Forum Discussion
Help with GPO/Update settings - Auto Download, Auto Install, Defer Reboot for specific day/time
Hi Chris_Coates,
I'll let AriaUpdated respond to the core details here although deadlines will get you most of what you want (see Enforce compliance deadlines with policies in Windows Update for Business (Windows 10) - Windows Deployment | Microsoft Docs). For your comment of possibly requiring Intune or ConfigMgr to accomplish this, keep in mind that Intune is just a policy engine for Windows Update for Business so doesn't add any actual capabilities for Windows update deployment although you could go overboard and create something custom using scripts or proactive remediations.
Microsoft- By default all updates that are automatically offered will download and install automatically.
- By default users will be shown a notification once pending reboot.
- Which shutdown/restart options? I am not sure what you are asking for here... or why?
- So you want to notify the user, but not actually force the reboot or automatically restart overnight until a specific day/time? That is possible, but really not recommended as it will both slow compliance and provide a worse end user experience. If you insist on doing this, then you can use Configure Automatic Updates and set "Schedule install" and configure to the day, time, week you want. Then don't set any other policies and the device will automatically download, install, notify the user, and only force the restart at that time. The only thing this doesn't accomplish is the "Remove normal shutdown/restart options", though partially since I am not sure what that means.
Hi AriaUpdated
Thanks for getting back to me on this one.
Let me clarify some of the points as I may not have explained myself correctly.
Optional Updates - I mean standard updates + driver + application updates
What the business is trying to achieve is the following.
- updates are downloaded and installed the day of release (every 2nd Tuesday of the month I believe)
- When a user attempts to shutdown or restart, they are forced to commit/apply the updates that have been installed
- Users that have not restarted or shutdown after updates have installed 7 days after the release are then forced to reboot (every 3rd Tuesday of the month at 12noon)
- Before the 7 day deadline no automatic reboots occur.
I hope that makes more sense.
Again if it is possible, awesome! However I think to get this level of granular control we may have to consider In-Tune/SCCM/Third-party??
Let me know what you think 🙂
- Jason_Sandys
Hi Chris_Coates,
I'll let AriaUpdated respond to the core details here although deadlines will get you most of what you want (see Enforce compliance deadlines with policies in Windows Update for Business (Windows 10) - Windows Deployment | Microsoft Docs). For your comment of possibly requiring Intune or ConfigMgr to accomplish this, keep in mind that Intune is just a policy engine for Windows Update for Business so doesn't add any actual capabilities for Windows update deployment although you could go overboard and create something custom using scripts or proactive remediations.
Jason_Sandys(and AriaUpdated) Thankyou both for your replies.
I will have a good read over the policies you sent through and see if the business is happy to implement these. I think you may have solved the issue.
Thankyou both for your help!
