cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Help with GPO/Update settings - Auto Download, Auto Install, Defer Reboot for specific day/time

Chris_Coates
Occasional Contributor

‎Oct 19 2021 03:27 PM

‎Oct 19 2021 03:27 PM

Help with GPO/Update settings - Auto Download, Auto Install, Defer Reboot for specific day/time

Hi MS Tech Community family.

 

I have been asked to setup a very specific update schedule using GPO whilst we seek other patching options.  As far as I can tell this isn't possible using GPO, however hope someone can prove me wrong.

 

I have been asked to setup the following.

 

  • All Updates, Including optional to Automatically download
  • All Updates to automatically install.
  • Notify Users that updates have been installed and are awaiting a reboot.
  • Remove the normal shutdown/restart options in start menu and replace with Update & Shutdown/Restart when updates have been installed.
  • Do not automatically reboot user machine until specific day of month/time (3rd Tuesday at 12noon)

 

1,033 Views
1 Like
4 Replies
Reply
4 Replies
Aria Carley

‎Oct 20 2021 01:43 PM

‎Oct 20 2021 01:43 PM

Re: Help with GPO/Update settings - Auto Download, Auto Install, Defer Reboot for specific day/time

- optional updates are NOT automatically downloaded unless you are in Release Preview. If you want to take every single optional update I'd recommend joining Release Preview.
- By default all updates that are automatically offered will download and install automatically.
- By default users will be shown a notification once pending reboot.
- Which shutdown/restart options? I am not sure what you are asking for here... or why?
- So you want to notify the user, but not actually force the reboot or automatically restart overnight until a specific day/time? That is possible, but really not recommended as it will both slow compliance and provide a worse end user experience. If you insist on doing this, then you can use Configure Automatic Updates and set "Schedule install" and configure to the day, time, week you want. Then don't set any other policies and the device will automatically download, install, notify the user, and only force the restart at that time. The only thing this doesn't accomplish is the "Remove normal shutdown/restart options", though partially since I am not sure what that means.
1 Like
Reply
Chris_Coates

‎Oct 21 2021 12:51 AM

‎Oct 21 2021 12:51 AM

Re: Help with GPO/Update settings - Auto Download, Auto Install, Defer Reboot for specific day/time

Hi @Aria Carley 

 

Thanks for getting back to me on this one. 

Let me clarify some of the points as I may not have explained myself correctly.

 

Optional Updates -  I mean standard updates + driver + application updates 

 

What the business is trying to achieve is the following.

 

  1. updates are downloaded and installed the day of release (every 2nd Tuesday of the month I believe)
  2. When a user attempts to shutdown or restart, they are forced to commit/apply the updates that have been installed
  3. Users that have not restarted or shutdown after updates have installed 7 days after the release are then forced to reboot (every 3rd Tuesday of the month at 12noon)
  4. Before the 7 day deadline no automatic reboots occur.

I hope that makes more sense.

Again if it is possible,  awesome!   However I think to get this level of granular control we may have to consider In-Tune/SCCM/Third-party??

 

Let me know what you think :)

0 Likes
Reply
best response confirmed by Chris_Coates (Occasional Contributor)
Jason_Sandys

‎Oct 21 2021 07:47 AM

‎Oct 21 2021 07:47 AM

Solution

Re: Help with GPO/Update settings - Auto Download, Auto Install, Defer Reboot for specific day/time

Hi @Chris_Coates,

 

I'll let @Aria Carley respond to the core details here although deadlines will get you most of what you want (see Enforce compliance deadlines with policies in Windows Update for Business (Windows 10) - Windows Dep...). For your comment of possibly requiring Intune or ConfigMgr to accomplish this, keep in mind that Intune is just a policy engine for Windows Update for Business so doesn't add any actual capabilities for Windows update deployment although you could go overboard and create something custom using scripts or proactive remediations.

0 Likes
Reply
Chris_Coates

‎Oct 25 2021 02:36 PM

‎Oct 25 2021 02:36 PM

Re: Help with GPO/Update settings - Auto Download, Auto Install, Defer Reboot for specific day/time

@Jason_Sandys(and @Aria Carley) Thankyou both for your replies.

   

I will have a good read over the policies you sent through and see if the business is happy to implement these.    I think you may have solved the issue.

 

Thankyou both for your help! 

0 Likes
Reply