group-policywindowswindows-server-2008windows-update
We have automated the deployment of Windows updates on our servers through the use of local GPO. Everything works great and a screenshot of the existing configuration can be found in the screenshot attached below.
We have noticed though, that Optional Updates are being ignored, not installed automatically and need manual intervention. Is there any way, either Microsoft official or a registry hack to force the installation of the Optional Updates as well?
Thank you in advance.
You could use PowerShell to update group policy. Here's an example:
set-gpregistryvalue -name "WU" -key HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate -ValueName "WUServer", "WUStatusServer" -type String -Value "http://wsus01.internal.local:8530"
And here's where you can read up more on the amazingness that is powershell:
http://technet.microsoft.com/en-us/library/ee461027.aspx
OR AN EVEN BETTER ANSWER:
Step 1: Setup Active Directory
Step 2: Join computers to Active Directory domain
Step 3: Configure group policy to point computers to WSUS server
Step 4: Profit
Best Answer
You comment that you do not use WSUS due to them not being on the domain. You can configure clients directly via the registry to use a specified WSUS server and set them to automatically install updates if desired. GPOs ease the automation, but are not requirements. Scheduled tasks are one of many ways to set a specified time to install if you're up to the scripting.
The relevant registry keys:
From TechNet: "Configure Automatic Updates in a Non–Active Directory Environment" on these keys and what goes under them: https://technet.microsoft.com/en-us/library/cc708449(v=ws.10).aspx