When you configure update policies, we recommend you to get acquainted with all the settings that are available in each option of Windows Update section, and set the parameters suitable for your infrastructure and organization.We assume that in contrast to the server policy, updates to the client workstations are installed automatically at night after receiving the updates.In one of the previous articles we have described the installation of a WSUS server on Windows Server 2012 in detail.

updating group policy in windows 2016-48

In this article we will consider how to configure clients of the WSUS server using Active Directory GPO (Group Policies).

AD Group Policies allow the administrator to automatically assign computers to different WSUS groups, saving him the trouble of manually moving the computers between groups in the WSUS console and support these groups up-to-date.

Assigning clients to different target WSUS groups is based on labels on the client itself (labels are set by a GPO or a direct registry modification).

This kind of client association to the WSUS groups is called client side targeting.

First of all, you have to specify the rule of grouping the computers in the WSUS console (targeting).

By default, the computers in the WSUS console are distributed into groups manually by the server administrator (server-side targeting).

Besides, we want to disable the automatic installation of updates on the servers when they are received.

A WSUS client should just download the available updates, display the corresponding notification in the system tray and wait for administrator approval to begin the installation.

I'm generally happy with the Windows Updates settings for workstations, aside from the below problem.

Non-administrator users logged onto Win10 PCs are receiving a blue notification on screen "Updates are available", and they are given the option to "View Updates" and nothing else.

The downloaded updates are saved to C:\Windows\Software Distribution\Download.