question

AemilianusKehler-4003 avatar image
0 Votes"
AemilianusKehler-4003 asked AemilianusKehler-4003 edited

Windows Server 2016 auto install security updates

I've the following settings:

Allow Automatic Updates immediate installation Enabled WSUS
Configure Automatic Updates Enabled WSUS

Configure automatic updating: 3 - Auto download and notify for install
The following settings are only required and applicable if 4 is selected.
Install during automatic maintenance Disabled
Scheduled install day: 1 - Every Sunday
Scheduled install time: 02:00
Install updates for other Microsoft products Enabled



Policy

Setting

Winning GPO

Specify intranet Microsoft update service location Enabled WSUS

Set the intranet update service for detecting updates: http://WSUSHostnamer:8530
Set the intranet statistics server: http://WSUSHostname:8530
(example: http://IntranetUpd01)

I don't want all updates to auto install, like any update that requires updates (E.G. CU updates) to be auto installed. Just security updates. Is my requirements not able to be met, and is it not auto installing cause I have set the one setting "Configure automatic updating: 3 - Auto download and notify for install"?

Thanks for any replies


windows-group-policywindows-server-update-services
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AllenLiu-MSFT avatar image
0 Votes"
AllenLiu-MSFT answered

Hi, @AemilianusKehler-4003
Someone achieved this goal by creating a seperate GPO that creates a Scheduled Task to execute that PowerShell command:
Update-MpSignature -UpdateSource InternalDefinitionUpdateServer
For the reference:
https://community.spiceworks.com/topic/2213559-how-to-automatically-install-windows-defender-updates-wsus

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.