Gpedit update policy

On the Configure Automatic Updates dialog, select Enabled in the left pane, in the Options section click on the Configure Automatic Updating Combo Box and in the dropdown list select Notify for download and notify for install. This policy specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service.

This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting:.

Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints. You can schedule gpupdate. Group Policy will also be refreshed for all computers that are located in the OUs contained in the selected OU.

Click Yes in the Force Group Policy update dialog box. This is the equivalent to running GPUpdate. This display does not show the success or failure of the actual Group Policy refresh for each computer.

You should plan a delay of up to 10 minutes to start a Group Policy refresh when you are verifying the results for each computer. This allows more freedom to determine which set of computers is to be refreshed than if you schedule the refresh through the GPMC. Additionally, you have the freedom to configure the interval of time to wait before a Group Policy refresh is performed by using the —RandomDelayInMinutes parameter.

If set to a zero 0 value, the scheduled task for the Group Policy refresh is configured to start immediately. For more information, see Invoke-GPUpdate. You can refresh the changed Group Policy settings for the computer that you are signed in to by running the Invoke-GPUpdate cmdlet without including any parameters, for example:.

The Computers container is a default location for computer accounts. Then supply the name of each computer that is returned to the Invoke-GPUpdate cmdlet. Specifies whether Automatic Updates will automatically install updates that don't interrupt Windows services or restart Windows. If the Configure Automatic Updates policy setting is set to Disabled , this policy has no effect. Specifies whether non-administrative users will receive update notifications based on the Configure Automatic Updates policy setting.

If the Configure Automatic Updates policy setting is disabled or is not configured, this policy setting has no effect. Starting in Windows 8 and Windows RT, this policy setting is enabled by default. In all prior versions of Windows, it's disabled by default. In two situations, the effect of this setting depends on the operating computer: - Hide or Restore updates - Cancel an update installation In Windows Vista or Windows XP, if this policy setting is enabled, users won't see a User Account Control window.

These users don't need elevated permissions to hide, restore, or cancel updates. If this policy setting is not enabled, users will always see a User Account Control window, and they require elevated permissions to hide, restore, or cancel updates. In Windows 7, this policy setting has no effect.

Users will always see an Account Control window, and they require elevated permissions to do these tasks. In Windows 8 and Windows RT, this policy setting has no effect. Disabled Specifies that only logged-on administrators receive update notifications.

Note that in Windows 8 and Windows RT, this policy setting is enabled by default. Options: There are no options for this setting. Specifies whether Automatic Updates accepts updates that are signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location.

Updates from a service other than an intranet Microsoft update service must always be signed by Microsoft. This policy setting doesn't affect them.

This policy is not supported on Windows RT. Enabling this policy won't have any effect on computers running Windows RT. Specifies whether a restart timer will always begin immediately after Windows Update installs important updates, instead of first notifying users on the sign-in screen for at least two days.

If the No auto-restart with logged on users for scheduled automatic updates installations policy setting is enabled, this policy has no effect. The restart timer can be configured to start with any value from 15 to minutes. When the timer runs out, the restart will proceed even if the computer has signed-in users. Disabled Specifies that Windows Update won't alter the computer's restart behavior. Options: If this setting is enabled, you can specify the amount of time that will elapse after updates are installed before a forced computer restart occurs.

Specifies the hours that Windows will use to determine how long to wait before checking for available updates. The exact wait time is determined by using the hours specified here minus 0 to 20 percent of the hours specified. For example, if this policy is used to specify a hour detection frequency, all clients to which this policy is applied will check for updates anywhere between 16 and 20 hours. The Specify intranet Microsoft update service location setting must be enabled for this policy to have effect.

If the Configure Automatic Updates policy setting is disabled, this policy has no effect. Options: If this setting is enabled, you can specify the time interval in hours that Windows Update waits before checking for updates. If this Group Policy setting is enabled, you must select one of the four options that the setting provides.

To use this setting, select Enabled. Then in Options under Configure automatic updating , select one of the options 2 , 3 , 4 , or 5. When this setting is enabled, local administrators will be allowed to use the Windows Update control panel item to select a configuration option of their choice.

However, local administrators won't be allowed to disable the configuration for Automatic Updates. Users can then run Windows Update to download and install any available updates. The user is not notified or interrupted during the process. When the downloads are complete, users are notified that updates are ready to install. Users can then run Windows Update to install the downloaded updates. If no schedule is specified, the default schedule for all installations will be every day at AM.

If any updates require a restart to complete the installation, Windows will restart the computer automatically. If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart. Note that starting Windows 8, you can set updates to install during automatic maintenance instead of using a specific schedule tied to Windows Update. Automatic maintenance will install updates when the computer is not in use, and will avoid installing updates when the computer is running on battery power.

If automatic maintenance can't install updates within days, Windows Update will install updates right away. Users will then be notified about a pending restart. A pending restart will happen only if there's no potential for accidental data loss.

For setting details, see the Maintenance Scheduler settings section of this article. For example, a configuration option might be whether local administrators can choose a scheduled installation time. Local administrators won't be allowed to disable the configuration for Automatic Updates. Disabled Specifies that any client updates that are available from the public Windows Update service must be manually downloaded from the internet and installed.

Delay restart for scheduled installations Specifies the amount of time Automatic Updates will wait before proceeding with a scheduled restart. This policy applies only when Automatic Updates is configured to perform scheduled installations of updates.

Options: If this setting is enabled, you can specify the amount of time in minutes Automatic Updates waits before proceeding with a scheduled restart.

This policy setting enables you to specify whether the Install Updates and Shut Down option is permitted as the default choice in the Shut Down Windows dialog. Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service. This information will enable future connections to Windows Update and other services, such as Microsoft Update or Microsoft Store. This policy applies only when the computer is configured to connect to an intranet update service by using the Specify intranet Microsoft update service location policy setting.

Users who search for updates by using the Settings app or Control Panel will only see updates from the intranet update service. They won't be presented with the Check online for updates from Windows Update option.

Programs that use the Windows Update Agent APIs will be unable to search for updates against any service other than the intranet update service. Disabled Specifies that computers can retrieve information from public update services. This policy applies only when this computer is configured to support the specified target group names in WSUS. If the target group name doesn't exist in WSUS, it will be ignored until it's created.

If the Specify intranet Microsoft update service location policy setting is disabled or not configured, this policy has no effect. Specifies whether Windows Update will use the Windows Power Management or Power Options features to automatically wake up the computer from hibernation if updates are scheduled for installation. The computer will automatically wake only if Windows Update is configured to install updates automatically. If the computer is in hibernation when the scheduled installation time occurs and there are updates to be applied, Windows Update will use the Windows Power Management or Power Options features to automatically wake the computer to install the updates.

Windows Update will also wake the computer and install an update if an installation deadline occurs. The computer won't wake unless there are updates to be installed. If the computer is on battery power, when Windows Update wakes it, it won't install updates. The computer will automatically return to hibernation in two minutes. Specifies that to complete a scheduled installation, Automatic Updates will wait for the computer to be restarted by any user who is signed in, instead of causing the computer to restart automatically.

Specifies the amount of time for Automatic Updates to wait before prompting again with a scheduled restart. Options: When this setting is enabled, you can specify the amount of time in minutes that will elapse before users are prompted again about a scheduled restart. Specifies the amount of time for Automatic Updates to wait after a computer startup, before proceeding with a scheduled installation that was previously missed. If the status is set to Not Configured , a missed scheduled installation will occur one minute after the computer is next started.

Options: When this policy setting is enabled, you can specify a number of minutes after the computer is next started that a scheduled installation that did not happen earlier will occur. Specifies an intranet server to host updates from Microsoft Update. You can then use WSUS to automatically update computers on your network. This setting enables you to specify a WSUS server on your network that will function as an internal update service.

Instead of using the public Windows Update and Microsoft Update services on the internet, WSUS clients will search this service for updates that apply.

Enabling this setting means that users in your organization don't have to go through a firewall to get updates. It also gives you the opportunity to test updates before deploying them.

To use this setting, you must set two server name values: the server from which the client detects and downloads updates, and the server to which updated workstations upload statistics. The values don't need to be different if both services are configured on the same server. Users will also see a Check online for updates from Windows Update option that enables them to use the public update services on the internet.

You can remove this option by using the Do not connect to any Windows Update Internet locations policy. Applications can specifically request to use the public update services on the internet. Disabled Specifies that clients connect directly to the Windows Update site on the internet.