You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/automation/automation-configure-windows-update.md
+7-5Lines changed: 7 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,18 +3,18 @@ title: Configure Windows Update settings to work with Azure Update Management
3
3
description: This article describes the Windows Update settings that you configure to work with Azure Update Management.
4
4
services: automation
5
5
ms.subservice: update-management
6
-
ms.date: 02/27/2020
6
+
ms.date: 03/02/2020
7
7
ms.topic: conceptual
8
8
---
9
9
# Configure Windows Update settings for Update Management
10
10
11
-
Azure Update Management relies on [Windows Update client](https://docs.microsoft.com//windows/deployment/update/windows-update-overview) to download and install Windows updates. There are specific settings that are used by the Windows Update client when connecting to Windows Server Update Services (WSUS) or Windows Update. Many of these settings can be managed with Local Group Policy Editor, PowerShell, directly editing the Registry, or in Group Policy. Some settings can be managed with the [Server Configuration Tool](https://docs.microsoft.com/windows-server/get-started/sconfig-on-ws2016#windows-update-settings) (SCONFIG).
11
+
Azure Update Management relies on [Windows Update client](https://docs.microsoft.com//windows/deployment/update/windows-update-overview) to download and install Windows updates. There are specific settings that are used by the Windows Update client when connecting to Windows Server Update Services (WSUS) or Windows Update. Many of these settings can be managed with Local Group Policy Editor, PowerShell, directly editing the Registry, or in Group Policy.
12
12
13
13
Update Management respects many of the settings specified to control the Windows Update client. If you use settings to enable non-Windows updates, Update Management will also manage those updates. If you want to enable downloading of updates before an update deployment occurs, update deployment can be faster, more efficient, and less likely to exceed the maintenance window.
14
14
15
15
## Pre-download updates
16
16
17
-
To configure automatic downloading of updates but don't automatically install them, you can use Group Policy to set the [Configure Automatic Updates setting](/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates##configure-automatic-updates) to **3**. This setting enables downloads of the required updates in the background, and notifies you that the updates are ready to install. In this way, Update Management remains in control of schedules, but updates can be downloaded outside the Update Management maintenance window. This behavior prevents "Maintenance window exceeded" errors in Update Management.
17
+
To configure automatic downloading of updates but don't automatically install them, you can use Group Policy to set the [Configure Automatic Updates setting](/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates##configure-automatic-updates) to **3**. This setting enables downloads of the required updates in the background, and notifies you that the updates are ready to install. In this way, Update Management remains in control of schedules, but updates can be downloaded outside the Update Management maintenance window. This behavior prevents **Maintenance window exceeded** errors in Update Management.
18
18
19
19
You can also turn on this setting by running the following PowerShell command on a machine that you want to configure for auto-downloading of updates:
20
20
@@ -30,7 +30,7 @@ The registry keys listed in [Configuring Automatic Updates by editing the regist
30
30
31
31
## Enable updates for other Microsoft products
32
32
33
-
By default, Windows Update client is configured to provide updates only for Windows. If you enable the **Give me updates for other Microsoft products when I update Windows** setting, you also receive updates for other products, including security patches for Microsoft SQL Server and other Microsoft software. This option can be configured if you have downloaded and copied the latest [Administrative template files](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra)that is available for Windows 2016 and higher.
33
+
By default, Windows Update client is configured to provide updates only for Windows. If you enable the **Give me updates for other Microsoft products when I update Windows** setting, you also receive updates for other products, including security patches for Microsoft SQL Server and other Microsoft software. This option can be configured if you have downloaded and copied the latest [Administrative template files](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) available for Windows 2016 and higher.
34
34
35
35
If you are running Windows Server 2012 R2, this setting cannot be configured by Group Policy. Run the following PowerShell command on the machines that you want to enable other Microsoft updates on. Update Management complies with this setting.
36
36
@@ -47,7 +47,9 @@ Update Management supports WSUS settings. The WSUS settings you can configure fo
47
47
48
48
### Intranet Microsoft update service location
49
49
50
-
You can specify sources for scanning and downloading updates under [Specify intranet Microsoft Update service location](/windows/deployment/update/waas-wu-settings#specify-intranet-microsoft-update-service-location).
50
+
You can specify sources for scanning and downloading updates under [Specify intranet Microsoft Update service location](/windows/deployment/update/waas-wu-settings#specify-intranet-microsoft-update-service-location). By default, Windows Update client is configured to download updates from Windows Update. When you specify a WSUS server as a source for your machines, if the updates aren't approved in WSUS, update deployment fails.
51
+
52
+
To restrict machines to just that internal update service, configure [Do not connect to any Windows Update Internet locations](https://docs.microsoft.com/windows/deployment/update/waas-wu-settings#do-not-connect-to-any-windows-update-internet-locations).
0 commit comments