end-user explicitly interacts to self-service).

    If you are using WSUS and only WSUS, there are limitations. You will need some other tool to extend the feature set, to get more control.

    I use WSUS separately from ConfigMgr, but I don't need the micro-control in that environment.

    Not sure if you've taken a stroll in the WSUS forum, lots of great info in there.
    This GP forum isn't likely to attract all the WSUS specialists, since GP can only apply the settings offered by the WU product itself.


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    Sunday, August 04, 2013 6:02 AM

All replies

  • Hi,

    Thanks for posting in Microsoft Technet Forums.

    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

    Thank you for your understanding and support.

    Regards.


    Vivian Wang
    TechNet Community Support

    Thursday, July 25, 2013 2:10 AM
  • Hi,

    For more information, please see below:

    http://technet.microsoft.com/en-us/magazine/dd492018.aspx

    Thanks,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. 

    Thursday, July 25, 2013 11:34 AM
  • Hi,

    For more information, please see below:

    http://technet.microsoft.com/en-us/magazine/dd492018.aspx

    Thanks,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. 

    I already knew how to do it manually, but I posted the question in the Group Policy forum because I'm looking for a way to use Group Policy to configure the settings for large groups of PCs all at once instead of having to to go to each PC and adjust the settings for each user one by one.

    I can't find a where the policy settings are that make the changes.

    Thursday, July 25, 2013 1:03 PM
  • Hi,

    Thanks for yor response.

    Have you check the following article?

    Best practice: How to use Group Policy to turn off Backup Notification in the Windows 7:

    http://www.grouppolicy.biz/2010/06/how-to-use-group-policy-to-turn-off-backup-notification-in-the-windows-7-action-center-the-easier-way/

    Regards.


    Vivian Wang
    TechNet Community Support

    Monday, July 29, 2013 7:07 AM
  • That does not appear to do what I asked in my original  question.  
    Monday, July 29, 2013 2:20 PM
  • Hi,

    Here is the link about how to configure Windows update policy:

    http://support.microsoft.com/kb/328010

    http://technet.microsoft.com/en-us/library/bb457141.aspx

    Hope this helpful.

    Thanks,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. 

    Saturday, August 03, 2013 6:45 AM
  • this article may be helpful: http://blogs.technet.com/b/mu/archive/2008/10/02/windows-update-and-automatic-reboots.aspx

    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    Saturday, August 03, 2013 8:26 AM
  • Can you combine postponing reboot with a deadline?

    For instance suppose your want to make sure that the current months updates are installed by the 28th of the month every month can you use use the steps below?

    Update made available to automatically install daily starting on the 20th of the month, but with the option set to: "No auto restart with logged on users for scheduled automatic updates."

    The user is logged in constantly (locks screen instead of logging out when they go home for the day) so the machine never reboots at 3AM and instead they see the reboot prompt the morning of the 21st, but chooses not to reboot by clicking on Postpone:  "Remind me in 4 hours."  The user keeps doing this every 4 hours every day from the 21st through the 27th.  On the morning of the 28th, the deadline hits and the option to postpone the restart for additional time is not offered.  Workstation reboot is forced at deadline time.

    Is this functionality possible?

    Of course, we will also have some users who are infrequent users of laptops who may have had their laptop powered off for the entire period of the 21st through the 28th.  They power up their laptop of the 1st of the following month, and the laptop then silently installs updates and reboots the laptop during a presentation that morning with little warning since it has passed the deadline.

    Looks like the only way around "NEVER" having an unexpected reboot for installing updates is to not have deadlines at all.  However, we have tried that before and there are many users who will postpone updates forever.  Deadlines were implemented when it was discovered that several users would just keeping hitting "Remind me later" and their machines were a few months behind receiving critical security updates.

    Sunday, August 04, 2013 4:51 AM
  • the deadlines you're talking about, are "install" deadlines, not "reboot" deadlines.
    WU doesn't offer a way to specifically schedule the reboots, only to temporarily avoid them.

    I use ConfigMgr, and ConfigMgr uses the WUAgent to do some of the heavy lifting for patching.
    ConfigMgr use the WU API's to poke WUAgent into doing only what is needed, and ConfigMgr controls the reboot behaviour in almost all cases. (excepting for the cases where there's a mid-stream restart, like an OS servicepack).

    ConfigMgr allows for a bit more control over when installation deadlines are reached, and, the restart suppression.
    WU/WSUS on it's own, doesn't give you anything to schedule when the restarts occur, but you can usually control the time of update installation, which is the trigger for restarts.

    ConfigMgr allows for the management by Maintenance Windows, which is a window in time, on a very controllable schedule, and only when the MW is open, is when updating/installation can occur (unless the end-user explicitly interacts to self-service).

    If you are using WSUS and only WSUS, there are limitations. You will need some other tool to extend the feature set, to get more control.

    I use WSUS separately from ConfigMgr, but I don't need the micro-control in that environment.

    Not sure if you've taken a stroll in the WSUS forum, lots of great info in there.
    This GP forum isn't likely to attract all the WSUS specialists, since GP can only apply the settings offered by the WU product itself.


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    Sunday, August 04, 2013 6:02 AM