Problem You want to configure your Windows XP computers to automatically download updates from Windows Update without administrator or user intervention. Solution Using a graphical user interface From the Start menu, right-click on My Computer and select Properties. On the Automatic Updates tab, you can select how the updating should work. You can select to download recommended updates for the system automatically and install them at the specified time, to only download updates and then prompt you for installation, to only notify you of the availability of updates and leave it to you to download and apply them, or to turn off Automatic Updates entirely. Using Group Policy These Group Policy settings for configuring Automatic Updates can be found under Computer Configuration  Windows Settings.
Configure Automatic Updates -
This option specifies whether this computer will receive security updates and critical bug fixes. The first option has the currently logged on user notified before downloading updates, and notified again before installing the downloaded updates. The second option has updates automatically downloaded, but not installed until a logged on user acknowledges their presence and authorizes the installation. The third option has updates automatically downloaded and installed on a schedule that you can set in the appropriate boxes on the sheet. If you configure clients to download and install updates, it only schedules them to download at the time you specify. The updates don't actually get installed until the next day at the time when the workstation normally checks for new patches.
Reschedule Automatic Updates scheduled installations -
This option specifies the amount of time to wait after booting before continuing with a scheduled installation that was missed previously. If the status is set to Enabled, a missed scheduled installation will occur the specified number of minutes after the computer is next started. If the status is set to Disabled or Not Configured, a missed scheduled installation will simply roll over to the next scheduled installation.
No auto-restart for scheduled Automatic Updates installations -
This option designates whether a client computer should automatically reboot when an update that is just installed requires a system restart. If the status is set to Enabled, Automatic Updates will not restart a computer automatically during a scheduled installation if a user is logged in to the computer, instead notifying the user to restart the computer to complete the installation. If the status is set to Disabled or Not Configured, Automatic Updates will notify the user that the computer will automatically restart in five minutes to complete the installation.
Using the Registry The following Registry changes can be made to configure Automatic Updates.
To enable or disable Automatic Updates -
Create the value NoAutoUpdate in the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU key. The value is a DWORD with possible values 0 (enabled) or 1 (disabled).
To configure the update download and notification behavior -
Create the value AUOptions in the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU key. The value is a DWORD that includes integers 2 (notify of download and notify before installation), 3 (automatically download but notify before installation), and 4 (automatically download and schedule the installation).
To schedule an automated installation -
Create the values ScheduledInstallDay and ScheduledInstallTime in the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU key. The value for each is a DWORD. For ScheduledInstallDay, the range is from 0 to 7, with 0 indicating every day and 1 through 7 indicating the days of the week, Sunday through Saturday, respectively. For ScheduledInstallTime, the range is from 0 to 23, signifying the hour of the day in military time.
To specify how long to wait before completing a missed installation -
Create the value RescheduleWaitTime in the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU key. The value is a DWORD that ranges from 1 to 60, measured in minutes.
To specify whether to restart a scheduled installation with a currently logged in nonadministrative user -
Create the NoAutoRebootWithLoggedOnUsers value in the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU key. The value is a DWORD that can be zero, which indicates that a reboot will indeed take place, or one, which indicates the reboot will be postponed while a user is logged on.
Use the following .REG file to automate Registry changes. Below is a sample file that you can modify according to the settings mentioned previously: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate] "WUServer"="http://YOUR-SUS-SERVER" "WUStatusServer"="http://YOUR-SUS-SERVER" [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU] "RescheduleWaitTime"=dword:00000003 "NoAutoRebootWithLoggedOnUsers"=dword:00000000 "NoAutoUpdate"=dword:00000000 "AUOptions"=dword:00000004 "ScheduledInstallDay"=dword:00000000 "ScheduledInstallTime"=dword:00000006 "UseWUServer"=dword:00000001
Discussion The Group Policy and Registry settings also work if you have a Software Update Services server running on your network. See Also MS KB 294871, "Description of the Automatic Updates feature in Windows," and MS KB 328010, "How to configure automatic updates by using Group Policy or Registry settings" |
