Automatic Updates Registry Configuration for Pre-Downloading Patches

Casey 21 Reputation points
2020-10-29T17:43:06.177+00:00

I'm looking to leverage Windows Update (not WSUS) enable Windows Servers to download patches that appear relevant in advance of a pre-approved patching window but not install them. I've used information from this documentation to identify the following registry key setting to enable this functionality:

AUOptions (REG_DWORD): 3: Automatically download and notify of installation.

However, I'm also seeing the following registry key and having trouble finding specific documentation to know what pieces of functionality this enables:

NoAutoUpdate (REG_DWORD):

  • 0: Automatic Updates is enabled (default).
  • 1: Automatic Updates is disabled.

I'm seeing the C:\Windows\SoftwareDistribution\Download folder being populated with files in multiple scenarios, and don't know a way to correlate the file names with the patches I am expecting to be downloaded so not sure how to validate the expected behavior.
I've seen files populate with the Windows Update service stopped, NoAutoUpdate set to 1 (disabled), and AUOption set to 3 (automatically download); I've also seen it populate with the Windows Update service running, NoAutoUpdate set to 0 (enabled), and AUOption set to 3.

Does the NoAutoUpdate registry key need to be enabled (set to 0) as well in order for the AUOptions registry key to take effect? I want to ensure the combination of registry keys does not automatically install updates, but cannot find validation in any documentation that this doesn't fully enable the download/install functionality if the AUOptions key is set. I'm also assuming the Windows Update service must be running on the machine for these to take effect.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,156 questions
Accepted answer
  1. Jenny Feng 14,081 Reputation points
    2020-10-30T02:22:02.51+00:00

    @Casey
    Hi,

    Does the NoAutoUpdate registry key need to be enabled (set to 0) as well in order for the AUOptions registry key to take effect?
    Yes, in order for the AUOptions registry key to take effect, you should enable the NoAutoUpdate registry key.

    In fact, I prefer to use Group Policy to manage updates, the registry method is just an alternative.
    If you want to confirm the update before installing, the best option is WSUS.
    Hope above information can help you.

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest