Ping a Specific Port

Question

hazymat

Asked: 2017-10-24 04:46:25 +0800 CST2017-10-24 04:46:25 +0800 CST 2017-10-24 04:46:25 +0800 CST

Group Policy Configuration of Windows 10 Updates

772

This question is subtly different from other questions I've found on Serverfault about how best to configure Windows Updates by GPO for Win10 machines on an AD Domain.

I'm running Server 2016, domain from scratch (i.e. latest Win10 Admin Templates for GPO), with Windows 10 clients (1703 - creators update).

I'm generally happy with the Windows Updates settings for workstations, aside from the below problem.

Non-administrator users logged onto Win10 PCs are receiving a blue notification on screen "Updates are available", and they are given the option to "View Updates" and nothing else. Users click on this button, it opens Windows Updates settings screen. It says "Updates are ready to install" and there's an "install now" button. Users are able to click this button.

I don't want this to happen, and I don't want users to be interrupted by the intrusive blue bar, which takes focus from the user and forces them to click the "View Updates" button.

I've made the following settings already in Group Policy:

Allow automatic updates immediate installation > enabled
Allow non-administrators to receive update notifications > disabled
Turn off auto-restart during active hours > enabled 8am-5pm

I want to prevent this "View Updates" bar from showing on the screen, as it interrupts non-administrator users. The users on this network should not interact with Windows Update at all, and updates should be seamless.

2 Answers

Voted

SpiderIce · Answer 1 · 2017-10-24T05:14:23+08:00

SpiderIce

2017-10-24T05:14:23+08:002017-10-24T05:14:23+08:00

Allow automatic updates immediate installation > enabled will bypass Allow non-administrators to receive update notifications > disabled if the system is newer then 2008 from what I have read

If you want Automatic updates enabled then you should put Allow non-administrators to receive update notifications > enabled or not configured

Test this on one of the workstations and see if that helps

The second option is this

User Configuration > Policies > Administrative Templates > Windows Components > Windows Update

Remove access to use all Windows Update features > Enabled: 0 - Do not show any notifications

3

MarkoD · Answer 2 · 2022-07-17T10:28:33+08:00

MarkoD

2022-07-17T10:28:33+08:002022-07-17T10:28:33+08:00

You can't block the "Install now" button for regular users and leave it enabled for admins.

The closest I got to solving this was to hide Windows Update in the settings app using the following group policy setting:

Administrative Templates > Control Panel > Settings Page Visibility

You can enable it (for non-administrators) and set the value to hide:windowsupdate. That should hide the whole updates page in the settings, along with the "Install now" button.

0

Group Policy Configuration of Windows 10 Updates

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?