locked
WSUS Policy Templates available? RRS feed

  • Question

  • Has anyone created WSUS & Windows Update related policy templates for Windows 10?  I would really like to be able to do the following without a lot of effort and testing.

    1. Force all Windows 10 clients to only use our WSUS server for updates.

    2. Approved updates install at midnight - any day of the week, any week of the month (i.e. if there is an approved update available, it will always install that night at 12am).

    3. Windows 10 restarts immediately after installing updates (with one EXCEPTION - see #4)

    4. If a user is signed onto Windows 10 (either actively or has locked the computer), DO install the update but DONT restart while the user is signed on (with one EXCEPTION - see #5)

    5. If a user does not restart within 7 days (for an update that needs a restart), force a restart no matter what the user is doing.  

    It seems like this should be easy enough, but the WSUS policies are too confusing. I dont know which policies are even still applicable and which ones can be ignored.  Is there a guide to doing what i listed above?

    Monday, June 29, 2020 10:44 PM

All replies

  •    
     

    Hi jrauman,

    Thanks for posting on this forum.

    GPO settings are different because the needs of each WSUS user are different. Depending on your needs, I give the following Group Policy for reference:
    1. Force all Windows 10 clients to only use our WSUS server for updates.

    2. Approved updates install at midnight - any day of the week, any week of the month (i.e. if there is an approved update available, it will always install that night at 12am).

    3. Windows 10 restarts immediately after installing updates (with one EXCEPTION - see #4)

    4. If a user is signed onto Windows 10 (either actively or has locked the computer), DO install the update but DONT restart while the user is signed on (with one EXCEPTION - see #5)

    5. If a user does not restart within 7 days (for an update that needs a restart), force a restart no matter what the user is doing. 



    Regards,
    Rita


    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, June 30, 2020 7:10 AM
  • I'm looking forward to your results. I have a similar setting in place and since W10 2004 this does not work anymore.
    Tuesday, June 30, 2020 8:45 AM
  • Hi,
     
    It seems there is no update for a couple of days. May we know the current status of the problem? Is there any other assistance we can provide?
     
    If you have any questions, please keep us in touch.
     
    Regards,
    Rita

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, July 3, 2020 9:55 AM
  • I know this is not what you're looking for, but I'm going to leave it here anyways:

    https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-4-creating-your-gpos-for-an-inheritance-setup/


    Adam Marshall, MCSE: Security
    https://www.ajtek.ca
    Microsoft MVP - Windows and Devices for IT

    Friday, July 3, 2020 9:33 PM
  • Hi jrauman,
     
    It seems there is no update for a couple of days. May we know the current status of the problem? Is there any other assistance we can provide?
     
    If you have any questions, please keep us in touch.
     
    Regards,
    Rita

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, July 9, 2020 8:39 AM