I'm looking to leverage Windows Update (not WSUS) enable Windows Servers to download patches that appear relevant in advance of a pre-approved patching window but not install them. I've used information from this documentation to identify the following registry key setting to enable this functionality:
AUOptions (REG_DWORD): 3: Automatically download and notify of installation.
However, I'm also seeing the following registry key and having trouble finding specific documentation to know what pieces of functionality this enables:
NoAutoUpdate (REG_DWORD):
- 0: Automatic Updates is enabled (default).
- 1: Automatic Updates is disabled.
I'm seeing the C:\Windows\SoftwareDistribution\Download folder being populated with files in multiple scenarios, and don't know a way to correlate the file names with the patches I am expecting to be downloaded so not sure how to validate the expected behavior.
I've seen files populate with the Windows Update service stopped, NoAutoUpdate set to 1 (disabled), and AUOption set to 3 (automatically download); I've also seen it populate with the Windows Update service running, NoAutoUpdate set to 0 (enabled), and AUOption set to 3.
Does the NoAutoUpdate registry key need to be enabled (set to 0) as well in order for the AUOptions registry key to take effect? I want to ensure the combination of registry keys does not automatically install updates, but cannot find validation in any documentation that this doesn't fully enable the download/install functionality if the AUOptions key is set. I'm also assuming the Windows Update service must be running on the machine for these to take effect.