Update Group Policy Administrative Templates Missing· Use Group Policy to Distribute JRE With Its Automatic Update Feature Disabled. How to disable SMB1 on Windows using the ADMX/ADML files released by Microsoft. · The following is a list of administrative tools associated with Group Policy. For more information about Group Policy administrative tools, see the. ![]() Configure Windows Update in Group Policy. Enterprise management packages, such as Symantec's Altiris, Microsoft System Center Systems Management Server, Microsoft Software Update Services, and BMC Blade. Logic Server Automation Suite, are good, but sometimes all we really need is a way to centrally manage updates for server and client operating systems. In Active Directory domains, Group Policy can provide a limited way of achieving this functionality. Within Group Policy, there are a number of options in the Computer Configuration | Policies | Administrative Templates | Windows Components | Windows Update section. Figure A shows one area of the Windows Update section. Figure AClick the image to enlarge. The biggest limitation with this configuration is that, if there is an update that you do not want deployed automatically, it cannot be explicitly withheld; likewise, if you want something pushed out now, this isn't the best tool. The other strategy for system updates is to stick to maintenance times, and the best way to do that is to assign this setting at the Organizational Unit (OU) level. In this configuration, an OU would be created for a category of like servers. These OUs would all undergo their Windows Updates at the same time that is configured in the GPO for that OU. This can also be an easy way to address patching for Windows Server Core systems (read my Tech. Republic tip on patching Windows Server 2. Core Edition). One thing I don't like is that the Configure Automatic Updates option for when the updates are to be applied is a weekly schedule; for the workplace, many environments may prefer a monthly schedule. The 1. 6 options in this area of Group Policy allow a basic update policy to be configured, and if multiple OUs are introduced, it can integrate better into small to medium environments. Like the enterprise system management options, managing updates centrally can pose problems for applications and startup sequencing. You can easily get into an overly complicated script situation to keep applications happy, so consider putting any corresponding scripts or remediation activities central in Group Policy to pair with the Group Policy Object for Windows Update. Do you use Group Policy to manage Windows Updates? If so, what tricks have you implemented? Disable updates in Windows 1. Anniversary Update) using Group Policy – 4sysops. In Windows 1. 0 1. Anniversary Update), the Windows Update setting no longer offers a drop down menu to disable updates. However, you can still turn off Automatic Updates with Group Policy. New is a feature that allows you to configure Active hours and Restart options. Michael Pietroforte is the founder and editor of 4sysops. He is a Microsoft Most Valuable Professional (MVP) with more than 3. IT management and system administration. Latest posts by Michael Pietroforte (see all)In Windows 1. November Update), you could set Windows Update to "Automatic" or to "Notify to schedule restart" under the Advanced options of the Windows Update settings. Advanced options in Windows 1. Although I could not find an official statement, it appears that these options have disappeared in Windows 1. The Advanced options no longer offer a drop down menu for changing the Automatic Updates setting: Advanced options in Windows 1. The reason probably is the new Active hours feature (see below). However, the missing drop down menu can cause confusion when you configure Windows Update via Group Policy. Disable Automatic Updates ^The Group Policy Configure Automatic Updates (Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update) has all the options of previous Windows versions: Notify for download and notify for install, Auto download and notify for install, and Auto download and schedule the install. The option, Never check for updates (not recommended), of previous Windows versions, can be configured by disabling the policy. Note: You can also configure these Windows Update settings with a little Power. Shell script that I wrote. Configure Automatic Updates policy. If you configured one of the policies in Windows 1. Windows Update settings would inform the end user that "some settings are managed by your organization.""Some settings are managed by your organization" in Windows 1. In the Advanced options of the Windows Update settings, the user could then see what settings the administrator has configured via Group Policy, but would then be unable to change the configuration. End user cant change Windows Update settings in Windows 1. If you apply any of the policies to Windows 1. Windows Updates settings don't show any information about the configuration. However, based on my tests, the Anniversary Update still supports these policies. When I gave my test machine access to the internet, without enabling any update policy , Windows Update always began by downloading new updates after a couple of minutes. The Windows Update settings usually displays the updates that are currently downloaded. However, when I disabled the Automatic Updates via Group Policy, no downloads were shown. With the help of the networking monitoring tool, I could see that Windows downloaded a couple of megabytes from Windows Update, but then stopped. Even after several hours, no new updates appeared in the Update History. I also tried the setting Notify for download and notify for install in Windows 1. When new updates are available, the user will receive a systray message. Systray message "You need some updates"And if the user missed the message, the Action Center keeps a record."You need some updates" in the Action Center. A click on the message, will bring the user to the Windows Update settings where the updates can then be downloaded."Updates are available" in Windows Update settings. I didn't try the other Group Policy settings for Automatic Updates, but my guess is that they still work, even though the Update settings no longer show how admins have configured the computer. Active hours ^Although it is no longer possible to configure the behavior of Automatic Updates within the Windows 1. Anniversary Update, two new links are now visible: Change active hours and Restart options. Change active hours and Restart options Windows 1. The Active hours option allows you to configure for the times when Windows won't restart because an update is due to be installed. Active hours. You can configure Active hours through Group Policy. Note that you can only see the new policy after you update the ADMX templates with the latest version for Windows 1. Policy. Definitions folder on your Windows Server or in the Central Store. Group Policy "Turn off auto restart for updates during active hours"If you apply this policy to a Windows 1. However, according to my tests, restarts will then be scheduled corresponding to the Group Policy, and the Active hours configuration in the Windows 1. Restart options ^The Restart options can only be configured when a restart is scheduled. In this case, the user will receive a corresponding systray message and the restart time can then be rescheduled. Restart options and Restart required message. Once a restart is scheduled, the Active hours link in the Windows settings will then disappear. Active hours link disappears when a restart is scheduled. Wrap- up ^The fact that the Group Policy configuration for Automatic Updates is no longer displayed in the Windows 1. However, the ability to centrally and locally configure Active hours, as a way of preventing unwanted restarts, is advantageous. I also appreciate being able to configure another restart time once the updates are downloaded. Unwanted restarts were certainly the major annoyance of Windows Update. However, if bandwidth consumption is your concern, then you might consider working with metered connections. With the help of a little Power. Shell script, you can switch an Ethernet connection between metered and not metered. I will cover this option in my next post. Win the monthly 4sysops member prize for IT pros Users who have LIKED this post: Related Posts. Place a workstation out of service remotely with Power. Shell. Wu. Install - Command- line control over Windows updates.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
November 2017
Categories |