Configuring Automatic Updates by using local Group Policy
- Click Start, and then click Run.
- Type gpedit.msc, and then click OK.
- Expand Computer Configuration.
- Right-click Administrative Templates, and then click Add/Remove Templates.
- Click Add, click Wuau.adm in the Windows\Inf folder, and then click Open.
- Click Close.
- Under Computer Configuration, expand Administrative Templates, expand Windows Components, and then expand Windows Update.
The Configure Automatic Updates policy appears. This policy specifies whether the computer receives security updates and other important downloads through the Windows Automatic Updates feature. The settings for this policy let you specify if automatic updates are enabled on the computer. If the service is enabled, you must select one of the three configuration options. - To view the policy settings, double-click the Configure Automatic Updates policy.
- To turn on Automatic Updates, click Enabled in the list of options that appear at the top of the Setting tab.
If you click Enabled, you must select one of the three configuration options that are listed in step 10. - Select one of the following three options:
- 2 - Notify for download and notify for install
When Windows finds updates that apply to this computer, an icon appears in the notification area, and a message appears that states that the updates are ready to be downloaded. If you click either the icon or the message, the option that you use to select the updates you want to download appears. Windows downloads the selected updates in the background. When the download is complete, the icon appears in the notification area again, and a message appears that states that the updates are ready to be installed. If you click either the icon or the message, the option that you use to select the updates you want to install appears. - 3 - Auto download and notify for install
Note This setting is the default setting.
Windows finds updates that apply to your computer, and then downloads these updates in the background.The user is not notified or interrupted during this process. When the download is complete, the icon appears in the notification area, and a message that states that the updates are ready to be installed appears. If you click either the icon or the message, the option that you use to select the updates you want to install appears. - 4 - Auto download and schedule the install
To specify the schedule, select the appropriate options in the Group Policy Settings dialog box. If you do not specify a schedule, the default schedule for all installations is used. This schedule is every day at 3:00 A.M. If any one of the updates require you to restart the computer to complete the installation, Windows restarts the computer automatically. (If a user is logged on to the computer when Windows is ready to restart it, the user is notified that Windows will restart. The user can chose to delay the restart operation.)
If you select 4 - Auto download and schedule the install you can set a recurring schedule. If you do not set a schedule, all updates are downloaded and installed every day at 3:00 A.M. - Other Options
Additionally, you can select either the Disabled option or the Not Configured option. If you select Disabled, an administrator must download and install any available updates manually from the Microsoft Windows Update Web site.
If you select Not Configured, the status of Automatic Updates is not specified at the Group Policy level. The status is either "enabled" or "not enabled." However, an administrator can still configure Automatic Updates by using Control Panel. Control Panel includes the same settings that are available in Group Policy.
- 2 - Notify for download and notify for install
- Reschedule Automatic Updates scheduled installations
This policy specifies the time that Automatic Updates has to wait after the computer starts, before it proceeds with a scheduled installation that was missed previously. - No auto-restart for scheduled Automatic Updates installations
This policy specifies that Automatic Updates will wait for the computer to be restarted by any user who is logged on to complete a scheduled installation. If this policy is not used, the computer restarts automatically.
(http://www.microsoft.com/downloads/details.aspx?FamilyID=799432fb-c196-4f01-8cce-4f9ea58d6177&DisplayLang=en)
To download the updated Administrative Template for Windows 2000-based and Windows XP-based computers, visit the following Microsoft Web site:
(http://microsoft.com/downloads/details.aspx?FamilyId=D26A0AEA-D274-42E6-8025-8C667B4C94E9&displaylang=en)
Loading policy settings by using Group Policy in Active Directory directory services
To load policy settings by using Group Policy, you must use the Wuau.adm file that describes the new policy settings for the Automatic Updates client. Wuau.adm is automatically installed in the Windows\Inf folder when you install the new Automatic Updates feature.You can load Windows\Inf\Wuau.adm as an administrative template in Group Policy Object Editor.
To load policy settings by using Group Policy in Active Directory:
- On an Active Directory domain controller, click Start, and then click Run.
- Type dsa.msc.
- Right-click the organizational unit or domain where you want to create the policy, and then click Properties.
- Click the Group Policy tab, and then click New.
- Type a name for the policy, and then click Edit.
- Under Computer Settings, right-click Administrative Templates.
- Click Add/Remove Templates, and then click Add.
- Type the name of the Automatic Updates .adm file, for example, type windows_folder\inf\wuau.adm.
- Click Open.
Configuring Automatic Updates by editing the registry
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows
In a non-Active Directory environment, you can edit registry settings to configure Automatic Updates.
Note You must manually create these registry keys.
You can use either of the following methods to set these registry keys:
- Manually edit the registry by using Registry Editor (regedit.exe).
- Centrally deploy these registry keys by using the Windows NT 4.0-style System Policy functionality.
- Click Start, click Run, and then type regedit in the Open box.
- Locate and then click the following key in the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
- Add any one of the following settings:
- Value name: NoAutoUpdate
Value data: 0 or 1- 0: Automatic Updates is enabled (default).
- 1: Automatic Updates is disabled.
- Value name: AUOptions
Value data: 1 to 4- 1: Keep my computer up to date has been disabled in Automatic Updates.
- 2: Notify of download and installation.
- 3: Automatically download and notify of installation.
- 4: Automatically download and scheduled installation.
- Value name: ScheduledInstallDay
Value data: 0 to 7- 0: Every day.
- 1 through 7: The days of the week from Sunday (1) to Saturday (7).
- Value name: ScheduledInstallTime
Value data: n, where n equals the time of day in a 24-hour format (0-23).
Registry Value Type: Reg_DWORD - Value name: UseWUServer
Value data: Set this value to 1 to configure Automatic Updates to use a server that is running Software Update Services instead of Windows Update.
Registry Value Type: Reg_DWORD - Value name: RescheduleWaitTime
Value data: m, where m equals the time to wait between the time Automatic Updates starts and the time it begins installations where the scheduled times have passed. The time is set in minutes from 1 to 60, representing 1 minute to 60 minutes)
Registry Value Type: Reg_DWORD
Note This setting only affects client behavior after the clients have updated to the SUS SP1 client version or later. - Value name: NoAutoRebootWithLoggedOnUsers
Value data: Reg_DWORD: 0 (false) or 1 (true). If set to 1, Automatic Updates does not automatically restart a computer while users are logged on.
Registry Value Type: Reg_DWORD
Note This setting affects client behavior after the clients have updated to the SUS SP1 client version or later.
- Value name: NoAutoUpdate
To determine the server that is running SUS that your client computers and servers go to for their updates, add the following f registry values to the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\
Value name: WUServer
Registry Value Type: Reg_SZ
This value sets the SUS server by HTTP name (for example, http://IntranetSUS).
Value name: WUStatusServer
Registry Value Type: Reg_SZ
This value sets the SUS statistics server by HTTP name (for example, http://IntranetSUS).
No comments:
Post a Comment