Forum Discussion
Server 2016 Windows Update disabled?
I have Windows 2016 and 2019 Servers.
All in in the same OU and getting the same Group Policy. This is confirmed via gpresult.
I am using GP to disable Automatic Updates. This looks to be working in 2019:
But with Server 2016, it says this:
Should I expect these servers to update?
5 Replies
Thanks to everyone who tried to help.
At this point, I am 90% certain that the wording in the 2016 WU GUI is simply incorrect.
Still shows this:
But sconfig shows this:
I will know for sure after the next patch Tuesday a week from today.
This has been applied for a week now with no patch-related reboots.
I dont think any of them are even checking for updates at all, despite what it says in Server 2016.
Though its impossible for me to login to every server and check that.
Ill update this again after next patch Tuesday.
Hi, thanks for this.
The policies seem to be working as desired, but Im a little concerned by the difference in wordings in the 2 screen captures in my original post:
2019: "Your organization has turned off Automatic Updates."
2016: "Updates will be downloaded and installed automatically."
Should I be concerned about the 2016 wording (I currently am concerned).
Has anyone out there ever got 2016 to NOT say "Updates will be downloaded and installed automatically."?
If so, how did you do it?
Computer Configuration > Administrative Templates > Windows Components > Windows Update
- Confirm that the "Configure Automatic Updates" policy is set to Disabled.
- Force Group Policy Update:
- Run gpupdate /force on the Server 2016 machine and check if the behavior changes.
- Clear Pending Updates:
- If Server 2016 shows pending updates despite the policy:
- Stop the Windows Update service: net stop wuauserv
- Delete the contents of C:\Windows\SoftwareDistribution.
- Start the Windows Update service: net start wuauserv.
- This clears downloaded updates and ensures the policy is re-applied cleanly.
- If Server 2016 shows pending updates despite the policy:
- Check for WaaSMedicSVC Interference:
- The Windows Update Medic Service can override certain settings. Disable it temporarily to test:
- Open Services.msc, find Windows Update Medic Service, and set it to Disabled.
- Monitor behavior after rebooting.
- Get-WindowsUpdateLog
- The Windows Update Medic Service can override certain settings. Disable it temporarily to test:
- Group Policy Applied Correctly:
- Since you've confirmed via gpresult that the same Group Policy is applied to both Windows Server 2016 and 2019, the issue is not with the GPO deployment.
- Policy Behavior on Windows Server 2016 vs. 2019:
- Windows Server 2016 and 2019 interpret certain Windows Update settings differently. For example:
- "Configure Automatic Updates" policy may exhibit different default behavior depending on the OS version and the specific update settings applied.
- Windows Server 2016 and 2019 interpret certain Windows Update settings differently. For example:
- Windows Server 2016 Reporting Updates as Pending:
- If Server 2016 shows updates as "pending" or appears to ignore the "disable Automatic Updates" policy:
- It may be due to updates already downloaded before the policy was applied.
- A service like Windows Update Medic Service (WaaSMedicSVC) might be restarting update processes.
- If Server 2016 shows updates as "pending" or appears to ignore the "disable Automatic Updates" policy:
- Expected Behavior:
- Windows Server 2019: Should adhere to the "disable Automatic Updates" setting and prevent new updates from downloading/installing automatically.
- Windows Server 2016: Might still show updates as pending but should not download or install new updates automatically if the policy is correctly applied
- Group Policy Applied Correctly:
