Windows Update Local Group Policies

Although most Windows 7 users go to Control Panel to configure basic Windows Updates settings, it is worth noting that from the Local Group Policy Editor you can further fine tune Windows Updates with additional settings that are not found in the Control Panel.

To open the Local Group Policy snap-in, type gpedit.msc in the Start search text box and navigate to Computer Configuration\Administrative Templates\Windows Components\Windows Update Group Policy node. This node contains 16 policies which are explained below:

Do not Display “Install Updates and Shut down” option in Shut Down Windows dialog box – This policy setting allows you to manage whether the ‘Install Updates and Shut Down’ option is displayed in the Shut Down Windows dialog box.

Do not adjust default option to “Install Updates and Shut Down” in Shut Down Windows dialog box – This policy setting allows you to manage whether the ‘Install Updates and Shut Down’ option is allowed to be the default choice in the Shut Down Windows dialog.

Enabling Windows Update Power Management to automatically wake the system to install scheduled updates – Specifies whether the Windows Update will use the Windows Power Management features to automatically wake up the system from hibernation, if there are updates scheduled for installation.

Configure Automatic Updates – Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. This setting lets you specify if automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting.

Specify intranet Microsoft update service location – Specifies an intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network. This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network.

Automatic updates detection frequency – Specifies the hours that Windows will use to determine how long to wait before checking for available updates. The exact wait time is determined by using the hours specified here minus zero to twenty percent of the hours specified. For example, if this policy is used to specify a 20 hour detection frequency, then all clients to which this policy is applied will check for updates anywhere between 16 and 20 hours.

Allow non-administrators to receive update notifications – This policy setting allows you to control whether non-administrative users will receive update notifications based on the “Configure Automatic Updates” policy setting.

Turn on Software Notification – This policy setting allows you to control whether users see detailed enhanced notification messages about featured software from the Microsoft Update service. Enhanced notification messages convey the value and promote the installation and use of optional software. This policy setting is intended for use in loosely managed environments in which you allow the end user access to the Microsoft Update service.

Allow Automatic Updates immediate installation – Specifies whether Automatic Updates should automatically install certain updates that neither interrupt Windows services nor restart Windows.

Turn on recommended updates via Automatic Updates – Specifies whether Automatic Updates will deliver both important as well as recommended updates from the Windows Update update service.

No auto-restart with logged on users for scheduled automatic updates installation – Specifies that to complete a scheduled installation, Automatic Updates will wait for the computer to be restarted by any user who is logged on, instead of causing the computer to restart automatically.

Re-prompt for restart with scheduled installations – Specifies the amount of time for Automatic Updates to wait before prompting again with a scheduled restart.

Delay restart for scheduled installations – Specifies the amount of time for Automatic Updates to wait before proceeding with a scheduled restart.

Reschedule Automatic Updates scheduled installations – Specifies the amount of time for Automatic Updates to wait, following system startup, before proceeding with a scheduled installation that was missed previously.

Enable client-side targeting – Specifies the target group name or names that should be used to receive updates from an intranet Microsoft update service.

Allow signed updates from an intranet Microsoft update service location – This policy setting allows you to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location.

Share