The Group Policy settings for software updates were not applied

Applies To: Windows Small Business Server 2011 Standard

Problem   The Group Policy settings for software updates were not applied.

Features affected   The Software Update policy setting is not configured correctly. As a result, the software update settings for client computers and for servers are not correct, and Critical and Security updates are not applied as intended.

Solution   To resolve this issue, you must manually configure the Group Policy objects (GPOs) for software updates.

To configure the Group Policy objects for software updates

1. Click Start, click Administrative Tools, and then click Group Policy Management.

2. In the User Account Control window, click Continue.

3. Expand Forest:<DomainName>, expand Domains, and then expand <DomainName>, where <DomainName> is the name of your domain.

4. Right-click Group Policy Objects, and then click New to create the following Group Policy objects:

   • Update Services Client Computers Policy

   • Update Services Common Settings Policy

   • Update Services Server Computers Policy

   Note

   If the Group Policy object already exists, verify the settings in it.

5. Configure the settings for Update Services Client Computers Policy as follows:

   Note

   If you receive a warning from Internet Explorer, click Close.

   1. Click Update Services Client Computers Policy, and then, in the details pane, click the Settings tab.

   2. Right-click Computer Configuration, and then click Edit. This starts the Group Policy Management Editor.

   3. In the Group Policy Management Editor, expand Computer Configuration, expand Policies, expand Administrative Templates, expand Windows Components, and then click Windows Update.

   4. Right-click Configure Automatic Updates, and then click Properties.

   5. On the Settings tab, click Enabled. In Configure automatic updating, select 4 – Auto download and schedule the install, click OK, and then close the Group Policy Management Editor.

6. Configure the settings for Update Services Common Settings Policy as follows:

   Note

   If you receive a warning from Internet Explorer, click Close.

   1. Click Update Services Common Settings Policy, and then, in the details pane, click the Settings tab.

   2. Right-click Computer Configuration, and then click Edit. This starts the Group Policy Management Editor.

   3. In the Group Policy Management Editor, expand Computer Configuration, expand Policies, expand Administrative Templates, expand Windows Components, and then click Windows Update.

   4. Enable the following Group Policy settings: Allow Automatic Updates immediate installation, Allow non-administrators to receive update notifications, Automatic detection frequency (set to check for updates every hour), Delay Restart for scheduled installations (set the waiting period to 5 minutes), Configure Automatic Updates (set to 2—Notify for download and notify for installation), Re-prompt for restart with scheduled installations (set the waiting period to 10 minutes), Reschedule Automatic Updates scheduled installations (set the waiting period to 1 minute), Specify intranet Microsoft update service location (set both the intranet update service for detecting updates and the intranet statistic server locations to https://<ServerName>:8530).

   5. Disable the following Group Policy setting: No auto-restart with logged on users for scheduled automatic updates installations.

7. Configure the settings for Update Services Server Computers Policy as follows:

   Note

   If you receive a warning from Internet Explorer, click Close.

   1. Click Update Services Server Computers Policy, and then, in the details pane, click the Settings tab.

   2. Right-click Computer Configuration, and then click Edit. This starts the Group Policy Management Editor.

   3. In the Group Policy Management Editor, expand Computer Configuration, expand Policies, expand Administrative Templates, expand Windows Components, and then click Windows Update.

   4. Right-click Configure Automatic Updates, and then click Properties.

   5. On the Settings tab, click Enabled. In Configure automatic updating, select 3 – Auto download and notify for install, click OK, and then close the Group Policy Management Editor.

8. Link the three Group Policy objects that you created to the domain as follows:

   1. In the Group Policy Management Console, right-click <DomainName>, and then click Link an Existing GPO.

   2. Select Update Services Client Computers Policy, Update Services Common Settings Policy, and Update Services Server Computers Policy.

   3. Click OK.