L
link470
Guest
I've been trying to wrap my head around Windows Update GPO's for Windows 10 to find a combination that works for the systems I manage, but I'm struggling to find a good setup. Here's the current settings I have applied via GPO:
•Allow non-administrators to receive update notifications: Disabled
•Configure Automatic Updates: Enabled
-Install during automatic maintenance: Disabled
-Scheduled install day: 0 - Every day
-Scheduled install time: 14:00 (this was originally 11 PM, but I'll get to why this didn't work in a moment)
-Install: Every Week
-Install updates for other Microsoft products: Enabled
•Configure auto-restart warning notifications schedule for updates: Enabled
-Reminder: 24 hours
-Warning: 60 minutes
•No auto-restart with logged on users for scheduled automatic updates installations: Enabled
Problem 1: Updates Don't Install
So, here's where the first problem comes in. There's at least one of our computers that hasn't installed updates for three months, because the user comes in and works mornings from 9 to 12 or so, and then leaves, and works some evenings. The machine is never on at 2PM (14:00), so the updates just don't install, and are instead, all listed in Windows Update as "Pending install".
Ok, sure. The setting is set to 2PM, and updates only install at that time...but correct me if I'm wrong, Windows XP, Windows Vista, Windows 7, Windows 8, and Windows 8.1 before this all had no problem installing the updates if their scheduled install time was missed, the next time the computer was powered on. I've never ran across an issue where any other Windows version was strict to the point of waiting for the exact time to install updates. With previous versions of Windows, an install time of 11PM was perfectly fine, or even the Windows default of 3AM, because if the install time was missed, no problem, the updates would be installed the next time the computer turned on. This does not appear to be the case with Windows 10.
Can someone confirm this behavior is expected, or how you've gotten around this?
Problem 2: The computer never restarts
This might seem obvious because I have the option for "No auto-restart with logged on users for scheduled automatic updates installations" set to Enabled, but I need to figure out a better combination of options here. We have at least a couple computers I found today where the updates had all installed because the computer was in a running state at 2PM, but there's 2 months worth of pending updates awaiting restart. I ran a quick systeminfo in CMD to get the boot time, and the system originally booted back in April; a little over 2 months ago. The user has just been walking away and letting the machine go to sleep every night, and because "No auto-restart with logged on users for scheduled automatic updates installations" is set, the user never gets updates.
Again, these exact same settings have always worked great for Windows 7, but Windows 10 is clearly treating these options differently. How do you guys handle users that never restart their computers? I want to avoid some sort of automatic script. I know some people set PowerShell scripts to automatically restart the machines, but I'd like to do this entirely with Windows Update GPOs if at all possible, because there has to be a way to manage this correctly.
Thanks for any advice!
More...
•Allow non-administrators to receive update notifications: Disabled
•Configure Automatic Updates: Enabled
-Install during automatic maintenance: Disabled
-Scheduled install day: 0 - Every day
-Scheduled install time: 14:00 (this was originally 11 PM, but I'll get to why this didn't work in a moment)
-Install: Every Week
-Install updates for other Microsoft products: Enabled
•Configure auto-restart warning notifications schedule for updates: Enabled
-Reminder: 24 hours
-Warning: 60 minutes
•No auto-restart with logged on users for scheduled automatic updates installations: Enabled
Problem 1: Updates Don't Install
So, here's where the first problem comes in. There's at least one of our computers that hasn't installed updates for three months, because the user comes in and works mornings from 9 to 12 or so, and then leaves, and works some evenings. The machine is never on at 2PM (14:00), so the updates just don't install, and are instead, all listed in Windows Update as "Pending install".
Ok, sure. The setting is set to 2PM, and updates only install at that time...but correct me if I'm wrong, Windows XP, Windows Vista, Windows 7, Windows 8, and Windows 8.1 before this all had no problem installing the updates if their scheduled install time was missed, the next time the computer was powered on. I've never ran across an issue where any other Windows version was strict to the point of waiting for the exact time to install updates. With previous versions of Windows, an install time of 11PM was perfectly fine, or even the Windows default of 3AM, because if the install time was missed, no problem, the updates would be installed the next time the computer turned on. This does not appear to be the case with Windows 10.
Can someone confirm this behavior is expected, or how you've gotten around this?
Problem 2: The computer never restarts
This might seem obvious because I have the option for "No auto-restart with logged on users for scheduled automatic updates installations" set to Enabled, but I need to figure out a better combination of options here. We have at least a couple computers I found today where the updates had all installed because the computer was in a running state at 2PM, but there's 2 months worth of pending updates awaiting restart. I ran a quick systeminfo in CMD to get the boot time, and the system originally booted back in April; a little over 2 months ago. The user has just been walking away and letting the machine go to sleep every night, and because "No auto-restart with logged on users for scheduled automatic updates installations" is set, the user never gets updates.
Again, these exact same settings have always worked great for Windows 7, but Windows 10 is clearly treating these options differently. How do you guys handle users that never restart their computers? I want to avoid some sort of automatic script. I know some people set PowerShell scripts to automatically restart the machines, but I'd like to do this entirely with Windows Update GPOs if at all possible, because there has to be a way to manage this correctly.
Thanks for any advice!
More...
