11

On a freshly-installed, non-domain-joined Windows Server 2019 (with desktop experience) VM, the ability to change Windows Update installation settings seems to have vanished, with the "Some settings are managed by your organization" message:

Windows Update settings showing settings disabled

Viewing the configured update policies shows two set on the device, both with a type of Group Policy:

  • Download the updates automatically and notify when they are ready to be installed
  • Set automatic update options

However, running rsop and gpresult both (as expected) show no group policy objects applied. (It's a standalone system, so no domain policy applies.)

Is this expected?

Amazon also acknowledge this for their 2019 EC2 images, but it seems odd that using gpedit.msc is the only mechanism for enabling automatic update installation.

Uwe Keim
  • 2,490
rmc47
  • 483

2 Answers2

5

Popping this in an answer, as our workaround at least: we found the EC2 Server 2019 image had automatic update options set in the registry under HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU.

You can probably just clear these out if you want to set them in the UI, but we overwrote them to force updates into automatic installation, with values:

  • AUOptions = 4
  • NoAutoUpdate = 0
  • ScheduledInstallTime =
  • ScheduledInstallDay = 0
  • ScheduledInstallEveryWeek = 1
rmc47
  • 483
-1

Option 1: use sconfig

  1. Open a CMD PROMPT as an Administrator
  2. Type SCONFIG and press ENTER
  3. Type 5 and press ENTER
  4. Type M for Manual (or D for Download Only) and press ENTER

If SCONFIG is not available or still shows WINDOWS UPDATES are set to CUSTOM, go to the next method:

Option 2: use LOCAL SECURITY POLICY or GROUP POLICY

  1. Click START and type GPEDIT.MSC and press ENTER (or open the GROUP POLICY MANAGEMENT CONSOLE and open an existing GPO or start a new one)
  2. Expand COMPUTER CONFIGURATION > ADMINISTRATIVE TOOLS > WINDOWS COMPONENTS > WINDOWS UPDATE
  3. Double click on CONFIGURE AUTOMATIC UPDATES
  4. Select either DISABLED (equivalent to MANUAL) or ENABLED and select what you would like from the drop down list
Gianpiero
  • 99