@Davidf58 perfect! Let's discuss the policies you have set:
I would recommend setting as few Windows Update Group Policies as possible. Below is my recommendation for both a great end user experience and compliance:
- Typically, I would let the end user manage their own Active Hours, but you can set the rang for such via "Specify active hours range for auto-restarts" (the default is 18 hours).
- I would recommend not configuring automatic updates for the best behavior. That said, if you would like you can set "Configure Automatic Updates" to 4, automatic download and schedule the install or to 2 if you want your user to choose to download the update for a period of time.
- I would recommend setting a deadline if you have compliance goals, for versions 1709+, use "Specify deadlines for automatic updates and restarts" this will allow you to specify the deadline to finish installing and a grace period by which the update should go from pending reboot to forced reboot. This provides a good user experience with notifications asking the user to schedule the reboot or reboot now.
If you have set no other Group Policies under Windows Update but these and those needed to point at your specific WSUS Standalone server, you should have a good update experience and your users should be seeing multiple restart notifications.
If those policies do not meet your needs or you have further questions, please feel free to go to Windows Update for Business docs page, to respond to this thread, or to reach out to me directly.
All the Best,
Aria
