I have set up WSUS 2.0 (on 2008 R2). All client side machines are running Windows 8.1.
At the request of the users, i have been running with the below GP configuration so WSUS is less intrusive, and wont shut down their machines automatically etc. My understanding was that by disabling 'Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box' it would behave as the description states:
If you disable or do not configure this policy setting, the 'Install Updates and Shut Down' option will be available in the Shut Down Windows dialog box if updates are available when the user selects the Shut Down option in the Start menu.
I have also disabled the "Do not adjust option to'Install Updates and Shut Down' option in Shut Down Windows dialog box'" which i thought would mean the default option at shut down would be to install updates and shutdown. As per its description:
If you disable or do not configure this policy setting, the 'Install Updates and Shut Down' option will be the default option in the Shut Down Windows dialog box if updates are available for installation at the time the user selects the Shut Down option in the Start menu.
I have a few test Win7 VM's and this is working as i would expect. However, the Win8.1 users do not get this option on shutdown. They are still required to open Windows Update and manually click 'Instal;l Updates'…. not ideal from my perspective, as you could imagine, some users are not installing them at all.
Is there a way to make this option available on Win8.1 OS, or is the only option to change 'Configure Automatic Updates' to option 4 and set a schedule to install them. I want to avoid this if at all possible.
My current GPO set up is as per below. Has anyone got any ideas?
Do not display install updates and shut down option.... : Disabled
Do not adjust option to install and shut down...... : Disabled
Enabling Windows Update Power Mgt to automatically Wake up system : Enabled
Configure Automatic Updates : option 3 : Enabled
Specify intranet MS update location : Enabled
Automatic Updates frequency : Enabled
Allow Automatic Updates immediate installation : Enabled
All the rest are set to 'not configured'
Best Answer
There are two main settings you'll want to configure:
First, you'll want to enable
No auto-restart with logged on users for schedules automatic updates installations. This setting will ensure that the computer will never automatically restart for update installation if a user is logged on, effectively preventing anyone getting interrupted in the middle of doing work.Second, you need to enable and configure the
Configure Automatic Updatespolicy. You'll need to choose option 4 and set a schedule for when you would like updates to install. If this schedule overlaps with when computers are being used, they'll simply be installed in the background and wait for the user to either manually reboot or log off.The net result of these two settings is that updates always install at the scheduled time. If the computer is idle (no user logged on/present), the reboot is automatic. If there is a user logged on, reboot is delayed until the user either manually reboots, or the next scheduled install period when the computer is idle.
In addition to those two settings, I would also recommend enabling
Re-prompt for restart with scheduled installationsand setting a long timeout. This setting allows you to prevent the recurring "Restart or Postpone" dialog box from coming up repeatedly. In my environment, I have this set to 1440 minutes, or 24 hours. We have a policy for users to restart at the end of their shifts regardless, so this reminder isn't necessary.