Configuring automatic updates

  • Article

Applies To: Forefront Client Security

Before your client computers can download updates from your distribution server, they must be configured so that Automatic Updates on the client computer points to the WSUS server. To make this configuration, you can use Group Policy.

Important

In addition to your standard client computers, you must configure Automatic Updates on your management server so that it points to the WSUS server. If you do not do this, reports do not display correctly.

When you configure the Group Policy settings for WSUS, you should use a Group Policy object (GPO) linked to an Active Directory® directory service container appropriate for your environment.

After you set up a client computer, it will take a few minutes before its name appears on the Computers page in the WSUS console. For client computers configured with a GPO based in Active Directory, it will take about 20 minutes after Group Policy refreshes (that is, after it applies any new settings to the client computer). By default, Group Policy refreshes in the background every 90 minutes, with a random offset of 0–30 minutes.

Note

If you want to refresh Group Policy sooner, you can go to a command prompt on the client computer and type the following:
gpupdate /force

If you want the client computer to immediately synchronize with your WSUS server, go to a command prompt on the client computer and type the following:
wuauclt.exe /detectnow

For more information about configuring Automatic Updates, see Configure clients using Group Policy (https://go.microsoft.com/fwlink/?LinkID=85860).

Configure Automatic Updates

You must specify that Automatic Updates download updates from the WSUS server rather than from Windows Update or Microsoft Update.

To configure Automatic Updates

  1. In the Group Policy Object Editor dialog box, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update.

  2. In the Setting list, double-click Configure Automatic Updates.

  3. In the Configure Automatic Updates dialog box, click Enabled, and then click OK.

  4. In the Setting list, double-click Specify intranet Microsoft update service location.

  5. In the Specify intranet Microsoft update service location dialog box, click Enabled, enter the client configuration URL in both the Set the intranet update service box and the Set the intranet statistics server box. For example, type https://servername in both boxes, and then click OK.

    Important

    If the port is not 80 for HTTP or 443 for HTTPS, you should add the port number as follows: https://servername:portnumber

  6. In the Setting list, double-click Allow Automatic Updates immediate installation.

  7. In the Allow Automatic Updates immediate installation Properties dialog box, click Enabled, and then click OK.