question

Marco81-0653 avatar image
0 Votes"
Marco81-0653 asked Marco81-0653 answered

Install update quickly after Microsoft release

Hi everyone,
i have a network based on Active Directory (2012 R2), with a WSUS server (2016) and Windows 10 clients.
I would like to understand what GPO i have to setup in order to make it fast to install update on Windows 10 client, after the release from Microsoft.
The Windows Update section of Group Policy Editor is full of settings and i don't find the right setup.
Thank you.

windows-active-directorywindows-server-update-services
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello @Marco81-0653

I would firstly leave the general GPO article for WSUS: https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates

Then I can remark that 2 main factors are involved:
- First: the Automatic Updates detection frequency https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates#automatic-updates-detection-frequency
- Second: Configure auto-approval rules https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/3-approve-and-deploy-updates-in-wsus#32-configure-auto-approval-rules
- Third: Synchronizing Updates from the Microsoft Update Cataloghttps://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/manage/setting-up-update-synchronizations#synchronizing-updates-from-the-microsoft-update-catalog

All in all, this setting will help you to expedite the detection, propagation and deployment of new updates, but remember that WSUS is not intended for emergency patching but as a domain maintenance tool. If at any point you are concerned to apply patches as soon as possible, the best option will be to act manually both over WSUS Sync, Deploy and client update.

Hope this helps with your query,


--If the reply is helpful, please Upvote and Accept as answer--

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Marco81-0653 avatar image
0 Votes"
Marco81-0653 answered

Thank you for your answer. In fact, I thought i could to control updates in a kind of "update now this client" way, but from how you wrote, this is not possible with WSUS.
Thanky you again.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.