Forum Discussion
mhopper29
Sep 28, 2020Copper Contributor
GPO for controlling Automatic Update Policies - Ignored
Good Morning,
Post recent updates we are noticing that a number of our configured GPO's for Windows Update for Business are being ignored, particularly troublesome is the "Configure automatic updates", we have this set to "3 - Auto download and notify for install".
Unfortunately all the servers in the specific environment, including our DC are ignoring this and other settings and is causing havoc, as we need the environment to be up daytime without any unwanted automatic restarts etc.
Is there something that has been broken post recent updates, or is there any kind of hint that people can give as to where to look?
- rj07thomasCopper ContributorApologies if this is all stuff you've tried, but have you checked GP inheritance, enforced GPOs/ GPOs blocked on the OUs?
- mhopper29Copper Contributor
rj07thomas Hey no worries any hint is welcome at present!
To verify the correct GPOs are being applied I've been using gpresult with the html output, which definitely shows the Update policy being applied.To double check this, via mmc I also used RSoP to determine what policies are being applied, and the windows update ones should definitely be being applied. I got my manager to alter the GPO for Windows Update(s) to Enforced and this has made 0 difference.
I even (because this is happening both on this secondary network and our primary DC with Win10 PC's) tried to apply the setting at a local group policy, and the Windows Update screen on my Win 10 Machine did not budge and basically ignored whatever I set. I've even validated that the policies are being shown in the Windows Update App and within the Registry for the relevant policies.
As stated previously, this is only happening post recent updates.- rj07thomasCopper Contributor
apologiesmhopper29 - made the error of not expanding out your question!
This is hardly a fix by any stretch of the imagination, but have you tried running updates via PowerShell to see if that works (yes - I run the actual installation & scheduling of WSUS updates via PowerShell, as GPO just isn't flexible enough imho)