Hi Daniel, I have implemented this in our environment in almost exactly the same manner.
For my Windows 7 clients a reboot was needed after the Group Policy applied before WUA would update (by inspecting windowsupdate.log) - the only update that was downloaded was the WUA agent itself. For my Windows XP clients a reboot was also needs before the WUA would update however some other updates were identified as being required and were also installed - these were BITS related. In both cases there have been no unexpected reboots or prompting / notifications to users. Hope this makes you less nervous :) I piloted the change to a small group of users by using a security group on the group policy prior to making the policy available to authenticated users - so you may wish to do this to ensure everything behaves in your environment. The main risk with making this change is a badly configured WSUS server that actually starts dishing out updates. Cheers Damon From: [email protected] [mailto:[email protected]] On Behalf Of Daniel Corkill Sent: Wednesday, 29 May 2013 10:32 AM To: [email protected] Subject: [mssms] OT: Modifying group policy so the WUA can update via WSUS Has anyone modified their group policy settings so they can receive the new WUA that is only available via WSUS? We currently have Automatic Updates disabled via group policy and I'm pretty nervous about enabling it. I've created a GPO with the following settings: * Computer config/Policies/Admin templates/Windows Components/Windows Update/Configure Automatic Updates o Enabled o Configure automatic updating: 4 - Auto download and schedule the install o Scheduled install day: 0 - Everyday o Scheduled install time: 03:00 * User config/Policies/Admin templates/Windows Components/Windows Update/Remove access to use all Windows Update features o Enabled o Configure notifications: 0 - Do not show any notifications I intend to link this GPO to the domain; because there's no GPOs with these settings elsewhere all computer objects should process the computer config and all user objects will process the user config. During testing conducted on a few workstations it appears to work as intended - the WUA is updated to 7.6 from 7.4 and no notifications or reboots occur. But I'm worried about a couple of things: * What other updates (besides WUA) could be delivered automatically and without my control? * If updates besides WUA could be delivered and they require a reboot, on systems where no user is logged on at the time and therefore there is no setting in place to suppress notifications and reboots, i.e. servers, could unexpected reboots be triggered? For anyone who has implemented this do you have any feedback? Daniel. ________________________________ CONFIDENTIALITY NOTICE AND DISCLAIMER The information in this transmission may be confidential and/or protected by legal professional privilege, and is intended only for the person or persons to whom it is addressed. If you are not such a person, you are warned that any disclosure, copying or dissemination of the information is unauthorised. If you have received the transmission in error, please immediately contact this office by telephone, fax or email, to inform us of the error and to enable arrangements to be made for the destruction of the transmission, or its return at our cost. No liability is accepted for any unauthorised use of the information contained in this transmission.
