Home / server / Questions / 322682
In Process
swagner88
Asked: 2011-10-19 11:44:48 +0800 CST

Can you change windows update settings via command line?

  • 772

I sent out some servers(running server 2008R2 x64) without checking their windows update settings...fail. By default they are set to automatically download and install. I need them to download but not install. Can this be done through command-line? RDP is not an option.

windows command-line-interface update

5 Answers

  1. Sure. Download, notify for install:

    reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v AUOptions /t REG_DWORD /d 3

    Check out Group Policy Search for reference if you need to modify other parts of the policy directly via the registry - it's a lot more pleasant than digging through ADMX files.

    • 7

  2. If the computers are in a domain, you can configure this setting via Group Policy.

    Otherwise, you can manually configure the relevant Registry value:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\AUOptions
    1. Don't check
    2. Check but don't download
    3. Download but don't install
    4. Download and install
    • 7

  3. If you have this server in a Domain environment you should do this through a Windows Update group policy. If you do using another method you won't be able to revert this changes with a GPO.

    If you are in a non-domain environment you can do the change using the command line. I don't know any tool that let you do this change directly so you will need to do the change modifying the Windows registry.

    From a command line you can change the Windows registry using the command REG ADD.

    The registry settings that you need to change are placed on HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU. Particularly the AUOption value which is responsible for enabling or disabling the Windows Update setting. If the value is:

    0 Let the local administrator to choose the settings

    1 Means never check

    2 Check but don't download neither install

    3 Check, download but don't install

    4 Download and install automatically

    To run the command that you create in the remote computers you can use the Microsoft Sysinternals command line tool PSExec. You should restart the Windows Update Service using Net Stop and Net start.

    So you should use something like this:

    psexec.exe \\@Servers.txt net stop "Automatic Updates"
psexec.exe \\@Servers.txt REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v AUOptions /t REG_DWORD /d 00000004
psexec.exe \\@Servers.txt net start "Automatic Updates"

    You can also force a Windows Update check using

    psexec.exe \\@Servers.txt WUAUCLT /DETECTNOW

    Where Servers.txt is a simple notepad file with a IP or a server name for each line. If you don't want to use Psexec you can also run the REG command remotely. For REG or Psexec you will need to have enable the Firewall exeption File and printer sharing and should run the commands with an user account with administrative privileges on the remote servers. See https://stackoverflow.com/q/828432 for more info other Access is denied issues when using Psexec.

    • 4

  4. I am a little surprised no one offered the kb: http://support.microsoft.com/kb/328010

    • 1

  5. figured it out:

    reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v AUOptions /t REG_DWORD /d 3 /f

    Reference:

    Disable automatic updates from command line

    • 0