Computer and Software Support


How to configure automatic updates by using Group Policy or registry settings

This article was from Microsoft and published here for your convenience.

 

Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

Description of the Microsoft Windows Registry

SUMMARY

If you are logged on as a Computer Administrator or a member of the Administrators group, you may be prompted from the notification area of the taskbar to configure the Automatic Updates feature in Windows.

For additional information about the availability of the Automatic Updates feature and how to configure and use it, click the following links:

How to configure and use Automatic Updates in Windows XP

How to configure and use Automatic Updates in Windows 2000

Advanced users and IT Professionals can also configure Automatic Updates by using Group Policy, using Windows NT 4.0 System Policy, or by modifying registry settings. This article describes how to configure the Automatic Updates features by using Group Policy or registry settings.

For additional information about configuring Automatic Updates on your network, see the Software Update Services Deployment white paper. To view this white paper, visit the following Microsoft Web site:

http://go.microsoft.com/fwlink/?linkid=6928

MORE INFORMATION

Configuring Automatic Updates by using local Group Policy

  1. Access Run or Search window
  2. Type gpedit.msc
  3. Click OK.
   
  • In the Group Policy snap-in, expand Computer Configuration.
  • Right-click Administrative Templates, and then click Add/Remove Templates.
  • Click Add, click Wuau.adm in the Windows\Inf folder, and then click Open.
  • Click Close.
  • Under Computer Configuration, expand Administrative Templates, expand Windows Components, and then expand Windows Update.

    The Configure Automatic Updates policy appears. This policy specifies whether the computer receives security updates and other important downloads through the Windows automatic updating service. The settings for this policy let you specify if automatic updates are enabled on the computer. If the service is enabled, you must select one of the three configuration options.
  • To view the policy settings, double-click the Configure Automatic Updates policy.
  • To turn on Automatic Updates, click Enabled in the list of options that appear at the top of the Setting tab.

    If you click Enabled, you must select one of the three configuration options.
  • Select one of the following three options:
    • 2 - Notify for download and notify for install

      When Windows finds updates that apply to this computer, an icon appears in the notification area and a message appears that states the updates are ready to be downloaded. If you click either the icon or the message, the option that you use to select the updates you want to download appears. Windows downloads the selected updates in the background. When the download is complete, the icon appears in the notification area again and a message appears that states that the updates are ready to be installed. If you click either the icon or the message, the option that you use to select the updates you want to install appears.
    • 3 - Auto download and notify for install

      NOTE      : This setting is the default setting.

      Windows finds updates that apply to your computer and downloads these updates in the background (the user is not notified or interrupted during this process). When the download is complete, the icon appears in the notification area and a message that states that the updates are ready to be installed appears. If you click either the icon or the message, the option that you use to select the updates you want to install appears.
    • 4 - Auto download and schedule the install

      To specify the schedule, select the appropriate options in the Group Policy Settings dialog box. If you do not specify a schedule, the default schedule for all installations is used. This schedule is every day at 3:00 A.M. If any of the updates require you to restart the computer to complete the installation, Windows restarts the computer automatically. (If a user is logged on to the computer when Windows is ready to restart it, the user is notified that Windows will restart. The user can chose to delay the restart operation.)

      If you select option 4, you can set a recurring schedule. If you do not set a schedule, all updates are downloaded and installed every day at 3:00 A.M.
    • Other Options

      Additionally, you can select either the Disabled option or the Not Configured option. If you select Disabled, an administrator must download and install any available updates manually from the Microsoft Windows Update Web site.

      If you select Not Configured, the status of Automatic Updates (enabled or not enabled) is not specified at the Group Policy level. However, an administrator can still configure Automatic Updates by using Control Panel. Control Panel includes the same settings that are available in Group Policy.
    • Note An updated Administrative Template (.adm file) is now available for use with the Automatic Updates feature in Windows Server 2003 and the Software Update Services (SUS) Service Pack 1 (SP1) client. This updated policy file adds two new policies:
    • Reschedule Automatic Updates scheduled installations
      Specifies the time for Automatic Updates to wait, following system startup, before proceeding with a scheduled installation that was missed previously
    • No auto-restart for scheduled Automatic Updates installations
      Specifies that to complete a scheduled installation, Automatic Updates will wait for the computer to be restarted by any user who is logged on, instead of causing the computer to restart automatically
    The updated client and policy file is included in Windows Server 2003. To download the SUS SP1 client for Windows 2000- and Windows XP-based computers, visit the following Microsoft Web site:

    http://www.microsoft.com/windows2000/downloads /recommended /susclient/default.asp

    Loading policy settings by using Group Policy in Active Directory

    You must use the Wuau.adm file that describes the new policy settings for the Automatic Updates client. Wuau.adm is automatically installed to the Windows\Inf folder when you install the new Automatic Updates feature.

    You can load Windows\Inf\Wuau.adm as an administrative template in Group Policy Object Editor.

    To load policy settings by using Group Policy in Active Directory:
    1. On an Active Directory domain controller, click Start, and then click Run.
    2. Type dsa.msc to load the Active Directory Users and Computers snap-in.
    3. Right-click the organizational unit or domain in which you want to create the policy, and then click Properties.
    4. Click the Group Policy tab, and then click New.
    5. Type a name for the policy, and then click Edit.
    6. Under either Computer Settings, Right-click Administrative Templates.
    7. Click Add/Remove Templates, and then click Add.
    8. Type the name of the Automatic Updates .adm file, for example, windows_folder\inf\wuau.adm.
    9. Click Open.

    Configuring Automatic Updates by editing the registry

    Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

    In a non-Active Directory environment, you can edit registry settings to configure Automatic Updates.

    NOTE: You must manually create these registry keys.

    You can use either of the following methods to set these registry keys:
    • Manually edit the registry by using Regedit.exe.
    • Centrally deploy these registry keys by using the Windows NT 4.0-style System Policy functionality.
    To use Registry Editor, follow these steps:
    1. Access REGEDIT (The page will open in a separate window)
    2. Locate and then click the following key in the registry:

      HKEY_LOCAL_MACHINE\SOFTWARE\ Policies\ Microsoft\Windows \WindowsUpdate\AU

    3. Add any of the following settings:
      • Value name: NoAutoUpdate
        Value data: 0 or 1
        • 0: Automatic Updates is enabled (default).
        • 1: Automatic Updates is disabled.
        Registry Value Type: Reg_DWORD
      • Value name: AUOptions
        Value data: 1 to 4
        • 1: Keep my computer up to date has been disabled in Automatic Updates.
        • 2: Notify of download and installation.
        • 3: Automatically download and notify of installation.
        • 4: Automatically download and scheduled installation.
        Registry Value Type: Reg_DWORD
      • Value name: ScheduledInstallDay
        Value data: 0 to 7
        • 0: Every day.
        • 1 through 7: The days of the week from Sunday (1) to Saturday (7).
        Registry Value Type: Reg_DWORD
      • Value name: ScheduledInstallTime
        Value data: n, where n equals the time of day in a 24-hour format (0-23).
        Registry Value Type: Reg_DWORD
      • Value name: UseWUServer
        Value data: Set this value to 1 to configure Automatic Updates to use a server that is running Software Update Services instead of Windows Update.
        Registry Value Type: Reg_DWORD
      • Value name: RescheduleWaitTime
        Value data: m, where m equals the amount of time (in minutes, 1-60, representing 1 minute to 60 minutes) to wait between the time Automatic Updates starts and the time it begins installations whose scheduled time has passed.
        Registry Value Type: Reg_DWORD
        Note This setting only affects client behavior after the clients have updated to the SUS SP1 client version or later.
      • Value name: NoAutoRebootWithLoggedOnUsers
        Value data: Reg_DWORD: 0 (false) or 1 (true). If set to 1, Automatic Updates does not automatically restart a computer while users are logged on.
        Registry Value Type: Reg_DWORD
        Note This setting affects client behavior after the clients have updated to the SUS SP1 client version or later.
      To use Automatic Updates with a server that is running Software Update Services, see the Software Update Services Deployment white paper. To view this white paper, visit the following Microsoft Web site:

      http://go.microsoft.com/fwlink/?linkid=6928

    Note When you configure Automatic Updates directly by using the policy registry keys, the policy overrides the preferences that are set by the local administrative user to configure the client. If an administrator removes the registry keys at a later date, the preferences that were set by the local administrative user are used again.

    Note To determine the server that is running Software     Update Services your client computers and servers go to for their updates, put the following two settings in the registry at this location:

    HKEY_LOCAL_MACHINE\SOFTWARE\ Policies\Microsoft\Windows \WindowsUpdate\

    WUServer sets the SUS server by HTTP name (for example, http://IntranetSUS). Registry Value Type: Reg_SZ

    WUStatusServer sets the SUS statistics server by HTTP name (    for example, http://IntranetSUS). Registry Value Type: Reg_SZ

    The information in this article applies to:

    • Microsoft Windows Server 2003, 64-Bit Datacenter Edition
    • Microsoft Windows Server 2003, 64-Bit Enterprise Edition
    • Microsoft Windows Server 2003, Datacenter Edition
    • Microsoft Windows Server 2003, Enterprise Edition
    • Microsoft Windows Server 2003, Standard Edition
    • Microsoft Windows XP Professional
    • Microsoft Windows XP 64-Bit Edition
    • Microsoft Windows XP Tablet PC Edition
    • Microsoft Windows 2000 Server
    • Microsoft Windows 2000 Advanced Server
    • Microsoft Windows 2000 Professional