20,218 questions
Review my guide
Part 4 deals with the GPO policies and part 5 deals with applying the policies for an inheritance setup.
I would also suggest that you read the whole series as each part is built off each other.
WSUS Scheduled Install Time
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 7.000000000000001%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETW%3C/text%3E%3C/svg%3E)
Travis Whiteman
20
Reputation points
Our organization is looking at our WSUS GPO settings to troubleshoot an issue where we have some Windows 10 version 1809 (LTSC) clients that will download the various Windows updates from the WSUS server, however, they wait for an administrator to click the install button.
Our process for deploying updates is on Patch Tuesday, we go into WSUS and approve the updates for all of the Windows clients, with a deadline, according to our organization policy.
What we have noticed is in AD GPO, there is a setting called "Configure Automatic Updates". What we are wondering is, should this setting be configured for option 4 "Auto download and schedule the install"? Even though we are scheduling the installation of updates via WSUS?
Note, our current setting is option 3 "Auto download and notify for install".
Windows for business | Windows Server | User experience | Other
Windows for business | Windows Client for IT Pros | User experience | Other
Accepted answer
-
Adam J. Marshall 10,356 Reputation points MVP2023-01-20T01:06:53.0166667+00:00 -
Adam J. Marshall 10,356 Reputation points MVP
2023-01-20T01:09:16.9066667+00:00 Just as a note... Setting up a deadline solely to attempt to manage WSUS is a mistake
Sign in to comment -
3 additional answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Thameur-BOURBITA 36,261 Reputation points Moderator2023-01-19T22:03:25.7233333+00:00 Hi,
When you choose the option 3 Auto download and notify for install, the download windows update will be launched automatically from WSUS, once completed user will be notified to install it.
If you want launch the installation automatically based on the schedule configured in the GPO , you have to select the option 4 Auto download and schedule the install. The settings of schedule installation in the GPO will be applied when you choose the option 4 Auto download and schedule the install
I invite your to read the link below for more details: Configure Automatic Updates by Using Group Policy
Please don't forget to mark helpful answer as accepted
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Limitless Technology 44,766 Reputation points2023-01-20T16:23:32.3333333+00:00 Hello Travis,
That is correct, as per the official document of Microsoft:
4 - Auto download and schedule the install
You can specify the schedule by using the options in this Group Policy setting. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart.)
You can specify schedule options in the GPME Maintenance Scheduler settings. These settings are located in the path PolicyName > computer Configuration > Policies > Administrative Templates > Windows components > Maintenance Scheduler > Automatic Maintenance Activation Boundary. For setting details, see the Maintenance Scheduler settings section of this article.
References:
--If the reply is helpful, please Upvote and Accept as answer--
-
Travis Whiteman 20 Reputation points
2023-01-20T16:33:05.8833333+00:00 So, I did some checking in our organization. We been doing the process of WSUS Schedule Deadline for a little over 10 years now. I'm guessing in the past, Microsoft scheduled updates using WSUS Deadline, and now Microsoft use GPO to schedule updates.
What my plan is, I will make a GPO with the option 4, scheduled installation time, and apply it to a test group. Hopefully after a couple of months, I can show the organization that using GPO to schedule updates is the correct/proper way to go.