none
Windows Update behavior when Domain GPO is missing

    Question

  • I have made a buggy WMI filter in a domain GPO about Windows Update and thus it didn't apply anymore on our servers.

    Some servers then started to install automatically missing updates from the Microsoft web site.

    What is strange is that the local policy don't have any settings about Windows Update.

    Where can I find the Windows update default parameters when the domain GPO is missing?

    Friday, November 20, 2015 3:45 PM

Answers

  • > Where can I find the Windows update default parameters when the domain
    > GPO is missing?
     
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto
    Update
     
    Friday, November 20, 2015 4:05 PM
  • Thanks Martin!

    With your answer I could find more information here:

    http://smallvoid.com/article/winnt-automatic-updates-config.html

    If I understand well :

    GPO settings:

    HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU

    AUOptions = 2 (Degree of user interaction)
    • 2 = Notify Download and Install (Requires Administrator Privileges)
    • 3 = Notify Install (Requires Administrator Privileges)
    • 4 = Automatically, no notification (Uses ScheduledInstallTime and ScheduledInstallDay)

    Local Policies settings:

    HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update

    AUOptions = 2 (Degree of user interaction)
    • 1 = Disables AU (Same as disabling it through the standard controls)
    • 2 = Notify Download and Install (Requires Administrator Privileges)
    • 3 = Notify Install (Requires Administrator Privileges)
    • 4 = Automatically, no notification (Uses ScheduledInstallTime and ScheduledInstallDay)
    Monday, November 23, 2015 2:38 PM

All replies

  • > Where can I find the Windows update default parameters when the domain
    > GPO is missing?
     
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto
    Update
     
    Friday, November 20, 2015 4:05 PM
  • Thanks Martin!

    With your answer I could find more information here:

    http://smallvoid.com/article/winnt-automatic-updates-config.html

    If I understand well :

    GPO settings:

    HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU

    AUOptions = 2 (Degree of user interaction)
    • 2 = Notify Download and Install (Requires Administrator Privileges)
    • 3 = Notify Install (Requires Administrator Privileges)
    • 4 = Automatically, no notification (Uses ScheduledInstallTime and ScheduledInstallDay)

    Local Policies settings:

    HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update

    AUOptions = 2 (Degree of user interaction)
    • 1 = Disables AU (Same as disabling it through the standard controls)
    • 2 = Notify Download and Install (Requires Administrator Privileges)
    • 3 = Notify Install (Requires Administrator Privileges)
    • 4 = Automatically, no notification (Uses ScheduledInstallTime and ScheduledInstallDay)
    Monday, November 23, 2015 2:38 PM