Is there a way to specify when a computer scans for available updates so that it does not scan for automatic updates on startup? In group policy the only thing close to this is "Automatic Updates detection frequency".
Printable View
Is there a way to specify when a computer scans for available updates so that it does not scan for automatic updates on startup? In group policy the only thing close to this is "Automatic Updates detection frequency".
Are you talking Windows Updates?
Most of us use WSUS on the server to control Microsoft updates and block them from running locally.
Yes. The systems that I am working with use WSUS to configure updates but there does not seem to be a setting anywhere that specifically states when the system will check for updates. There is only the policy for "Automatic Updates detection frequency" which can set an interval to scan for updates but it is not exact. What I am finding is that the machines check for and download the updates, then wait to install them at the time that they are scheduled to install.
Ah. You're right. That is what it does... I'm noy aware of any way of changing that. I take it that it's slowing some of your machines?
Unless you have a lot of updates to apply, so there should be no slowdown. Are you just deploying security updates or service packs too?
Once workstations are updated, Microsoft typically release anywhere between 1-10 updates per month. The alternative is to disable updates, but I wouldn't recommend doing that.
Yes it seems to be slowing down the machines. The caveat here is that the machines are frozen with deep freeze. Updates get applied during a maintenance window that occurs every night but the autoupdate still check for updates on every startup. I will need to see if there is anything else that is causing the systems to be slow or unresponsive after startup.
Use a scheduled task to stop and start the update service on the clients?
By default, autoupdates is not set to check on sartup, but is instead set to check every 20 hours (with up to 20% random difference to stop all machines checking at once). Ref: Best Practices with Windows Server Update Services
Note - this is not the time when updates are applied - that is on a fixed time schedule - this is when each machine is checking. This time is meant to be random so that not all machine check at the same time and kill your WSUS server. FYI your home machines work the same schedules, but with contact the public windows update servers.
You indicate that these machines are in deep freeze. For normal macines, the check time will gradually drift for each machine as the random time take effect. However, if your machines were frozen needing a check, then this may explain what you are seeing. I do not know which key will store this information, sorry.
Please note that while you can change this check time with group policy, it can have unexpected consequences. A machine does not re-check for patches at the 3am apply time, so if it has not detected a patch is required, then no patch will be applied.
HTH
Jonathan
So following on from ArchersIT's post, after starting the update service, issue wuauclt /detectnow on a scheduled task with a random delay via GPP.