New
#1
Windows 10 GPOs NEVER install updates automatically - out of ideas?
All,
First some background. I have a test set up with the 3 Virtual PCs (Hyper-V) running different flavors of Windows 10.(v1607 LTSB, v1709 and now v1809)
Local GP is set on each VM - set as follows:
Computer Config->Admin Templates->WIndows Components->Windows Update->Configure Automatic Updates to Option 4 "Auto Download and Schedule the Install"
Time to kick it off is Everyday @ 6:00am on any week of each month.
My updates come from a local WSUS installed on one of my internal servers - the local GP from each VM has the address of the WSUS server. WSUS is operating correctly.
I use a typical approval routine where each Wednesday (day after Patch Tuesday) - I approve the latest cumulative updates and usually the Adobe flash patches for ONLY my "Virtual PCs" group on WSUS to ensure the . All three VMs are in this WSUS computer group.
I have spent probably a weeks worth of time over the last month trying to figure out why none of these machines will ever "automatically" download and install updates.
I have been over and over the GPOs with a various of forum groups - all have the same settings but no downloads ever occur.
The best I have seen is - after basic approvals are done on Wednesday and I check the VMs on say - Thursday - I see that all three have checked in with WSUS and all three have reported back listing the updates that need to be installed - but none of the VMs actually install anything automatically.
They all just sit there - waiting for me to open the Windows Update setting dialog manually and hit Install Now.
It's almost like these installs are actually using 3 - Auto Download and NOTIFY for install rather than 4 - Auto Download and Schedule the install.
Other settings in the GPOs are set to basically reboot the machine in 15 minutes regardless if anyone is logged in or not. I want these machines to restart no longer than 15 minutes after the updates have been installed.
I have explored the "Active Hours" thing on all three VMs and all three use the typical zone of 8:00am to 5:00pm. I would think that setting the updates to occur at 6:00am each day would allow at least 2 hours to install the updates automatically before we hit the 8:00am Active Hours start time. In other tests - I reduced Active Hours to 1:00pm - 3:00pm and still no updates install even with no one using the VM from 6:00am to 12:59pm. I still have to manually click Install Now.
What am I missing? Appreciate any tips from the field.
B