Hey everyone, we're currently working on a Windows upgrade project and need to adjust our Group Policy settings to better handle Windows updates via our WSUS server. We're particularly looking for advice around a few key areas:
1. What are your strategies for scheduling update installations and mandatory reboots?
2. If a user misses the reboot window, how do you set up your system to apply updates during the next startup without interfering with their work?
3. Do you use user notifications for enforcing reboots, or do you have a different approach?
Any help or insights would be greatly appreciated!
3 Answers
Honestly, I'd be careful about investing more in WSUS right now since Microsoft is phasing it out. The best move is to look into transitioning to Intune for managing updates and configurations. However, I know some folks at my job are sticking with MECM since Intune doesn’t quite fit our deployment needs, so that’s another thing to consider.
Definitely use modern controls like deadlines and deferrals. I think Autopatch is a solid option, too. Also, there's a good resource that discusses which Windows policies to avoid, check it out for more insights! [Microsoft Blog](https://techcommunity.microsoft.com/blog/windows-itpro-blog/why-you-shouldn%E2%80%99t-set-these-25-windows-policies/3066178)
I recommend checking out Action1 for managing reboots; it lets you configure when to reboot users easily. I've been using it for a while, and it really simplifies automating patching, plus I'm still on their free tier and it works great!
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures