Forum Discussion
WUfB - Update Baseline / Best Practise
A new article has recently been published that answers just that question, The Windows Update policies you should set and why - Microsoft Tech Community
In short, for what you've described, the default settings + configuring the deadline settings should give you what you are looking for. Default settings utilize Active hours, and even allow end users to specify their own active hours, or let Intelligent Active Hours find or recommend great settings for each user. And our default notifications provide a daily reminder until the deadline+grace period are reached and then provide a couple more reminders before restarting.
HTH
-David
hi David_Guyer
We made this Setting but we have some questions about definitions;
- When you receive the update notification - you can say: "Remind me later" - what does "later" mean?
when is the next notification?
- Grace periods; in https://docs.microsoft.com/en-us/windows/deployment/update/update-policies is the discription from "on vacation" - does this mean the device is offline (for the hole vacationtime?)
- we set the setting "Don't auto-restart until end of grace period" - but the device restart out the active hours ? so what do this setting?
thank you for your help! 🙂
MicrosoftNaturally, restart now means right away, and schedule a time allows the user to specify the time the restart will occur, rather than letting the system use the auto restart outside of active hours behavior. The upside of this option is that less idle/busy checks are done since the user has indicated "restart at this time", though if the user is at the device at that time they can reschedule to prevent productivity loss. The downside is that if the user schedules a time, forgets, and then puts the device to hibernation, or turns it off, then they often get confused why it didn't restart at the scheduled time.
HTH
hey David_Guyer
Thank you for your explation!
Can you tell me what is with the other two questions?
- Grace periods; in this artice is the discription from "on vacation" - does this mean the device is offline (for the hole vacationtime?)- we set the setting "Don't auto-restart until end of grace period" - but the device restart out the active hours ? so what do this setting?
- David_Guyer
On Vacation is an example of why Grace Period is useful on top of the deadline.
Here's how it works...
- Deadline starts measuring from when the update was available, so if you have a 7 day deferral, and a 7 day deadline, then the deadline is 14 days after the update is released.
- Grace period starts measuring from when the device reaches ready to restart. So, if you have a 3 day grace period, and the device reaches ready to restart a week after it's available, then the Grace Period ends 10 days after it's available.
- The restart is enforced at the latter date of these two settings. So, in this case, the restart would be enforced 14 days after it's available.
However, consider a case where someone is on vacation the 2 weeks after the update is availalbe, so they turn on their machine on day 14. The deadline has passed, so the device works to get updated as fast as possible, but since the user is working on their first day after vacation, forcing them to restart in the middle of the day is a bit harsh, so the grace period kicks in and gives them 3 days to restart , automatically outside of active hours or when they schedule it, before enforcing the restart.
They work together to ensure a good, balanced end user experience that keeps them happy, while also keeping admins happy since devices are kept secure on a reasonable timeline.
HTH