How do I use GPO to control Windows Updates with the following specs?
Download only and allow administrator install manually. No user allows to install.
My current config. showed below. But when login as administrator, "Install Now" button is grayed out. What policy I need to change so that only admin. can install updates?
Local Administrator or Domain Administrator? Because Domain Administrators are generally immune to Group Policies.
Regardless, just add Domain Admins to the policy and explicitly deny them permission to read the policy, that will block it from applying to them.