This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 63%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I have a AD environment with GPO for WSUS. I have a unique requirement, by default all systems should have WSUS service disabled. We will identify a few systems where we intend to install patches from WSUS and reboot the systems. After deployment again we need to keep the WSUS service disabled on these systems. How can I achieve this? It has to be done from GPO.
To follow-up, Please let us know if you have further query on this.
Please don’t forget to Accept the answer
To follow-up, Please let us know if you have further query on this.
Please don’t forget to Accept the answer
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello @Ataro ,
How are things going on your end? Please keep me posted on this issue.
If you have any further questions or concerns about this question, please let us know.
I appreciate your time and efforts.
Best Regards,
Daisy Zhou
Hello @Ataro ,
I just want to confirm the current situations.
Please feel free to let us know if you need further assistance.
Best Regards,
Daisy Zhou
Hi @Ataro
Yes, you can archive WSUS updates on windows server using gpo.
Refer - step-by-step details Configuring WSUS on Windows Server
install & configure WSUS in Windows Server
If the Answer is helpful, please click Accept Answer and up-vote, this can be beneficial to other community members.
Hello @Ataro ,
Thank you for posting here.
Based on the description "by default all systems should have WSUS service disabled.", what do you mean WSUS service?
As I understand, only the server with WSUS role installed will have WSUS service via services.msc.
For your request "We will identify a few systems where we intend to install patches from WSUS and reboot the systems. After deployment again we need to keep the WSUS service disabled on these systems.", if you want to these systems install patches from WSUS, you can configure the following GPO setting, then if you do not want to these systems install patches from WSUS, you can remove the following GPO setting.
For more information, we can refer to the link below.
Step 4: Configure Group Policy Settings for Automatic Updates
https://learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates
Best Regards,
Daisy Zhou
