One of the most important things in every Windows based domains are updates. You`ll probably want to arrange updating via Domain Group Policy since people often forget/postpone Windows Updates.
This LAB assumes you already have domain configuration in place.
Here is how to do it on Windows Server 2012 R2:
On your domain controller open search (or run) and type in gpmc.msc | Click on gpmc
!!!! Little side note– In this case, I don`t want same Windows Update policy for my servers and clients. It would be inappropriate for production servers to update and restart let’s say at Monday 13 hours. But it would be very good time for clients since everybody is at lunch at that time.
Anyway, it is good practice to create different Organizational Units for different types of computers and users in your environment so you can fine tune your group policy and permissions also.
You can create new organization unit in Active Directory Users and Computers | right click on domain name | New – Organizational Unit
Let’s get on with the LAB
Expand forest |Domains | right click on your OU (organizational unit) that you want this policy to apply (in my case TestPCs OU) | Create a GPO in this domain, and Link it here
We need to name New GPO. I`ll name mine Windows_Update | Leave None under Source Starter GPO | OK
New Policy is created (in my case) under TestPCs OU and it will apply to all PCs that are part of TestPCs OU.
Select created Windows_Update GPO (group policy object) and click on Settings tab on the right part of the screen
Right click on Computer Configuration |Edit
Click on Computer Configuration | Policies | Administrative Templates | Windows Components | Windows Update
Double click on Configure Automatic Updates |Enabled | under Options define how you would like your updates to work. I choose following
Configure automatic updating: 4 – Auto download and schedule the install
Schedule install day: 2 – Every Monday at 13:00h
Apply |OK
In order to confirm that this setting is working we need to test on one of the PCs that are affected by this policy.
Log on onto the PC – command prompt with administrative privileges (run as administrator)
gpupdate /force
After that if we check under Control Panel | Windows Update | Change settings (right part of the screen) we see that update settings are changed
Other Windows Updates options worth mentioning:
Turn on recommended updates via Automatic Updates
With this enabled you`ll get optional updates for windows components.
No auto-restart with logged on users for scheduled automatic updates installations is also good option.
Conclusion
We did some Group Policy and enabled automatic Windows Update for our domain PCs.