Configuring automatic updates
Applies To: Forefront Client Security
Before your client computers can download updates from your distribution server, they must be configured so that Automatic Updates on the client computer points to the WSUS server. To make this configuration, you can use Group Policy.
Important
In addition to your standard client computers, you must configure Automatic Updates on your management server so that it points to the WSUS server. If you do not do this, reports do not display correctly.
When you configure the Group Policy settings for WSUS, you should use a Group Policy object (GPO) linked to an Active Directory® directory service container appropriate for your environment.
After you set up a client computer, it will take a few minutes before its name appears on the Computers page in the WSUS console. For client computers configured with a GPO based in Active Directory, it will take about 20 minutes after Group Policy refreshes (that is, after it applies any new settings to the client computer). By default, Group Policy refreshes in the background every 90 minutes, with a random offset of 0–30 minutes.
Note
If you want to refresh Group Policy sooner, you can go to a command prompt on the client computer and type the following:
gpupdate /force
wuauclt.exe /detectnow
For more information about configuring Automatic Updates, see Configure clients using Group Policy (https://go.microsoft.com/fwlink/?LinkID=85860).
Configure Automatic Updates
You must specify that Automatic Updates download updates from the WSUS server rather than from Windows Update or Microsoft Update.
To configure Automatic Updates
In the Group Policy Object Editor dialog box, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update.
In the Setting list, double-click Configure Automatic Updates.
In the Configure Automatic Updates dialog box, click Enabled, and then click OK.
In the Setting list, double-click Specify intranet Microsoft update service location.
In the Specify intranet Microsoft update service location dialog box, click Enabled, enter the client configuration URL in both the Set the intranet update service box and the Set the intranet statistics server box. For example, type https://servername in both boxes, and then click OK.
Important
If the port is not 80 for HTTP or 443 for HTTPS, you should add the port number as follows: https://servername:portnumber
In the Setting list, double-click Allow Automatic Updates immediate installation.
In the Allow Automatic Updates immediate installation Properties dialog box, click Enabled, and then click OK.