Configure Automatic Updates using Registry Editor
Applies To: Windows Server Update Services, Windows Small Business Server 2011 Standard, Windows Server 2008 R2, Windows Server 2003 with SP2, Windows Server 2008 R2 with SP1
If you do not want to use Group Policy to manage Automatic Updates (for example, the WSUS deployment is in a non-Active Directory environment), you can configure Automatic Updates by using Registry Editor.
Warning
Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.
Registry keys for configuring Automatic Updates
Registry entries that you can use to configure Automatic Updates by using Registry Editor are located in the following subkeys:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SYSTEM\Internet Communication Management\Internet Communication
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
Registry keys for Windows Update
WSUS registry entries for Windows Update are located in the following subkey:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate
The keys and their values are listed in the following table.
| Entry name | Data type | Values |
|---|---|---|
| AcceptTrustedPublisherCerts | Reg_DWORD | Range = 1|0 - 1 = Enabled. The WSUS server distributes available signed non-Microsoft updates. - 0 = Disabled. The WSUS server does not distribute available signed non-Microsoft updates. |
| DisableWindowsUpdateAccess | Reg_DWORD | Range = 1|0 - 1 = Disables access to Windows Update. - 0 = Enables access to Windows Update. |
| ElevateNonAdmins | Reg_DWORD | Range = 1|0 - 1 = All members of the Users security group can approve or disapprove updates. - 0 = Only members of the Administrators security group can approve or disapprove updates. |
| TargetGroup | Reg_SZ | Name of the computer group to which the computer belongs. This policy is paired with TargetGroupEnabled. |
| TargetGroupEnabled | Reg_DWORD | Range = 1|0 - 1 = Use client-side targeting. - 0 = Do not use client-side targeting. This policy is paired with TargetGroup. |
| WUServer | Reg_SZ | HTTP(S) URL of the WSUS server that is used by Automatic Updates and API callers (by default). This policy is paired with WUStatusServer, and both keys must be set to the same value to be valid. |
| WUStatusServer | Reg_SZ | The HTTP(S) URL of the server to which reporting information is sent for client computers that use the WSUS server that is configured by the WUServer key. This policy is paired with WUServer, and both keys must be set to the same value to be valid. |
WSUS registry keys for Internet Explorer
WSUS registry entries for Internet Explorer are located in the following subkey:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
The keys and their values are listed in the following table.
| Entry name | Data type | Corresponding Group Policy setting | Values |
|---|---|---|---|
| NoWindowsUpdate | Reg_DWORD | Remove links and access to Windows Update | Prevents users from connecting to the Windows Update website. Range = 1|0 - 1 = Enabled. Users cannot connect to the Windows Update website. - 0 = Disabled or not configured. Users can connect to the Windows Update website. |
WSUS registry keys for Internet communication
WSUS registry entries for Internet communication are located in the following subkey:
HKEY_LOCAL_MACHINE\SYSTEM\Internet Communication Management\Internet Communication
The keys and their values are listed in the following table.
| Entry name | Data type | Corresponding Group Policy setting | Values |
|---|---|---|---|
| DisableWindowsUpdateAccess | Reg_DWORD | Turn off access to all Windows Update features | Remove all access to Windows Update. Range = 1|0 - 1 = Enabled. All Windows Update features are removed. This includes blocking access to the Windows Update website at https://windowsupdate.microsoft.com, from the Windows Update hyperlink on the Start menu, and also on the Tools menu in Internet Explorer. Windows automatic updating is also disabled; you will neither be notified about nor will you receive critical updates from Windows Update. This setting also prevents Device Manager from automatically installing driver updates from the Windows Update website. - 0 = Disabled or not configured. Users will be able to access the Windows Update website and enable automatic updating to receive notifications and critical updates from Windows Update. |
WSUS registry key for Windows Update
WSUS registry entry for Windows Update is located in the following subkey:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate
The key and its value is listed in the following table.
| Entry name | Data type | Corresponding Group Policy setting | Values |
|---|---|---|---|
| DisableWindowsUpdateAccess | Reg_DWORD | Remove access to use all Windows Update features | Prevents users from connecting to the Windows Update website. Range = 1|0 - 1 = Enabled. All Windows Update features are removed. - 0 = Disabled or not configured. All Windows Update features are available. |
Registry keys for Automatic Update configuration options
The registry entries for Automatic Update configuration options are located in the following subkey:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
The keys and their values are listed in the following table.
| Entry name | Data type | Values |
|---|---|---|
| AUOptions | Reg_DWORD | Range = 2|3|4|5 - 2 = Notify before download. - 3 = Automatically download and notify of installation. - 4 = Automatically download and schedule installation. Only valid if values exist for ScheduledInstallDay and ScheduledInstallTime. - 5 = Automatic Updates is required and users can configure it. |
| AutoInstallMinorUpdates | Reg_DWORD | Range = 0|1 - 0 = Treat minor updates like other updates. - 1 = Silently install minor updates. |
| DetectionFrequency | Reg_DWORD | Range = n, where n = time in hours (1–22). - Time between detection cycles. |
| DetectionFrequencyEnabled | Reg_DWORD | Range = 0|1 - 1 = Enable detection frequency. - 0 = Disable custom detection frequency (use default value of 22 hours). |
| NoAutoRebootWithLoggedOnUsers | Reg_DWORD | Range = 0|1 - 1 = Logged-on user can decide whether to restart the client computer. - 0 = Automatic Updates notifies the user that the computer will restart in 15 minutes. |
| NoAutoUpdate | Reg_DWORD | Range = 0|1 - 0 = Enable Automatic Updates. - 1 = Disable Automatic Updates. |
| RebootRelaunchTimeout | Reg_DWORD | Range = n, where n = time in minutes (1–1,440). - Time between prompts for a scheduled restart. |
| RebootRelaunchTimeoutEnabled | Reg_DWORD | Range = 0|1 - 1 = Enable RebootRelaunchTimeout. - 0 = Disable custom RebootRelaunchTimeout(use default value of 10 minutes). |
| RebootWarningTimeout | Reg_DWORD | Range = n, where n = time in minutes (1–30). - Length, in minutes, of the restart warning countdown after updates have been installed that have a deadline or scheduled updates. |
| RebootWarningTimeoutEnabled | Reg_DWORD | Range = 0|1 - 1 = Enable RebootWarningTimeout. - 0 = Disable custom RebootWarningTimeout (use default value of 5 minutes). |
| RescheduleWaitTime | Reg_DWORD | Range = n, where n = time in minutes (1–60). - Time in minutes that Automatic Updates waits at startup before it applies updates from a missed scheduled installation time. - This policy applies only to scheduled installations, not to deadlines. Updates with deadlines that have expired should always be installed as soon as possible. |
| RescheduleWaitTimeEnabled | Reg_DWORD | Range = 0|1 - 1 = Enable RescheduleWaitTime . - 0 = Disable RescheduleWaitTime (attempt the missed installation during the next scheduled installation time). |
| ScheduledInstallDay | Reg_DWORD | Range = 0|1|2|3|4|5|6|7 - 0 = Every day. - 1 through 7 = the days of the week from Sunday (1) to Saturday (7). (Only valid if AUOptions = 4.) |
| ScheduledInstallTime | Reg_DWORD | Range = n, where n = the time of day in 24-hour format (0–23). |
| UseWUServer | Reg_DWORD | Range = 0|1 - 1 = The computer gets its updates from a WSUS server. - 0 = The computer gets its updates from Microsoft Update. - The WUServer value is not respected unless this key is set. |
See Also
Plan Automatic Updates Settings
Configure Automatic Updates using Group Policy