Windows 10 GPOs NEVER install updates automatically - out of ideas?

  1. Posts : 128
    Windows 10 Pro

    Windows 10 GPOs NEVER install updates automatically - out of ideas?


    First some background. I have a test set up with the 3 Virtual PCs (Hyper-V) running different flavors of Windows 10.(v1607 LTSB, v1709 and now v1809)

    Local GP is set on each VM - set as follows:

    Computer Config->Admin Templates->WIndows Components->Windows Update->Configure Automatic Updates to Option 4 "Auto Download and Schedule the Install"

    Time to kick it off is Everyday @ 6:00am on any week of each month.
    My updates come from a local WSUS installed on one of my internal servers - the local GP from each VM has the address of the WSUS server. WSUS is operating correctly.

    I use a typical approval routine where each Wednesday (day after Patch Tuesday) - I approve the latest cumulative updates and usually the Adobe flash patches for ONLY my "Virtual PCs" group on WSUS to ensure the . All three VMs are in this WSUS computer group.

    I have spent probably a weeks worth of time over the last month trying to figure out why none of these machines will ever "automatically" download and install updates.

    I have been over and over the GPOs with a various of forum groups - all have the same settings but no downloads ever occur.

    The best I have seen is - after basic approvals are done on Wednesday and I check the VMs on say - Thursday - I see that all three have checked in with WSUS and all three have reported back listing the updates that need to be installed - but none of the VMs actually install anything automatically.

    They all just sit there - waiting for me to open the Windows Update setting dialog manually and hit Install Now.

    It's almost like these installs are actually using 3 - Auto Download and NOTIFY for install rather than 4 - Auto Download and Schedule the install.

    Other settings in the GPOs are set to basically reboot the machine in 15 minutes regardless if anyone is logged in or not. I want these machines to restart no longer than 15 minutes after the updates have been installed.

    I have explored the "Active Hours" thing on all three VMs and all three use the typical zone of 8:00am to 5:00pm. I would think that setting the updates to occur at 6:00am each day would allow at least 2 hours to install the updates automatically before we hit the 8:00am Active Hours start time. In other tests - I reduced Active Hours to 1:00pm - 3:00pm and still no updates install even with no one using the VM from 6:00am to 12:59pm. I still have to manually click Install Now.

    What am I missing? Appreciate any tips from the field.

      My Computer

  2. Posts : 43,223
    Win 10 Pro (22H2) (2nd PC is 22H2)

    Hi, forgive the elementary question, but presumably nothing here is set so it could interfere?
    Windows 10 GPOs NEVER install updates automatically - out of ideas?-1.jpg

    and presumably this has been considered from that GP option 4:
    Windows 10 GPOs NEVER install updates automatically - out of ideas?-2.jpg
      My Computers

  3. Posts : 128
    Windows 10 Pro
    Thread Starter

    No use of "Auto Maintenance" here

    However - the Advanced Options area has Choose How updates are installed and Pause Updates (nothing set there to interfere) but I do not have the entire middle section (Choose When Updates are installed). There is no sign of the Branch Readiness level controls or anything else.

    Clearly my GP on these VMs is so messed up that the UI is effected.

    NOTE: A month or two ago I did play around with Deferrals within the local group policy editor - but currently on all three VMs - these policies are all set to Not Configured. But I still see nothing to do with "Choose when updates are Installed" in My Settings->Windows Update->Advanced area.

    It is completely gone.

      My Computer

  4. Posts : 43,223
    Win 10 Pro (22H2) (2nd PC is 22H2)

    Perhaps that's missing 'cos I have Pro and you have LTSB?

    So what is Windows 10 LTSB?

    Officially, LTSB is a specialized edition of Windows 10 Enterprise that promises the longest intervals between feature upgrades of any version of the operating system.

    Where other Windows 10 servicing models push feature upgrades to customers every six months, LTSB does so only every two or three years. That means fewer changes during a set timeline, a less-involved upgrade effort, and fewer disruptions as well as fewer possibilities for applications breaking because of a modification of the OS.
    1. Windows 10 LTSB does receive the usual monthly security updates.
    2. The twice-annual feature upgrades delivered to other channels will not be offered to LTSB systems.
    3. Microsoft upgrades the LTSB "build" every two to three years. Those upgrades, however, are optional, or at least optional to some degree (more on that later).
      My Computers

  5. Posts : 128
    Windows 10 Pro
    Thread Starter

    dalchina said:
    Perhaps that's missing 'cos I have Pro and you have LTSB?
    I have a mix. But I am not talking about Feature updates.

    I am talking about normal Patch Tuesday updates.

    None of my Windows 10 VMs - whether ENT 1709 or 2016 LTSB or the latest feature release (v1809 ENT) will automatically install anything.

      My Computer

  6. Posts : 43,223
    Win 10 Pro (22H2) (2nd PC is 22H2)

    I understand that. I was merely suggesting an explanation for the section you noted as not present.

    Sorry, no more ideas.. hopefully someone else can suggest sthg.
      My Computers


  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 13:30.
Find Us

Windows 10 Forums