Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate] "UseWUServer"=dword:00000001 "WUServer"="http://wsus.domain.local:8530" "WUStatusServer"="http://wsus.domain.local:8530"
| Value Name | Type | Effect | | :--- | :--- | :--- | | DeferQualityUpdates | REG_DWORD | 1 = Defer quality (security/monthly) updates. | | DeferQualityUpdatesPeriodInDays | REG_DWORD | Days to defer quality updates (0-30+). | | DeferFeatureUpdates | REG_DWORD | 1 = Defer feature (annual) updates. | | DeferFeatureUpdatesPeriodInDays | REG_DWORD | Days to defer feature updates (0-180+). | | BranchReadinessLevel | REG_DWORD | 16 = Semi-Annual Channel (Targeted). 32 = Semi-Annual Channel. | Objective: Auto-install security updates daily at 3 AM, lock Windows version to 22H2, use WSUS. windows update registry settings
Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\*" Get-WindowsUpdateLog # Generates a readable log file Most Windows Update registry changes require a restart of the Windows Update service : Windows Registry Editor Version 5
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU] "NoAutoUpdate"=dword:00000000 "AUOptions"=dword:00000004 "ScheduledInstallDay"=dword:00000000 "ScheduledInstallTime"=dword:00000003 "NoAutoRebootWithLoggedOnUsers"=dword:00000001 | | DeferFeatureUpdatesPeriodInDays | REG_DWORD | Days to