Group Policy Recommendations to enforce updates within 2 weeks of availability.

Occasional Contributor

I manage about 60 Windows 10 Pro systems for a small business, and I'm looking to help to implement a slightly more "aggressive" system update policy that the defaults, to help ensure that my users are receiving and installing updates within 2 weeks of availability.  I am requesting any recommendations for me to make sure I'm cleanly implementing the following scenario:

 

I would like:

- Windows to search for updates daily (with the exception of maybe patch Tuesday).

- Windows to automatically download and install new updates, without prompting the user to do anything.

- I want the user to be prompted to restart/schedule the updates once they're available.  I would like this notice to require user interaction and not be a temporary toast pop-up.

- But I want the user to be able to dismiss/snooze the updates for a period of up to 14 days.

- After the 14 days, I would like the system to force the update, even if the user is logged in, but inform the user with a notice about the pending system restart, which would require user interaction, so that they are aware of the restart.  I would like them to be notified at least twice - the first one at least one hour before restart, and the second and last one 15 minutes before the forced restart.  

- Optionally, I would like to prevent the user from choosing to restart or shutdown without initiating the installation of pending updates, once they've been informed that updates are ready to install.  

 

I feel that I have everything set up correctly, but wanted to see if there were some recommended group policies so that I can consolidate or clean up some of the ones I have configured for my users.

 

Thank you!  

0 Replies