Summary of Windows Update Settings
Windows Update is an essential point on Windows 10 and Windows 11 bias that keeps your operating system and software over to date with the rearmost security patches and advancements. As an director, you have colorful options to configure and manage Windows Update settings using Group Policy and Mobile Device operation( MDM). Let’s explore some of the crucial settings you can control to insure a smooth update experience for your bias.
Scanning for Updates
Configuring how bias overlook for updates gives you inflexibility and control over when and how updates are detected. Then are some important settings related to surveying for updates
Specify Intranet Microsoft Update Service Location This setting allows you to point bias to an internal Microsoft update service position. By specifying an internal garçon as an update service, the Automatic Updates customer will search and download updates from this service for computers on your network. This can be configured through Group Policy at Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows UpdateSpecify Intranet Microsoft Update Service Location. You can set both the garçon for update discovery and the garçon for uploading statistics, and indeed specify an alternate download garçon if demanded.
Automatic Updates Discovery frequence With this setting, you can specify the frequence at which Windows checks for available updates. You can set the interval in hours, and Windows will check for updates anywhere between the specified interval minus zero to twenty percent. For illustration, setting a 20- hour discovery frequence means updates will be checked for between 16 to 20 hours. This can be configured via Group Policy at Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows UpdateAutomatic Updates Discovery frequence.
Remove Access to Use All Windows Update Features Enabling this Group Policy setting under Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows Update will disable the” Check for updates” option for druggies. still, background update reviews, downloads, and installations will continue to work as configured.
Do Not Connect to Any Windows Update Internet locales This policy comes into effect when the device is configured to connect to an intranet update service using the” Specify Intranet Microsoft Update Service Location” policy. Enabling this setting at Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows UpdateDo Not Connect to Any Windows Update Internet locales will disable connections to public Windows Update services.
Enable customer- Side Targeting With this setting, you can specify the target group name or names that should admit updates from an intranet Microsoft update service. This allows you to configure device groups that will admit different updates from sources like WSUS or Configuration Manager. You can find this Group Policy setting at Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows UpdateEnable customer- Side Targeting.
Allow inked Updates from an Intranet Microsoft Update Service Location
This setting lets you manage whether Automatic Updates accepts updates inked by realities other than Microsoft when set up on an intranet Microsoft update service position. Enabling this policy at Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows UpdateAllow inked Updates from an Intranet Microsoft Update Service Location allows updates entered through an intranet update service to be accepted if they are inked by a instrument set up in the” Trusted Publishers” instrument store of the original computer. Disabling this policy ensures that updates from an intranet Microsoft update service position must be inked by Microsoft.
Installing Updates
To add further inflexibility to the update process, there are settings available to control update installation
Do Not Include motorists with Windows Updates Admins can use this setting to count Windows Update motorists during updates. Enabling this policy at Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows UpdateDo Not Include motorists with Windows Updates will help motorists from being installed along with other updates.
Configure Automatic Updates This setting enables IT admins to manage automatic update geste for scanning, downloading, and installing updates. Configuring this can be done using Group Policy at Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows UpdateConfigure Automatic Updates. You can choose from several options, similar as notifying druggies for download and bus- install, bus- download and notify for install, bus- download and schedule the install, and more.
To configure this setting using the registry, you can use the following registry crucialHKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU. You can set values like NoAutoUpdate to enable disable automatic updates, AUOptions to specify update options, ScheduledInstallDay and ScheduledInstallTime to record updates, and more. Be conservative when editing the registry and back over data before making any changes.
Display Organization Name in Windows Update announcements
For Windows 11 bias associated with an Azure announcement tenant, the association name appears in Windows Update announcements. This point is useful for associations that want to inform druggies about important updates. To disable displaying the association name in Windows Update announcements, you can modify the registry
Registry crucialHKEY_LOCAL_MACHINESoftwareMicrosoftWindowsUpdateOrchestratorConfigurations DWORD value name UsoDisableAADJAttribution Value data 1
The handed PowerShell script demonstrates how to make this registry change.
Allow Windows Updates to Install Before original stoner subscribe- In
Starting in Windows 11, interpretation 22H2 with the 2023- 04 Accretive Update Preview or a latterly accretive update, Windows Update can initiate background updates before a stoner completes the eschewal of Box Experience( OOBE) and signs in for the first time. This is particularly helpful for virtual machine- grounded results where druggies may not subscribe in incontinently.
To enable this point, set the following registry value
Registry crucialHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateOrchestrator
DWORD value name ScanBeforeInitialLogonAllowed
Value data 1
Please note that this value should be used only in scripts with remitted original stoner sign- sways. In other cases, enabling this value may impact performance as updates may do while druggies are subscribing in for the first time.
Conclusion
duly managing Windows Update settings is pivotal for maintaining the security and performance of your Windows bias. Whether it’s configuring update scanning frequence, controlling update installation, or customizing Windows Update geste for specific device groups, understanding and using the available settings effectively will insure a smooth and secure updating experience for your association.