Patch > Windows Auto Update

Windows Automatic Update is a Microsoft tool that automatically delivers the latest high priority updates to a computer from both Microsoft Update and Windows Update.  Automatic Update is supported in the following operating systems: Windows 2003, Windows XP, and Windows 2000 (SP3 or later).  While Windows Millennium Edition (Me) has an Automatic Update capability, it cannot be managed as the above operating systems can.

Windows Auto Update is one feature that cannot be preconfigured in a template account.  This is because Windows Automatic Update is only supported by Microsoft on Windows 2000 SP3/SP4, Windows XP, and Windows Server 2003.  Since a template account cannot have a specified operating system, a setting for this feature cannot be accomplished in the template account.  Also, we need to know the machine’s current settings before we can override those settings.  The current settings are obtained during the initial patch scan for the machine in question.

This function defines the configuration options for Windows Automatic Update:

Disable

Disable Windows Automatic Update to let patch management control system patching.

User Control

Let machine users control Windows Automatic Update.

Configure

Force Windows Automatic Update configuration to the following settings:

Automatic Update Options:

• Notify user for download and installation

• Automatically download and notify user for installation

• Automatically download and schedule installation

For option “Automatically download and schedule installation”, select “Schedule on” to select the day of the week and select “at” to select the hour of the day to install the downloaded patches.

If the Windows Automatic Update Configuration column displays “Automatic Update not initialized on machine”, the user must select the Automatic Update icon in the System tray to run the Automatic Update Setup Wizard to setup Automatic Updates.

The Disable and the Configure options override the existing user settings and disable the controls in Automatic Updates so the user cannot change any of the settings.

The checkbox will not be displayed for any machine that either has an operating system that does not support Windows Automatic Update or for which the initial patch scan has not been completed.

NOTE for Windows XP SP2 machines:  Whenever an administrator disables or forces a specific configuration for Windows Auto Update, a registry setting is updated to prevent the bubble warning from the Security Center icon in the System Tray to be displayed for Automatic Updates.  This is done to avoid end-user confusion since the end-user will not be able to make any changes to the Automatic Updates configuration.  It is possible that some anti-malware tools will see this registry setting change as an attempt by malware to eliminate the user warning and therefore will reset the warning to "on".