We're running a WSUS server for the simple purpose of caching updates. Since we are a very small network of all "power users", we've got the domain group policy for WSUS updates on the clients set to prompt for download/install. i.e. We don't want updates to install without our knowledge.
But there are a few cases where it would be nice to be able to set a certain update to auto-install. e.g. Windows Defender updates, Malicious Software Removal Tool, Outlook Junk Email Filter, etc. Basically all the silly little updates that you would always install anyway and don't require a restart.
Is there a way to set the general policy to prompt for download/install, but auto-install certain regular updates?
P.S. WSUS itself does have the facility to auto-approve certain updates. That part works.
Facts & Figures:
SBS 2003 domain
Windows 7 Pro clients
Windows XP Pro clients
Best Answer
Set group policy on Administrative Templates->Windows Components->Windows Update -> Allow Automatic Updates Immediate Installation
Description text: "Specifies whether Automatic Updates should automatically install certain updates that neither interrupt Windows services nor restart Windows.
If the status is set to Enabled, Automatic Updates will immediately install these updates once they are downloaded and ready to install.
If the status is set to Disabled, such updates will not be installed immediately.
Note: If the "Configure Automatic Updates" policy is disabled, this policy has no effect."