I've got some kiosk computers that are on a domain and permanently logged in, and receive updates for FEP through WSUS. This works great, except that occasionally, I get this dialog appearing in the bottom right hand corner:
I thought that by setting the No auto-restart with logged on users for scheduled automatic updates installations
GPO to 'enabled', these wouldn't appear, but it seems like they still show up. Here's a screenshot of the Windows Update GPO I'm applying:
What am I missing? How do I turn these notifications off?
I think you'll need to use the user portion of Group Policy - same path, Admin Templates, Windows Components, Windows Update and use Remove Access to use all Windows Update features set to Enabled, and with the setting 'Configure Notifications' set to 0.
If you want WU's to apply, you'll obviously need it set to the (machine side of GP) option that says automatically download & schedule the installation as the user will not be able to interact with WU in any way.
Computer Configuration > Admin Templates > Windows Components > Windows Update
Enable two options:
Enable the first parameter to block automatic restarts after update installations, and set the second to a high enough period to receive the reboot prompt less often (1440 mins = 24H).
Found no more elegant solution :(
FEP doesn't need "Configure automatic updating" to be set to "...install". As long as the update is set to regularly check for updates (not even download), FEP will go in and install the signatures updates itself as soon as the machine knows there's an update available.