I'm having a strange issue with Windows Update on my servers. Although I haven't set any Group Policies related to Windows Updates, when I check the update settings, it says, "Some settings are managed by your organization." This is causing the option to allow updates for other Microsoft products to be greyed out. I've looked in Group Policy Management and can't find any GPO related to Windows Updates, and running RSOP shows no relevant GPOs either. I don't see any issues with DC replication or SYSVOL. Has anyone else experienced something like this, or does anyone have ideas on how to resolve it? My Domain Controllers are 2022, and I'm managing other servers running the same version.
6 Answers
Do you use any management tools like SCCM? Other management tools can also interfere with update settings.
I’m experiencing the same issue. My updates are paused on hybrid machines without me configuring anything related to group policies. Strange, right?
Have you checked if any RMM (Remote Monitoring and Management) tools were ever installed on the endpoints? Sometimes, these tools tweak registry settings that can control updates. It might be worth investigating if any tools are causing the issue.
I totally agree with that. Also, are you buying refurbished servers? Those often come with leftover issues from previous owners.
I didn’t think of that! I was told one of our Cyber team’s tools was just for inventory, but now I’m suspicious it could be messing things up.
Have you run **gpresult /H output.htm** to check for applied policies? Sometimes, the GPOs might not show, but there's still something affecting it from another source.
No, the policies I added show up, but these Windows Update ones do not.
You might want to check your registry at HKLM/Software/Policies/Microsoft/Windows/WindowsUpdate. If there are any keys or values there, that could trigger the "some settings are managed" message. If you find any, you can try clearing them out and restarting the Windows Update service to see if that solves the problem.
I just checked the registry and didn't find anything indicating restrictions. Here's a screenshot of what I found.
Are these servers connected to Azure Arc? If they are, you might be managing updates through Azure, which could explain the restrictions you’re seeing.
Were you able to figure out why that happened? Mine are mostly fresh installs.