We help IT Professionals succeed at work.

Automatic install Window 10 update

Simon Leung
Simon Leung asked
on
Medium Priority
88 Views
Last Modified: 2019-08-19
It seems that window 10 update deployed from WSUS to client's workstation required user to confirm the installation.

Is it possible for these patches to install automatically ? Alternatively, can we have the remote powershell to trigger the update on each workstations ?

Thx
Comment
Watch Question

David Johnson, CDSimple Geek from the '70s
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
updates get installed automatically
upgrades need user intervention.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
You could trigger the upgrade without wsus.
Extract the ISO to a share and use a scheduled task to make clients install it. The task would be a simple batch:

\\server\share\setup.exe /auto upgrade /dynamicupdate disable

Open in new window

Executor: system
Trigger: some time that you define + randomization if LAN bandwidth is a problem.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Set user machines to update at 3:00am.
Set active hours for 7:00am to 8:00pm.
Turn Auto Updates ON.
Make sure the Default Setting for sharing updates is ON.

Set this way, most updates will occur automatically and leave the system at a login screen the next morning.  No user intervention.

Some feature upgrades may require user intervention but they are less frequent.

Author

Commented:
I mean the Critical update deployed on WSUS, seems like user need to install manually...

Can I configure the GPO to install the patches automatically ?

Thx
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
The majority of Windows 10 updates do not need user intervention. Leave machines on and logged off overnight Patch Tuesday and for a couple of days.  

Windows 10 has drifted away from "critical updates" to monthly "all updates"
David Johnson, CDSimple Geek from the '70s
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Set a deadline on the updates or change your group policy
Allow Automatic Updates immediate installation to enabled
for further information review
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd939933(v=ws.10)
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
To support what David gave you: https://docs.microsoft.com/en-us/windows/deployment/update/wufb-compliancedeadlines shows the dealine options and lists what will be shown to the end user and how.

However: feature updates are best installed at maintenance times when no user is around, because they suspend bitlocker protection. So in case you are using bitlocker, using WSUS is NOT recommended, but the script option that I listed should be used at times when the computer is not accessible by the user.

Author

Commented:
In Window 10, the patches are deployed into the client workstation. However, (unlike Window 7) it doesn't pop up in the system tray bar, nor it will ask to install when user shutdown the workstations. Hence, the patches are always ignore for users.
error.png
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Simon, your comment does not indicate that you read the comments. Please give feedback on the comments.

Author

Commented:
Sorry, can't get what I need to do ... attach the GPO related to window update for your reference.

Thx
WSUS-GPO-Setting.png
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
Simon, did you understand David's suggestion about deadlines?
Did you read what I linked?

Author

Commented:
Is that what u mean ?
WSUS01.png
WSUS02.png
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
Of course. That is what is described in the link.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Please divide your question points fairly.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.