With the development of the Internet, constant updating operating system has become a real phenomenon. Now developers can correct and improve the system using this term and support. All parts of updating Windows 10 are not always easy. It’s best to turn them off.

Cause automatic update

The reasons may vary, depending on how much you need to enable the update. In this case, it is important to correct the system's problems by reducing these and other possibilities. And yet the situations, if you turn on the independent updates of the system, often arise:

• paid Internet - the time for updating is even greater and its expansion can be expensive, since you pay for traffic. Such a person is more likely to have a fascination and fascination later for other minds;
• It’s time to come - after the start, the updates will begin to install in the process of turning on the computer. This can be done manually if you need to quickly complete your work, for example, a laptop. It’s even worse here that it’s too early to restart the computer in Windows 10, but if you don’t do anything, then after an hour the restart will go smoothly. Everything is appreciated and respected;
• safety - although updates themselves often replace important system corrections, no one or no one can transfer everything. As a result, some updates can open your system to a virus attack, while others simply destroy your system immediately after installation. The smart approach to this situation is to check in about an hour after the release of the final version, having previously turned on the keys.

How to automatically update Windows 10

There are a lot of ways to update Windows 10. Some of them are very simple for the user, others are complex, and others require the installation of third-party programs.

Vimknennya through the renovation center

Vikoristannya to the center of renewal for Vimknennya - not shorter option, which we would like to promote as an official decision from Microsoft. You can effectively plug it in automatically attracted update through their adjustment. The problem here is that the decision will be so urgent otherwise. The release of the great update of Windows 10 will change the process of adjusting and updating the system. All in all, the connection process is flexible:

After these changes, minor updates will no longer be installed. Alas, the decision will not help you to achieve the goal of renewal in the future.

In this article I will tell you about the registry keys associated with Windows updates ( Windows Update). I'll show you various options that can be used to remove registry keys.

If you missed another part of this article, then please read it

If you want to update Windows (Windows Update) and WSUS, it's easy to configure, but you can take more granular control over how to make changes to the Windows registry. In this article, I will show you some registry keys associated with Windows Update. I'll show you various options that can be used to remove registry keys.

For the cob

First of all, I will make the lawyers happy and advance that making changes to the register may not be safe. Entering incorrect registry settings can result in Windows being damaged in one way or another. launched add-ons by car. Before you try to make changes to the registry, you need to do it again backup copy I'm ready to show you how to fight.

One more speech, about what I hope to inform you about. Fine tuning, as I want to tell you about, only computers that work under keruvannyam Windows XP. You can make changes to the singing machines directly, or they can be included as part of the login script. Also, the actions of the keys that I know about may not be responsible for the promotion. If you want to change a key that doesn’t exist, then you have to create it right away. You should also be aware that the behavior of Windows updates can be influenced by the additional group policy. Group policies can sometimes modify registry keys in such a way that they achieve the behavior they specify.

Advancement of privileges

One of the problems with denying updates from the WSUS server is that users cannot confirm or confirm updates unless they are members of the local administrators group. However, you can modify the registry to promote privileged users in such a way that they are unlikely to be able to make changes or be aware of making changes regardless of whether they are members of the local administrators group (local administrator) no. On the other hand, you can also prevent users from installing updates and deny this right to the administrator (Admin).

Registry key that represents this: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ElevateNonAdmins

The ElevateNonAdmins key has two possible meanings. Values ​​higher than 1 allow users, not administrators, to install updates. If you change the value to 0, administrators will not be able to install updates.

Target Groups

One of the great things about WSUS is that it allows client side targeting. The idea behind the client side positioning is that you can define different computer groups and distribute installation rights based on group membership. The client side does not need to be victorious, but if you want to vikoryst, there are two registry keys that will help you do this. The first of these keys includes client side targeting, and the second indicates the name of the group to which the computer is located. Offenses to these keys were created in: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\

The first key is a DWORD key called TargetGroupEnabled. You can give this key a value of 0, thereby enabling client side targeting, or 1, which enables client side targeting.

The other key you need to create may be called TargetGroup and has similar meanings. The values ​​of this key are the name of the group to which the computer is assigned.

Installing a WSUS server

If you have been trained to work with a fence, you probably know that the design of a fence tends to change over time. Such speeches, as growing companies, can now ensure security and corporate relationships often form the basis for changing boundaries. How does it work to update Windows? WSUS is scalable and can be installed in a hierarchical manner. This means that there may be some confusion in the organization server installations WSUS. If PCs move to another part of the company, the WSUS server that is initially used for that computer may no longer be suitable for the new location. Fortunately, a few simple registry modifications can help you change the WSUS server on which PC accepts the update.

There are two keys that are required to assign the WSUS server. These can be changed to: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\. The first key is called WUServer. For which key you need to specify textual meaning, which describes the WSUS server URL (for example: http://servername).

The other key you can change is the key called WUStatusServer. The idea of ​​this key is that the computer (PC) must report its status to the WSUS server in such a way that the WSUS server can know what changes have been installed on the computer. The WUStatusServer key must have the same values ​​as the WUServer key (for example: http://servername).

Automatic Update Agent

Well, I’m talking about how to connect a computer (PC) to a WSUS server or to a target group, but that’s only half the process. Windows Update uses the update agent that actually installs the update. A number of registry keys that are stored in HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU and control the automatic update agent.

The first of these keys is the AUOptions key. This DWORD parameter can be assigned a value of 2, 3, 4 or 5. A value of 2 means that the agent is required to notify the customer when an update is requested. Value 3 means that the update will be downloaded automatically, and users will be notified about the installation. Value 4 means that the update will be automatically downloaded and installed according to plan. In order for this option to work, you must also set values ​​for the ScheduledInstallDay and ScheduledInstallTime keys. I will tell you about these keys later. If you find, a value of 5 means that automatic updating is required, otherwise it may need to be adjusted by terminal controllers.

The next key I want to talk about is the AutoInstallMinorUpdates key. This key can take values ​​0 or 1. If the key value is 0, then minor updates are processed as well as other updates. If the key value is 1, then minor updates are silently installed in the background.

Another key that is used by the Automatic Update Agent is the DetectionFrequency key. This key allows you to set tasks, as the agent is often forced to scramble for updates. The key value can be a number ranging from 1 to 22, which represents the number of years between tests for updates.

The registry key associated with this is the DetectionFrequencyEnabled key. As the name suggests, this key allows you to enable or disable the Detection Frequency function. If you set the value of the key to 0, then the value of the DetectionFrequency key is ignored, and if you set the value of the key to 1, then the agent is guilty of violating the value of the DetectionFrequency key.

The next key that I want to know about is the NoAutoUpdate key. If the value of this key is 0, automatic updating is enabled. If the key value is equal to 1, automatic updating is enabled.

The last registry key I want to talk about is the NoAutoRebootWithLoggedOnUsers key. As you probably know, renovation activities cannot take place without re-engineering the system. If a koristuvach works for this hour, then re-engagement may be even worse. This is especially true if the employee left his work place and did not save his job. In this case, the NoAutoRebootWithLoggedOnUsers key will help. The value of this key can be 0 or 1. If the value of the key is equal to 0, users will remove 5 advances before, as the system will automatically restart. If the value of the key is equal to 1, then the users simply remove the notification that asks for permission to re-enroll, otherwise the users can submit it to the authorities.

Visnovok

There are a lot more registry keys available when Windows is updated. I will find out about them from another part of this article.

www.windowsnetworking.com

Readers Comments

Exchange 2007

Automatic updates are an important functional feature of any operating system. Every now and then, her computer constantly receives important updates to keep the system stable and secure. In Windows 7, the function is activated initially. This means that by communicating with Microsoft servers, the update service checks for the availability of new packages, downloads them, and installs them. Let all processes proceed practically unnoticed for the correspondent, but if constant propositions arise, they will be upgraded to tens, which is already too much.

Theoretically, vimikati automatically zavantazhennya update not varto. It is beautiful because it closes gaps in security, optimizes the OS, and adds new capabilities to it (even “tens”). There are also a number of drives for which you need to enable the auto-update service:

1. It’s not appropriate for Koristuvache that during the update hour the Internet speed drops and/or it’s impossible to turn on the PC for a long time.
2. On the computer there is an expensive or limited dartless Internet.
3. Problems after launching the updated OS.
4. Problems with the installation of update packages.
5. On the system volume there is not enough space to increase the burden of Windows 7, which grows with the skin update.

Vidi

Still, before you enable Windows 7 updates, think about what is really needed. After deactivating the service, you can switch to these modes of operation.

1. Completely automatic - operations take place without being handed over to the operator, and the rest is notified of the completion of installation of packages.
2. Look for the desire for fresh corrections behind the layout, and the installation of packages is carried out by the client.
3. Automatic verification with the correspondent's notifications about the availability of the update.
4. Self-renewal vimkneno. Everything works in manual mode.

The parameters are selected from the “Update Center” component.

Connection methods

Setting up whatever Windows are saved in our registry. You can gain access to the key, which indicates that the update center has been tuned in, with just a few clicks and a pair of folding pins. Let's take a look at their mustache.

Changing parameters Center update

The bottom line is that we are adjusting the work of service for ourselves. To access the configuration interface, you need to open the “Update Center” in one of the following ways.

System

1. Through context not menu My computer is called "Vlastivosti".

1. To the left vertical menu Click on the confirmation message displayed at the bottom of the window.

1. Go to “Control Panel”.
2. We open the “System, Security” section.

1. We click on a one-name element.

Since the elements of the caravan panel are displayed in the form of icons, and not by category, the message sent to the element is displayed already in the main window.

1. Now, after you need it, you can click on “Adjust settings”.

1. Move to the “Important updates” section and select the appropriate option from the list.

You will be able to uninstall updates on your computer running Windows 7 to help with the lack of service.

Enable the service

When managing services at “Simtsa” you need help from:

• direct editing of registry keys, which is almost impossible to do manually;
• third-party programs for customizing the OS (this option is skipped);
• MMC console snap-ins;
• system configuration;
• command row;
• group policy editor (for Windows 7 Ultimate, Enterprise).

View the service with autostart

The update is most likely done through the system configurator.

1. You can open “msconfig” in the command interpreter window, which opens after pressing the Win + R key or clicking the “Vicon” button at Start.

1. Go to the “Services” tab.
2. We know “Windows Update Center” (possibly Windows Update) and figure out what it costs.

1. We are saving new adjustments.

Until the completion of the current session, the service will continue, with final assignments placed on it. To obtain a new configuration, Windows 7 must be reinstalled.

Speed ​​up your MMC console

At the same time, equipping the system console gives access to managing all services on the PC. It starts like this.

1. Open the context menu to the “My Computer” directory.
2. Click on the "Control" command.

1. In the left vertical menu, the “Services and Programs” item appears. Then click on the “Services” option.

More let's just say it's an option The click of this window will be to launch the “services.msc” command through the “Viconati” dialog.

1. We scroll through the list of services at the very end and open the “Authority” of the Windows update service.

1. In the “Startup type” list, select “Disabled” instead of “Automatic” to say goodbye to automatic updates again. If you need to turn on the service right away, you have to press “Zupinity”. We save new parameters using the “Freeze” button and close all windows.

To reset your PC, you won't need to reinstall it.

Group Policy Editor

Adjust any system parameter using another feature of the MMC console, which is called the group local policy editor.

The home edition of "Simka" is not available!

1. The tool is launched by running the gpedit.msc command through the Viconati window.

1. In the "PC Configuration" section, select the "Administrative Templates" checkbox.

1. We open " Windows components"That's what the renovation center looks like.
2. On the right side of the window there is a parameter whose name begins with “Setting up auto-update”.
3. Viklikamo yogo nalashtuvannya.

1. Move the checkbox next to the “Turn On” position and press “OK” to close the window for saving changes.

Speeding up in the command line

The same operations are listed through the command line, which are also for help graphical interface, and write more, or in text mode. Golovne, know their syntax and parameters.

The cmd command is responsible for clicking the command line.

1. Open the command interpreter and save it.

In one of our previous articles we described the procedure in detail. After you have set up the server, you need to set up the Windows clients (servers and workstations) to the WSUS server to remove updates, so that the clients receive updates from the internal server, rather than from Microsoft servers Update via the Internet. In this article we will look at the procedure for setting up clients on a WSUS server using group policies domain Active Directory.

AD group policies allow the administrator to automatically recognize computers in different WSUS groups, eliminating the need to manually move computers between groups in the WSUS console and keep these groups up to date. Assignment of clients to various purposes WSUS groups Placed on the tag in the registry on the client (tags are set group politics or direct editing of the registry). This type of client relationship to WSUS groups is called clientsidetargeting(Targeting per client).

It is reported that in our network there will be two different update policies - around the update installation policy for servers ( Servers) and for work stations ( Workstations). These two groups need to be created in the WSUS console in the All Computers section.

Porada. The policy of the proxy server for updating WSUS clients is largely dependent on the organizational structure of the OU Active Directory and the rules for establishing updates in the organization. In this article, we will look at the private option, which allows you to understand the basic principles of the AD policy for installing Windows updates.

We first need to specify a computer grouping rule in the WSUS console (targeting). When performing operations at the WSUS console, computers are divided into manual groups by the administrator (server side targeting). We are not in control, but we know that computers are divided into groups based on client side targeting (under the song key in the client registry). For this purpose in the WSUS console go to the section Options then open the parameter Comp'yuteri. Change the value to Use Group Policy or registry setting on computers(Victorize group policy or registry settings on computers).

Now you can create a GPO to configure WSUS clients. Open the domain Group Policy Management console and create two new group policies: ServerWSUSPolicy and WorkstationWSUSPolicy.

WSUS Group Policy for Windows Servers

Let's take a look at the server policy description ServerWSUSPolicy.

Group policy settings that control the operation of the Windows Update service are located in the GPO section: ComputerConfiguration -> Policies-> Administrativetemplates-> WindowsComponent-> WindowsUpdate(Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update).

Our organization intends to follow this policy for installing WSUS updates on a Windows server. It is planned that all computers that are subject to this policy will be added to the Servers group in the WSUS console. In addition, we want to protect automatically installed update on servers when canceled. The WSUS client must simply download available updates to disk, display notifications about the availability of new updates in the system tray, and ensure that the administrator starts the installation (either manually or remotely with assistance) to begin the installation. This means that productive servers will not automatically install updates and re-enable without administrator approval (require these jobs to be installed by the system administrator as part of the monthly scheduled maintenance work). To implement such schemes, we set the following policies:

• ConfigureAutomaticUpdates(Setting up automatic update): Enable. 3 – Autodownloadandnotifyforinstall(Automatically prompt for updates and notify about their readiness before installation)– the client automatically selects a new update and notifies about its availability;
• SpecifyIntranetMicrosoftupdateservicelocation(Indicate the location of the Microsoft update service in intranet): Enable. Set Intranet update service for detecting updates: http://srv-wsus.site:8530, Set the intranet statistics server: http://srv-wsus.site:8530– here you need to enter the address of your WSUS server and statistics server (be careful);
• No auto-restart with logged on users for scheduled automatic updates installations(Do not automatically re-enroll during the hour of automatic installation of the update, as the system operates as a customer): Enable– protect against automatic re-invitation for the evidence of the session of the correspondent;
• Enableclient-sidetargeting ( Allow the client to join a target group): Enable. Target group name for this computer this computer): Servers– in the WSUS console, add clients to the Servers group.

Note. As you set up your update policy, it is important to familiarize yourself with all the parameters available in each GPO section option. WindowsUpdate and set general parameters for your infrastructure and organization.

WSUS update installation policy for workstations

We assume that updates to client workstations, subject to server policy, will be installed automatically overnight after the update is cancelled. After installing the computer update, you will be required to restart automatically (ahead of the purchase price for 5 dollars).

In this GPO (WorkstationWSUSPolicy) we specify:

• AllowAutomaticUpdatesimmediateinstallation(Allow negain installation automatic updates): Disabled- the fence on the negain is installed and renewed when they are removed;
• Allownon-administratorstoreceiveupdatenotifications(Allow users, other than administrators, to receive update notifications): Enabled- notify non-administrators of new updates and allow them to be installed manually;
• Configure Automatic Updates:Enabled. Configure automatic updating: 4 - Auto download and schedule the install. Scheduled install day: 0 - Everyday. Scheduled install time: 05:00 – when new ones are removed, the client downloads them to the local cache and plans to install them automatically at 5:00 am;
• Target group name for this computer: Workstations– at the WSUS console, add the client to the Workstations group;
• No auto-restart with logged on users for automatic updates installations: Disabled- the system will automatically restart after 5 days after the update installation is completed;
• Specify Intranet Microsoft update service location: Enable. Set intranet update service for detecting updates: http://srv-wsus.site:8530, Set the intranet statistics server: http://srv-wsus.site:8530-Addresses of the corporate WSUS server.

In Windows 10 1607 and above, regardless of the fact that you told them to remove updates from internal WSUS, they can still manage to access Windows Update on the Internet. This “feature” is called DualScan. To enable stop updating from the Internet, you must additionally enable the policy DonotallowupdatedeferralpoliciestocausescansagainstWindowsUpdate ().

Porada. To reduce the level of patchiness of computers in the organization, in both policies you can configure the Primus launch of the update service (wuauserv) on clients. For what purpose? Computer Configuration -> Policies-> Windows Settings -> Security Settings -> System Services find Windows service Update and ask for it automatic start (Automatic).

Assigns WSUS policies to Active Directory OUs

Due date – indicates that the policy has been created for specific Active Directory containers (OUs). In our application, the OU structure in the AD domain is as simple as possible: there are two containers - Servers (which houses all the organization's servers, except domain controllers) and WKS (Workstations - computers of back-office users).

Porada. We see only one simple option for associating WSUS policies with clients. In real organizations, you can bind one WSUS policy to all computers in a domain (a GPO with configured WSUS is attached to the root of the domain), separate different views clients from different OUs (as in our application, we have created different WSUS policies for servers and workstations), in large distributed domains you can bind or assign a GPO to the pod or combine a number of methods.

To assign a policy to an OU, click on the group policy management console for the required OU and select the menu item Link as Existing GPO and select the appropriate policy.

Porada. Do not forget about the OU with domain controllers (Domain Controllers), as a rule, attach the WSUS “server” policy to this container.

So you just need to assign the WorkstationWSUSPolicy policy to the AD WKS container that hosts Windows workstations.

It is impossible to update group policies on clients to link the client to the WSUS server:

All setups of the Windows update system, which were set by group policies, must appear in the client registry at Gilts HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate.

This reg file can be used to transfer WSUS setup to other computers that do not allow you to configure settings and updates using an additional GPO (computers in a work group, isolated segments, DMZ, etc.)

Windows Registry Editor Version 5.00

"WUServer"="http://srv-wsus.site:8530"
"WUStatusServer"="http://srv-wsus.site:8530"
"UpdateServiceUrlAlternate"=""
"TargetGroupEnabled"=dword:00000001
"TargetGroup"="Servers"
"ElevateNonAdmins"=dword:00000000

"NoAutoUpdate"=dword:00000000 –
"AUOptions"=dword:00000003
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003
"ScheduledInstallEveryWeek"=dword:00000001
"UseWUServer"=dword:00000001
"NoAutoRebootWithLoggedOnUsers"=dword:00000001

You can also manually control the WSUS settings on clients using rsop.msc.

І in ten hours (to lie in the amount of renewal and building capacity channel to the WSUS server) you need to check the availability of notifications about the presence of new updates. In the WSUS console, clients can appear in the following groups (the table view displays the client name, IP, OS, hundreds of their “patches” and date the rest of the update status). Because Our policies have tied computers and servers to different WSUS groups, they will be removed from updating, collecting before installing on different WSUS groups.

Note. If the update client does not show up, it is recommended that you carefully read the Windows Update service log on the problematic client (C:\Windows\WindowsUpdate.log). See what Windows 10 has ( Windows Server 2016) vikorist. The client insists on updating in local folder C:\Windows\SoftwareDistribution\Download. To start searching for new updates on the WSUS server, you need to enter the command:

wuauclt/detectnow

It is also necessary to re-register the client on the WSUS server:

wuauclt /detectnow /resetAuthorization

In especially complex cases, you can try to repair the wuauserv service. If this is the case, try changing the update check frequency on the WSUS server using the Automatic Update detection frequency policy.

We will describe the peculiarities of the current statistics. We also recommend that you read the article between groups on the WSUS server.