How to Create Custom Update Settings for Client and Server Computers in Essentials
Applies To: System Center Essentials 2010
System Center Essentials 2010 uses Group Policy to configure the Windows Update agent to receive updates from the Essentials management server. These settings apply to all computers managed by Essentials unless you create a new Group Policy object (GPO) to customize the update settings. This section provides use case examples, information about the default Windows Update agent settings, and instructions on creating a GPO with customized Windows Update settings to apply to a specific group of computers.
Example 1: You might want your managed clients to automatically download and install approved updates (the default Essentials 2010 policy), and you might want your managed servers to download the approved updates and then notify the administrator using a custom policy.
Example2: You might want to specify one time of day for a group of Hyper-V host servers to receive updates and a different time of day for a group of domain controllers to receive updates.
Note
The Product Configuration Wizard detects any custom Group Policy objects and displays warnings about conflicting policies. You can safely ignore warnings about conflicting policies because you created the custom policies according to the appropriate guidance.
Default Windows Update Agent Settings in Essentials 2010
The default Windows Update settings used by Essentials are shown in the following table.
Windows Update Setting | Default Value |
---|---|
Configure automatic updates |
Enabled |
|
|
|
|
|
|
Specify intranet Microsoft Update service location |
Enabled |
|
|
|
|
Allow signed content from intranet Microsoft Update service locations |
Enabled |
No auto-restart for scheduled Automatic Updates installations |
Enabled |
To customize Windows Update settings using a Group Policy object
Create an Active Directory Group Policy object (GPO) in the same domain as the computers to which you want to apply customized settings. For more information, see Create a Group Policy Object (https://go.microsoft.com/fwlink/?LinkId=161344).
Change the security filtering of the GPO from Authenticated Users to the SCE Managed Computers <management group name> security group. For more information, see Assign Security Group Filters to the GPO (https://go.microsoft.com/fwlink/?LinkId=161346).
Link the Group Policy object to the organization units (OU) containing the computers to which you want to apply the customized Windows Update Agent settings. For more information, see Link the GPO to the Domain (https://go.microsoft.com/fwlink/?LinkId=161347).
Edit the Windows Update Agent settings in the GPO.
After the Group Policy object refresh interval has elapsed (every 90 minutes by default, with a random offset of 0 to 30 minutes), the computers with customized Windows Update Agent settings will be configured.
If you want to revert back to the original Windows Update settings configured by Essentials 2010, you can delete the customized GPO you created in step 1.
If you uninstall Essentials 2010, be sure to delete any customized GPOs you have created.
Supported Customizations to Windows Update Agent Settings in Essentials 2010
The supported customizations to Windows Update settings used by Essentials 2010 are shown in the following table. For more information, see Configure Automatic Updates by Using Group Policy (https://go.microsoft.com/fwlink/?LinkId=161349).
Windows Update Setting | Supported Customizable Value |
---|---|
Configure Automatic Updates |
Yes |
|
|
|
|
|
|
Specify intranet Microsoft Update Service location |
No |
|
|
|
|
Allow signed content from intranet Microsoft Update service locations |
No |
Enable client-side targeting |
No |
Reschedule Automatic Update scheduled installation |
Yes |
No auto-restart for scheduled Automatic Updates installations |
Yes |
Automatic Update detection frequency |
Must be less than 24 hours |
Allow Automatic Update Immediate Installation |
Yes |
Delay Restart for Scheduled Installations |
Yes |
Re-prompt for Restart with Scheduled Installations |
Yes |
Allow non-Administrators to Receive Update Notifications |
Yes |
Remove Links and Access to Windows Update |
Yes |
See Also
Other Resources
Configuring Update Management in Essentials
Managing Updates in Essentials