Guest jerm20201 Posted January 24, 2020 Posted January 24, 2020 So I've got a WSUS server set up on my 2016 server and it deal with 99% 2016 clients. I've run into the issue that my servers are automatically installing updates instead of only installing approved updates. Below are my current registry settings. I also work in tandem with another Windows Engineer and we've been trying to get WSUS working using the GPO. So when he makes changes in the WSUS GPO settings it overrides the registry settings. Am I missing something as to why my servers are auto updating? In my other environment I have 2008/2012 servers with practically identical registry settings and they have no issues automatically updating unless the patches are approved by me. [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate] "AcceptTrustedPublisherCerts"=dword:00000001 "BranchReadinessLevel"=dword:00000020 "DeferFeatureUpdates"=dword:00000001 "DeferFeatureUpdatesPeriodInDays"=dword:000000b4 "DeferQualityUpdates"=dword:00000001 "DeferQualityUpdatesPeriodInDays"=dword:00000000 "DoNotConnectToWindowUpdateInternetLocations"=dword:00000000 "WUServer"=xxxxxxxxx "WUStatusServer"=xxxxxxxxx [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU] "AlwaysAutoRebootAtScheduledTime"=dword:00000001 "AlwaysAutoRebootAtScheduledTimeMinutes"=dword:0000000f "AUOptions"=dword:00000004 "AutoInstallMinorUpdates"=dword:00000001 "DetectionFrequency"=dword:00000012 "DetectionFrequencyEnabled"=dword:00000001 "NoAutoRebootWithLoggedOnUsers"=dword:00000000 "NoAutoUpdate"=dword:00000000 "ScheduledInstallDay"=dword:00000000 "ScheduledInstallTime"=dword:00000004 "UseWUServer"=dword:00000001 Continue reading... Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.