All clients are connected to the internet. Lots of updates (including many important ones) are already downloaded on the clients from our WSUS but not installed.
Direct access to Windows update is prohibited by gpo. Users too have of course no administrative rights to install software. But these already downloaded updates can be installed by clicking on the corresponding button by any user.
What we need is an automatic installation right after updates have been 'deployed' (are locally downloaded from our WSUS-server to our client-PCs.
As this is only a problem with our around 900 clients, the software-manufacturer of the WSUS-client-programm we are using to trigger the download and installation only at specific days and times cannot help us - other customers don't have this problem. And it is still working with our remaining Win7-clients.
The attached hardcopy shows the upper part of a long list of downloading but not installed updates (shown to all users).
I try to translate the Geman text:
red, 'Einige Einstellungen ...': 'Some settings are controlled by your organisation.'
blue, 'Konfigurierte ...': 'Show configured update-policies'
red, 'Auf Ihrem Gerät ...': 'On your PC important security- and quality-updates are missing.'
This list ends with a button 'Install now' (translated from the German buttontext), between the list of updates and this button is this text (again translated to my best knowledge from German): 'Updates will be automatically installed when this computer is not in use. You too might install updates right away.'
There are several policies set: