J
jerm20201
So I've got a WSUS server set up on my 2016 server and it deal with 99% 2016 clients. I've run into the issue that my servers are automatically installing updates instead of only installing approved updates. Below are my current registry settings. I also work in tandem with another Windows Engineer and we've been trying to get WSUS working using the GPO. So when he makes changes in the WSUS GPO settings it overrides the registry settings.
Am I missing something as to why my servers are auto updating? In my other environment I have 2008/2012 servers with practically identical registry settings and they have no issues automatically updating unless the patches are approved by me.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"AcceptTrustedPublisherCerts"=dword:00000001
"BranchReadinessLevel"=dword:00000020
"DeferFeatureUpdates"=dword:00000001
"DeferFeatureUpdatesPeriodInDays"=dword:000000b4
"DeferQualityUpdates"=dword:00000001
"DeferQualityUpdatesPeriodInDays"=dword:00000000
"DoNotConnectToWindowUpdateInternetLocations"=dword:00000000
"WUServer"=xxxxxxxxx
"WUStatusServer"=xxxxxxxxx
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"AlwaysAutoRebootAtScheduledTime"=dword:00000001
"AlwaysAutoRebootAtScheduledTimeMinutes"=dword:0000000f
"AUOptions"=dword:00000004
"AutoInstallMinorUpdates"=dword:00000001
"DetectionFrequency"=dword:00000012
"DetectionFrequencyEnabled"=dword:00000001
"NoAutoRebootWithLoggedOnUsers"=dword:00000000
"NoAutoUpdate"=dword:00000000
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000004
"UseWUServer"=dword:00000001
Continue reading...
Am I missing something as to why my servers are auto updating? In my other environment I have 2008/2012 servers with practically identical registry settings and they have no issues automatically updating unless the patches are approved by me.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"AcceptTrustedPublisherCerts"=dword:00000001
"BranchReadinessLevel"=dword:00000020
"DeferFeatureUpdates"=dword:00000001
"DeferFeatureUpdatesPeriodInDays"=dword:000000b4
"DeferQualityUpdates"=dword:00000001
"DeferQualityUpdatesPeriodInDays"=dword:00000000
"DoNotConnectToWindowUpdateInternetLocations"=dword:00000000
"WUServer"=xxxxxxxxx
"WUStatusServer"=xxxxxxxxx
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"AlwaysAutoRebootAtScheduledTime"=dword:00000001
"AlwaysAutoRebootAtScheduledTimeMinutes"=dword:0000000f
"AUOptions"=dword:00000004
"AutoInstallMinorUpdates"=dword:00000001
"DetectionFrequency"=dword:00000012
"DetectionFrequencyEnabled"=dword:00000001
"NoAutoRebootWithLoggedOnUsers"=dword:00000000
"NoAutoUpdate"=dword:00000000
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000004
"UseWUServer"=dword:00000001
Continue reading...