Next Topic

Previous Topic

Book Contents

Windows Auto Update

Patch > Windows Auto Update

The Windows Auto Update page determines whether Windows Automatic Updates on managed machines is disabled, left for the user to control, or configured.

Window Automatic Updates

Windows Automatic Updates is a Microsoft tool that automatically delivers updates to a computer. Windows Automatic Updates is supported in the following operating systems: Windows 2003, Windows XP, and Windows 2000 SP3 or later. While Windows Millennium Edition (Me) has an Automatic Updates capability, it cannot be managed as the above operating systems can. Patch Mgmt > Windows Auto Update can enable or disable this feature on managed machines.

Windows Automatic Update Cannot Use Template Accounts

Windows Automatic Updates is one feature that cannot be preconfigured in a machine ID template. This is because Windows Automatic Updates is only supported on Windows 2000 SP3/SP4, Windows XP, and Windows Server 2003. Since a machine ID template cannot have a specified operating system, a setting for this feature cannot be stored in the machine ID template. Also, we need to know the machine’s current settings before we can override those settings. The current settings are obtained when a Scan Machine is performed.

Note: A checkbox does not display for any machine that either has an operating system that does not support Windows Automatic Updates or for which an initial Scan Machine has not been completed.

For Windows XP SP2 machines: Whenever an administrator disables or forces a specific configuration for Windows Automatic Updates, a registry setting is updated to prevent the bubble warning from the Security Center icon in the system tray to be displayed for Windows Automatic Updates. This is done to avoid end-user confusion since the end-user will not be able to make any changes to the Windows Automatic Updates configuration. It is possible that some anti-malware tools will see this registry setting change as an attempt by malware to eliminate the user warning and therefore will reset the warning to "on".

Disable

Select Disable to disable Windows Automatic Updates on selected machine IDs and let Patch Management control patching of the managed machine. Overrides the existing user settings and disables the controls in Windows Automatic Updates so the user cannot change any of the settings. Users can still patch their systems manually.

User Control

Let machine users enable or disable Windows Automatic Updates for selected machine IDs.

Configure

Forces the configuration of Windows Automatic Updates on selected machine IDs to the following settings. Overrides the existing user settings and disables the controls in Windows Automatic Updates so the user cannot change any of the settings. Users can still patch their systems manually.

  • Notify user for download and installation - Notifies the user when new patches are available but does not download or install them.
  • Automatically download and notify user for installation - Automatically downloads updates for the user but lets the user choose when to install them.
  • Automatically download and schedule installation - Automatically downloads updates and installs the updates at the scheduled time.

Schedule every day / <day of week> at <time of day>

Applies only if Automatically download and schedule installation is selected. Perform this task every day or once a week at the specified time of day.

Force auto-reboot if user is logged on

Optionally check the box next to Force auto-reboot if user is logged on. By default, Windows Auto Update does not force a reboot. Reboot Action settings do not apply to Windows Auto Update.

Select All/Unselect All

Click the Select All link to check all rows on the page. Click the Unselect All link to uncheck all rows on the page.

Check-in status

These icons indicate the agent check-in status of each managed machine:

Agent has checked in

Agent has checked in and user is logged on. Tool tip lists the logon name.

Agent has not recently checked in

Agent has never checked in

Online but waiting for first audit to complete

The agent is online but remote control is disabled

The agent has been suspended

Machine.Group ID

The list of Machine ID.Group IDs displayed is based on the Machine ID / Group ID filter and the machine groups the administrator is authorized to see using System > Group Access.

Machine Updated

Displays the status of configuring Windows Automatic Updates on selected machine IDs using this page.

  • Pending - Windows Automatic Updates is being configured on the selected machine ID.
  • Timestamp - The date and time Windows Automatic Updates was configured on the selected machine ID.

Windows Automatic Update Configuration

The Windows Automatic Update configuration assigned to each selected machine ID.

Note: If the Windows Automatic Update Configuration column displays Automatic Update not initialized on machine, the user must select the Windows Automatic Updates icon in the system tray to run the Windows Automatic Updates Setup wizard to setup Windows Automatic Updates.