Question

- List 10 policies for windows client update and server update

Answer 1

Following is a list of 10 policies for windows client and server update:
* One of the Microsoft Windows Group Policy settings is to enforce updates on the client machine, for example, on Windows 10. This policy feature forces installation updates.

* Another policy is installing updates through force: The feature is ComplianceDeadline setting, which requires the user or the administrator to specify and mention deadlines for any and all automatic updates and restarts to perform Windows updates. It lets the user or the system administrator specify a time period to be applied within, for quality and feature updates.

* Likewise, another policy would simply require the user of the machine to restart after working hours on the machine, so the policy applies Windows updates automatically while start-up of the OS.

* A company or an enterprise can use System Center Configuration Manager (SCCM) for deploying update deferral policies for Windows 10 client machines of their employees.

* On a Windows client machine, in order for the machine's user to update Windows client OS updates, he/she could configure the client to download content from an internal LiveUpdate server and use it, however, the user should upgrade the software application to the most recent version of LiveUpdate Administrator. This policy makes Windows clients use an internal LiveUpdate server. It requires simply clicking "LiveUpdate" under "Policies".

* Another policy requires managing Windows Server Update Service (WSUS) settings for Windows client nodes. It requires to setup WSUS server. with feature update support. The WSUS server would have all available Windows updates.

* One should make sure the user's Windows 10 client machine does not have any of the following value names listed under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate, if you are running Windows 10 OS - impact version

* WSUS Offline Update can be used that lets users to update any computer running Windows, without an Internet connection.

* The Windows update feature can be configured using a Group Policy Update (GPO) in the Group Policy Management Editor by navigating through the settings and options:
Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Windows Update
and enabling "Configure Automatic Updates".

* One could turn off this setting choosing, "Turn off auto-restart for updates during active hours", which would download Windows and its features, however would not restart the machine while the user is working on it, but after active hours, it would restart the machine, update Windows, and apply the settings and features.

* One other policy is, the users' Windows client machines should not auto-restart with logged on users for any scheduled automatic updates and installations.

* Another is, it always simply automatically restarts right away the users' Windows client machines at the scheduled time after the Windows updates.

* One could deploy updates using Windows Update for Business, using Group Policy.

* One could use Intune to configure Windows Update for Business.

* In general, one can first configure client-side targeting in Group Policy Management Console and create a GPO in the domain. Then follow the below steps:
Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Windows Update
Enable client-side targeting.

* One can manually approve and deploy feature updates.

* One can automatically approve and deploy feature updates configuring an Automatic Approval rule for Windows 10 feature updates and approving them for the Ring 3 Broad IT deployment ring.

* One can update Microsoft Windows 10 package to have new features updating it and then deploy using existing management tools.

* One could use Windows Update or stand-alone has control limitations over feature updates, where it requires IT, professionals, to manually configure the machine to be in the semi-annual channel. Companies have options as to which devices or machines to defer updates selecting a Defer upgrades checkbox in the settings- Start\Settings\Update & Security\Advanced Options on a Windows 10 machine or device.

* One could configure Windows automatic updates on client and server machines using Group Policy and in the process, it loads the WSUS administrative template.

* There is a policy to reschedule automatic update scheduled installations.

* There is a policy to configure automatic updates.

* There is a policy specifying the hours Windows client machine would use determining how long to wait before checking for available updates, thus setting up automatic update detection frequency.

* Another policy allows immediate installation of automatic updates specifying automatically install certain updates that would neither interrupt Windows services nor restart the machine.

* Another policy is used to delay restart for scheduled installations specifying the time required for Automatic Updates waiting before going ahead with a scheduled restart.

* There is a policy to re-prompt for a restart with Scheduled Installations specifying the time required for Automatic Updates to wait before asking the Windows client machine user another time for a scheduled restart.

* There is a policy to allow non-administrators for receiving update notifications.

* There is a policy to remove links and access to windows update.