I'm looking to leverage Windows Update (not WSUS) enable Windows Servers to download patches that appear relevant in advance of a pre-approved patching window but not install them. I've used information from this documentation to identify the following registry key setting to enable this functionality:
AUOptions (REG_DWORD): 3: Automatically download and notify of installation.
However, I'm also seeing the following registry key and having trouble finding specific documentation to know what pieces of functionality this enables:
NoAutoUpdate (REG_DWORD):
- 0: Automatic Updates is enabled (default).
- 1: Automatic Updates is disabled.
I'm seeing the C:\Windows\SoftwareDistribution\Download folder being populated with files in multiple scenarios, and don't know a way to correlate the file names with the patches I am expecting to be downloaded so not sure how to validate the expected behavior.
I've seen files populate with the Windows Update service stopped, NoAutoUpdate set to 1 (disabled), and AUOption set to 3 (automatically download); I've also seen it populate with the Windows Update service running, NoAutoUpdate set to 0 (enabled), and AUOption set to 3.
Does the NoAutoUpdate registry key need to be enabled (set to 0) as well in order for the AUOptions registry key to take effect? I want to ensure the combination of registry keys does not automatically install updates, but cannot find validation in any documentation that this doesn't fully enable the download/install functionality if the AUOptions key is set. I'm also assuming the Windows Update service must be running on the machine for these to take effect.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 65%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
