Which Options on Windows Update for Windows servers 2019?
OBJECTIVE
This FAQ has been created for IKOULA users, who are willing to take control on new versions of Windows Updates.
ABOUT THE NEW MICROSOFT STRATEGY:
Microsoft has integrated since the Windows 2016 version an automatic management for security patches and other cumulative patches updates, including an integration of restarts by default.
The new approach (Rule) of Windows Update must therefore allow its users to look after their own version, so that a large majority of Windows users have a fully patched version at all times, with only a few versions to support and an installed base that primarily uses one of the two newer versions.
WHICH CONSTRAINTS ?
You can't decide which updates to install? There is no option to delay updates on Windows servers? Updates to new versions are mandatory. Windows servers can restart unexpectedly several times a day if the user does not change the default settings.
RESPONSIBILITY
Our policy for updating IKOULA's information systems and those of our customers is intended to guard against potential risks, which are increasingly numerous and restrictive.
Computer data is at the heart of our activity and risks can sometimes have serious consequences such as: :
- The spread of viruses and malware
- Computer intrusion and hacking
- Embezzlement
- The loss of confidential information
It is therefore the responsibility of the user if he or she takes the sole initiative to suspend (desactivate) the operating system update process.
THE RECOMMENDED AVAILABLE OPTIONS:
Accessible from "Windows settings and updates and security"
Several choices are available for updates actions and parameters
SET THE DEFAULT ACTIVITY TIME
This is the first option available, it allows you to set the hours of activity for the Windows Update process. Be careful : There is no restart during this activity time slot, but this can occur if there is no current use anyway.
Select « Change active hours »
Set active hours to let us know when you typically use this device. We will not automatically restart during business hours, and we will not restart without verifying that you are using it.
Then, select « Change » if needed
PAUSE UPDATES
You can also decide to select “pause” for your updates, according to the date criteria you chose and depending on your servers’ availability.
This action if of course temporary, it can be extended to a maximum of 35 days and then it will resume as usual.
Click on « pause updates »
You can also decide to extend the “pause updates” period, by using the advanced options section
MANUAL OPTIONS THAT IKOULA DOES NOT RECOMMEND
DISABLE THE WINDOWS UPDATE SERVICE
Thanks to a PowerShell command, it’s possible to desactivate the updates process. They can then only be resumed at the initiative of the user (Server Administrator).
As Administrator, enter from the PowerShell console the sequential commands listed here below:
Set-Service wuauserv -Startup disable (en anglais) Stop-Service wuauserv -Force
Set the service to “disabled start”
Then, force “stop service”
Then, force the update of register keys, from “Start/Execute” menu
Control of updates process
Available from "Windows parameters and updates and security"
Once the updates service is disabled, you can notice that the Windows Update process goes back to error (0x80070422) and no more processing has been in progress since the date indicated by the exclamation point.
REACTIVATE UPDATES PROCESS
Reactivate the Windows Update service as an auto-start service.
From the PowerShell console as Administrator, execute the following steps:
Set-service wuauserv -Startup Auto
Then, start the service
Start-Service wuauserv
Control of updates process
Available from « Windows Updates » menu
The process resumes as agreed and listes some updates to run if necessary.
Did you find this article useful?
Enable comment auto-refresher