Group policy setting not applying randomly on a server


  • This is the 2nd time we have been having this problem. We have about 15 Windows servers all setup to use a group policy called WSUS - Servers.

    It includes only 3 settings which are the following

    • Configure Automatic Updates --> Set to Auto download and notify for install
    • Specify intranet Microsoft update service location --> Set to our wsus server
    • Specify setting for option component installation and component repair --> Contact Windows Update directory to download repair content instead of WSUS is active

    I learned that during the weekend, the server rebooted by itself on Saturday and Sunday after installing the updates by itself.

    When I go to Windows update then Change settings, this is what I have.

    Since the setting can't be change, it means that the GPO is being read but incorrectly.

    If I do gpupdate /force, nothing chances. gpresults /r show the GPO being applied which can be confirmed with this screenshot since it gives me the option to use Microsoft Update instead of WSUS.

    The only way to fix this issue is to go to the local group policy and set the Configure automatic update to Allow local admin to choose setting. Then after I deactive that local group policy, everything is fixed.

    We have 3 Remote Desktop Servers and so far the bug has happen only on them.

    What should I do with this ? The easiest fixed seems be to set the Configure Automatic Update to Not Configured then after on all servers, I would simply set Windows update to only download the updates.

    • Edited by Emmanuel P Monday, March 7, 2016 6:48 PM
    Monday, March 7, 2016 4:36 PM

All replies