Technology Toolbox

Your technology Sherpa for the Microsoft platform

Jeremy Jameson - Founder and Principal



Enforcing Windows Update via Group Policy

This post originally appeared on my MSDN blog:

Since I no longer work for Microsoft, I have copied it here in case that blog ever goes away.

Another Group Policy object that I use in the "Jameson Datacenter" (a.k.a. my home lab) is one to automatically configure Windows Update on all computers in the domain. This ensures that each server or workstation downloads updates from COLOSSUS (one of my VMs that is running Windows Server Update Services) rather than having each computer download, for example, a 577 MB service pack directly from the Internet. It also ensures that only the updates that I have approved through WSUS are applied.

To automatically configure Windows Update in the "Jameson Datacenter", I have defined a Group Policy (named Default Windows Update Policy) with the following settings:

  • Computer Configuration
    • Policies
      • Administrative Templates
        • Windows Components
          • Windows Update
            • Configure Automatic Updates
              • Enabled
              • Configure automatic updating: 4 -Auto download and schedule the install
              • Scheduled install day: 0 - Every day
              • Scheduled install time: 03:00
            • Specify intranet Microsoft update service location
              • Enabled
              • Set the intranet update service for detecting updates: http://colossus
              • Set the intranet statistics server: http://colossus

By linking this Group Policy to the entire domain (i.e. Windows Update is automatically configured as soon as new computers are joined to the domain and rebooted.

This enables me to spin up new VMs with very little effort. More importantly, it takes less than a half hour to get a new Windows Server 2008 VM with all the latest patches (since I start from a SysPrep'ed VHD with Windows Server 2008 Service Pack 2).


No comments posted yet.

Add Comment

Optional, but recommended (especially if you have a Gravatar). Note that your email address will not appear with your comment.
If URL is specified, it will be included as a link with your name.

To prevent spam from being submitted, please select the following fruit: Watermelon

Please add 1 and 7 and type the answer here: