Best Practices for Windows Update Scheduling and Laptop Lid Settings

I personally set strict deadlines using GPO and ensure users get plenty of warnings ahead of time to prepare for updates.

We also changed our lid close setting to 'Do Nothing' when plugged in through a GPO. It makes a big difference for usability, especially in a mixed office and remote work environment.

For the lid issue, having the laptop shutdown when the lid is closed is definitely not ideal, especially for remote workers or those moving between meetings. A lot of setups I’ve seen just set the lid action to 'Do Nothing' when plugged in. This way, users can dock or use external monitors without issues. Regarding the updates, scheduling them via GPO on Tuesdays around lunch sounds solid since that's when people are active. Just be cautious with forced restarts! Perhaps give users a heads-up or allow them to defer the reboot, so they don’t lose work unexpectedly. Some organizations give a grace period of 2-3 days for rebooting before a forced restart happens, which adds flexibility.

Yup, that lid setting is a bad idea! Do you have SCCM or Intune at your disposal? Those tools can really streamline patch management. Whatever system you opt for, make sure you communicate it clearly. You definitely want to avoid situations like a partner delaying reboots for too long, leading to last-minute mandatory reboots at inconvenient times.

I find that using autopatch deadlines along with a policy that prevents the laptop from sleeping when plugged in can yield around 95% compliance after Patch Tuesday. It might not align with CIS benchmarks, but it works like a charm!