WSUS setting for Forefront only

I noticed that using WSUS means that you can easily muck up some of the settings and deploy software or even randomly reboot machines. Not good.

Here’s the Windows Update I recommend if your not using WSUS to deploy other patches to your machines. A couple of them aren’t really required, but make me feel a bit better than leaving them not configured.

Windows Components/Windows Update
Policy Setting
Allow Automatic Updates immediate installation Enabled
Allow non-administrators to receive update notifications Disabled
Automatic Updates detection frequency Enabled
Check for updates at the following
interval (hours): 8

Policy Setting
Do not adjust default option to ‘Install Updates and Shut Down’ in Shut Down Windows dialog box Enabled
Do not display ‘Install Updates and Shut Down’ option in Shut Down Windows dialog box Disabled
Configure Automatic Updates Disabled

Policy Setting
No auto-restart for scheduled Automatic Updates installations Enabled
Reschedule Automatic Updates scheduled installations Enabled
Wait after system
startup (minutes): 20

Policy Setting
Specify intranet Microsoft update service location Enabled
Set the intranet update service for detecting updates: http://wsusserver
Set the intranet statistics server: http://wsusserver

Reply now | Feed

Leave a Reply


XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Wp Logo Theme: Guangzhou
Home