Configure Automatic Updates in a Non–Active Directory Environment
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server Update Services
In a non-Active Directory environment, you can configure Automatic Updates by using any of the following methods:
Using Group Policy Object Editor and editing the Local Group Policy object
Editing the registry directly by using the registry editor (Regedit.exe)
Centrally deploying these registry entries by using System Policy in Windows NT 4.0 style
WSUS Environment Options
The registry entries for the WSUS environment options are located in the following subkey:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate
The keys and their value ranges are listed in the following table.
Windows Update Agent Environment Options Registry Keys
| Entry Name | Values | Data Type |
|---|---|---|
ElevateNonAdmins |
Range = 1|0 1 = Users in the Users security group are allowed to approve or disapprove updates. 0 = Only users in the Administrators user group can approve or disapprove updates. |
Reg_DWORD |
TargetGroup |
Name of the computer group to which the computer belongs, used to implement client-side targeting—for example, "TestServers." This policy is paired with TargetGroupEnabled. |
Reg_String |
TargetGroupEnabled |
Range = 1|0 1 = Use client-side targeting. 0 = Do not use client-side targeting. This policy is paired with TargetGroup. |
Reg_DWORD |
WUServer |
HTTP(S) URL of the WSUS server used by Automatic Updates and (by default) API callers. This policy is paired with WUStatusServer; both must be set to the same value in order for them to be valid. |
Reg_String |
WUStatusServer |
The HTTP(S) URL of the server to which reporting information will be sent for client computers that use the WSUS server configured by the WUServer key. This policy is paired with WUServer; both must be set to the same value in order for them to be valid. |
Reg_String |
Automatic Update Configuration Options
The registry entries for the Automatic Update configuration options are located in the following subkey:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
The keys and their value ranges are listed in the following table.
Automatic Updates Configuration Registry Keys
| Entry Name | Value Range and Meanings | Data Type |
|---|---|---|
AUOptions |
Range = 2|3|4|5 2 = Notify before download. 3 = Automatically download and notify of installation. 4 = Automatic download and scheduled installation. (Only valid if values exist for ScheduledInstallDay and ScheduledInstallTime.) 5 = Automatic Updates is required, but end users can configure it. |
Reg_DWORD |
AutoInstallMinorUpdates |
Range = 0|1 0 = Treat minor updates like other updates. 1 = Silently install minor updates. |
Reg_DWORD |
DetectionFrequency |
Range=n; where n=time in hours (1-22). Time between detection cycles. |
Reg_DWORD |
DetectionFrequencyEnabled |
Range = 0|1 1 = Enable DetectionFrequency. 0 = Disable custom DetectionFrequency (use default value of 22 hours). |
Reg_DWORD |
NoAutoRebootWithLoggedOnUsers |
Range = 0|1; 1 = Logged-on user gets to choose whether or not to restart his or her computer. 0 = Automatic Updates notifies user that the computer will restart in 5 minutes. |
Reg_DWORD |
NoAutoUpdate |
Range = 0|1 0 = Enable Automatic Updates. 1 = Disable Automatic Updates. |
Reg_DWORD |
RebootRelaunchTimeout |
Range=n; where n=time in minutes (1-1440). Time between prompting again for a scheduled restart. |
Reg_DWORD |
RebootRelaunchTimeoutEnabled |
Range = 0|1 1 = Enable RebootRelaunchTimeout. 0 = Disable custom RebootRelaunchTimeout(use default value of 10 minutes). |
Reg_DWORD |
RebootWarningTimeout |
Range=n; where n=time in minutes (1-30). Length, in minutes, of the restart warning countdown after installing updates with a deadline or scheduled updates. |
Reg_DWORD |
RebootWarningTimeoutEnabled |
Range = 0|1 1 = Enable RebootWarningTimeout. 0 = Disable custom RebootWarningTimeout (use default value of 5 minutes). |
Reg_DWORD |
RescheduleWaitTime |
Range=n; where n=time in minutes (1-60). Time, in minutes, that Automatic Updates should wait at startup before applying updates from a missed scheduled installation time. Note that this policy applies only to scheduled installations, not deadlines. Updates whose deadlines have expired should always be installed as soon as possible. |
Reg_DWORD |
RescheduleWaitTimeEnabled |
Range = 0|1 1 = Enable RescheduleWaitTime 0 = Disable RescheduleWaitTime(attempt the missed installation during the next scheduled installation time). |
Reg_DWORD |
ScheduledInstallDay |
Range = 0|1|2|3|4|5|6|7 0 = Every day. 1 through 7 = The days of the week from Sunday (1) to Saturday (7). (Only valid if AUOptions equals 4.) |
Reg_DWORD |
ScheduledInstallTime |
Range = n; where n = the time of day in 24-hour format (0-23). |
Reg_DWORD |
UseWUServer |
The WUServer value is not respected unless this key is set. |
Reg_DWORD |