I manage about 60 Windows 10 Pro systems for a small business, and I'm looking to help to implement a slightly more "aggressive" system update policy that the defaults, to help ensure that my users are receiving and installing updates within 2 weeks of availability. I am requesting any recommendations for me to make sure I'm cleanly implementing the following scenario:
I would like:
- Windows to search for updates daily (with the exception of maybe patch Tuesday).
- Windows to automatically download and install new updates, without prompting the user to do anything.
- I want the user to be prompted to restart/schedule the updates once they're available. I would like this notice to require user interaction and not be a temporary toast pop-up.
- But I want the user to be able to dismiss/snooze the updates for a period of up to 14 days.
- After the 14 days, I would like the system to force the update, even if the user is logged in, but inform the user with a notice about the pending system restart, which would require user interaction, so that they are aware of the restart. I would like them to be notified at least twice - the first one at least one hour before restart, and the second and last one 15 minutes before the forced restart.
- Optionally, I would like to prevent the user from choosing to restart or shutdown without initiating the installation of pending updates, once they've been informed that updates are ready to install.
I feel that I have everything set up correctly, but wanted to see if there were some recommended group policies so that I can consolidate or clean up some of the ones I have configured for my users.