From f15adac8ab06abaebd516a460283b7d867b88a06 Mon Sep 17 00:00:00 2001
From: Andrei-George Stoica <5600871+andreiztm@users.noreply.github.com>
Date: Fri, 10 Dec 2021 00:59:05 +0200
Subject: [PATCH] Updating AllowMUService policy disabled option and a lot of
formatting improvements/acrolinx
---
.../mdm/policy-csp-update.md | 1016 +++++++++--------
1 file changed, 538 insertions(+), 478 deletions(-)
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index ec5de9aacf..0c612b064a 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -15,7 +15,6 @@ ms.collection: highpri
# Policy CSP - Update
-
@@ -216,7 +215,6 @@ ms.collection: highpri
-
@@ -245,10 +243,10 @@ ms.collection: highpri
-Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12 hour maximum from start time.
+Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12-hour maximum from start time.
> [!NOTE]
-> The default maximum difference from start time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** below for more information.
+> The default maximum difference from start time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. For more information, see **Update/ActiveHoursMaxRange** below.
Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc.
@@ -256,12 +254,13 @@ The default is 17 (5 PM).
-ADMX Info:
-- GP Friendly name: *Turn off auto-restart for updates during active hours*
-- GP name: *ActiveHours*
-- GP element: *ActiveHoursEndTime*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Turn off auto-restart for updates during active hours*
+* GP name: *ActiveHours*
+* GP element: *ActiveHoursEndTime*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -302,12 +301,13 @@ The default value is 18 (hours).
-ADMX Info:
-- GP Friendly name: *Specify active hours range for auto-restarts*
-- GP name: *ActiveHoursMaxRange*
-- GP element: *ActiveHoursMaxRange*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Specify active hours range for auto-restarts*
+* GP name: *ActiveHoursMaxRange*
+* GP element: *ActiveHoursMaxRange*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -340,10 +340,10 @@ ADMX Info:
-Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12 hour maximum from end time.
+Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12-hour maximum from end time.
> [!NOTE]
-> The default maximum difference from end time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** above for more information.
+> The default maximum difference from end time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. For more information, see **Update/ActiveHoursMaxRange** above.
Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc.
@@ -351,12 +351,13 @@ The default value is 8 (8 AM).
-ADMX Info:
-- GP Friendly name: *Turn off auto-restart for updates during active hours*
-- GP name: *ActiveHours*
-- GP element: *ActiveHoursStartTime*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Turn off auto-restart for updates during active hours*
+* GP name: *ActiveHours*
+* GP element: *ActiveHoursStartTime*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -398,28 +399,27 @@ If the policy is not configured, end-users get the default behavior (Auto instal
ADMX Info:
-- GP Friendly name: *Configure Automatic Updates*
-- GP name: *AutoUpdateCfg*
-- GP element: *AutoUpdateMode*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+
+* GP Friendly name: *Configure Automatic Updates*
+* GP name: *AutoUpdateCfg*
+* GP element: *AutoUpdateMode*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
The following list shows the supported values:
-- 0 – Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end-users to manage data usage. With this option users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel.
-- 1 – Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end-user is prompted to schedule the restart time. The end-user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end-user to control the start time reduces the risk of accidental data loss caused by applications that do not shutdown properly on restart.
-- 2 (default) – Auto install and restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This is the default behavior for unmanaged devices. Devices are updated quickly, but it increases the risk of accidental data loss caused by an application that does not shutdown properly on restart.
-- 3 – Auto install and restart at a specified time. The IT specifies the installation day and time. If no day and time are specified, the default is 3 AM daily. Automatic installation happens at this time and device restart happens after a 15-minute countdown. If the user is logged in when Windows is ready to restart, the user can interrupt the 15-minute countdown to delay the restart.
-- 4 – Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This setting option also sets the end-user control panel to read-only.
-- 5 – Turn off automatic updates.
-
+* 0 – Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end users to manage data usage. With these option users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel.
+* 1 – Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end user is prompted to schedule the restart time. The end user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end user to control the start time reduces the risk of accidental data loss caused by applications that do not shut down properly on restart.
+* 2 (default) – Auto install and restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This is the default behavior for unmanaged devices. Devices are updated quickly, but it increases the risk of accidental data loss caused by an application that does not shut down properly on restart.
+* 3 – Auto install and restart at a specified time. The IT specifies the installation day and time. If no day and time are specified, the default is 3 AM daily. Automatic installation happens at this time and device restart happens after a 15-minute countdown. If the user is logged in when Windows is ready to restart, the user can interrupt the 15-minute countdown to delay the restart.
+* 4 – Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This setting option also sets the end-user control panel to read-only.
+* 5 – Turn off automatic updates.
> [!IMPORTANT]
> This option should be used only for systems under regulatory compliance, as you will not get security updates as well.
-
@@ -459,18 +459,19 @@ This policy is accessible through the Update setting in the user interface or Gr
-ADMX Info:
-- GP Friendly name: *Allow updates to be downloaded automatically over metered connections*
-- GP name: *AllowAutoWindowsUpdateDownloadOverMeteredNetwork*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Allow updates to be downloaded automatically over metered connections*
+* GP name: *AllowAutoWindowsUpdateDownloadOverMeteredNetwork*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
The following list shows the supported values:
-- 0 (default) - Not allowed
-- 1 - Allowed
+* 0 (default) - Not allowed
+* 1 - Allowed
@@ -508,18 +509,19 @@ Allows the IT admin to manage whether to scan for app updates from Microsoft Upd
ADMX Info:
-- GP Friendly name: *Configure Automatic Updates*
-- GP name: *AutoUpdateCfg*
-- GP element: *AllowMUUpdateServiceId*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+
+* GP Friendly name: *Configure Automatic Updates*
+* GP name: *AutoUpdateCfg*
+* GP element: *AllowMUUpdateServiceId*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
The following list shows the supported values:
-- 0 – Not allowed or not configured.
-- 1 – Allowed. Accepts updates received through Microsoft Update.
+* 0 – Not configured.
+* 1 – Allowed. Accepts updates received through Microsoft Update.
@@ -552,18 +554,18 @@ The following list shows the supported values:
-Allows the IT admin to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for 3rd party software and patch distribution.
+Allows the IT admin to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for third-party software and patch distribution.
Supported operations are Get and Replace.
-This policy is specific to desktop and local publishing via WSUS for 3rd party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location.
+This policy is specific to desktop and local publishing via WSUS for third-party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location.
The following list shows the supported values:
-- 0 – Not allowed or not configured. Updates from an intranet Microsoft update service location must be signed by Microsoft.
-- 1 – Allowed. Accepts updates received through an intranet Microsoft update service location, if they are signed by a certificate found in the "Trusted Publishers" certificate store of the local computer.
+* 0 – Not allowed or not configured. Updates from an intranet Microsoft update service location must be signed by Microsoft.
+* 1 – Allowed. Accepts updates received through an intranet Microsoft update service location, if they are signed by a certificate found in the "Trusted Publishers" certificate store of the local computer.
@@ -603,22 +605,23 @@ Even when Windows Update is configured to receive updates from an intranet updat
Enabling this policy will disable that functionality, and may cause connection to public services such as the Microsoft Store to stop working.
> [!NOTE]
-> This policy applies only when the desktop or device is configured to connect to an intranet update service using the "Specify intranet Microsoft update service location" policy.
+> This policy applies only when the desktop or device is configured to connect to an intranet update service using the "Specify intranet Microsoft update service location" policy.
-ADMX Info:
-- GP Friendly name: *Specify intranet Microsoft update service location*
-- GP name: *CorpWuURL*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Specify intranet Microsoft update service location*
+* GP name: *CorpWuURL*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
The following list shows the supported values:
-- 0 – Update service is not allowed.
-- 1 (default) – Update service is allowed.
+* 0 – Update service is not allowed.
+* 1 (default) – Update service is allowed.
@@ -655,28 +658,30 @@ For Quality Updates, this policy specifies the deadline in days before automatic
The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system and user busy checks.
-Value type is integer. Default is 7 days.
+Value type is integer. Default is seven days.
Supported values range: 2-30.
-Note that the PC must restart for certain updates to take effect.
+The PC must restart for certain updates to take effect.
If you enable this policy, a restart will automatically occur the specified number of days after the restart was scheduled.
If you disable or do not configure this policy, the PC will restart according to the default schedule.
If any of the following two policies are enabled, this policy has no effect:
+
1. No auto-restart with logged on users for scheduled automatic updates installations.
2. Always automatically restart at scheduled time.
-ADMX Info:
-- GP Friendly name: *Specify deadline before auto-restart for update installation*
-- GP name: *AutoRestartDeadline*
-- GP element: *AutoRestartDeadline*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Specify deadline before auto-restart for update installation*
+* GP name: *AutoRestartDeadline*
+* GP element: *AutoRestartDeadline*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -713,28 +718,30 @@ For Feature Updates, this policy specifies the deadline in days before automatic
The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system and user busy checks.
-Value type is integer. Default is 7 days.
+Value type is integer. Default is seven days.
Supported values range: 2-30.
-Note that the PC must restart for certain updates to take effect.
+The PC must restart for certain updates to take effect.
If you enable this policy, a restart will automatically occur the specified number of days after the restart was scheduled.
If you disable or do not configure this policy, the PC will restart according to the default schedule.
If any of the following two policies are enabled, this policy has no effect:
+
1. No auto-restart with logged on users for scheduled automatic updates installations.
2. Always automatically restart at scheduled time.
-ADMX Info:
-- GP Friendly name: *Specify deadline before auto-restart for update installation*
-- GP name: *AutoRestartDeadline*
-- GP element: *AutoRestartDeadlineForFeatureUpdates*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Specify deadline before auto-restart for update installation*
+* GP name: *AutoRestartDeadline*
+* GP element: *AutoRestartDeadlineForFeatureUpdates*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -773,12 +780,13 @@ The default value is 15 (minutes).
-ADMX Info:
-- GP Friendly name: *Configure auto-restart reminder notifications for updates*
-- GP name: *AutoRestartNotificationConfig*
-- GP element: *AutoRestartNotificationSchd*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Configure auto-restart reminder notifications for updates*
+* GP name: *AutoRestartNotificationConfig*
+* GP element: *AutoRestartNotificationSchd*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -819,19 +827,20 @@ Allows the IT Admin to specify the method by which the auto-restart required not
-ADMX Info:
-- GP Friendly name: *Configure auto-restart required notification for updates*
-- GP name: *AutoRestartRequiredNotificationDismissal*
-- GP element: *AutoRestartRequiredNotificationDismissal*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Configure auto-restart required notification for updates*
+* GP name: *AutoRestartRequiredNotificationDismissal*
+* GP element: *AutoRestartRequiredNotificationDismissal*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
The following list shows the supported values:
-- 1 (default) – Auto Dismissal.
-- 2 – User Dismissal.
+* 1 (default) – Auto Dismissal.
+* 2 – User Dismissal.
@@ -869,22 +878,24 @@ This policy setting allows you to configure if Automatic Maintenance should make
> [!Note]
> If the OS power wake policy is explicitly disabled, then this setting has no effect.
-If you enable this policy setting, Automatic Maintenance attempts to set OS wake policy and make a wake request for the daily scheduled time, if required.
+If you enable this policy setting, Automatic Maintenance attempts to set OS wake policy and make a wake request for the daily scheduled time, if necessary.
If you disable or do not configure this policy setting, the wake setting as specified in Security and Maintenance/Automatic Maintenance Control Panel applies.
-ADMX Info:
-- GP Friendly name: *Automatic Maintenance WakeUp Policy*
-- GP name: *WakeUpPolicy*
-- GP path: *Windows Components/Maintenance Scheduler*
-- GP ADMX file name: *msched.admx*
+ADMX Info:
+
+* GP Friendly name: *Automatic Maintenance WakeUp Policy*
+* GP name: *WakeUpPolicy*
+* GP path: *Windows Components/Maintenance Scheduler*
+* GP ADMX file name: *msched.admx*
-Supported values:
-- 0 - Disable
-- 1 - Enable (Default)
+Supported values:
+
+* 0 - Disable
+* 1 - Enable (Default)
@@ -926,22 +937,23 @@ Allows the IT admin to set which branch a device receives their updates from. As
-ADMX Info:
-- GP Friendly name: *Select when Preview Builds and Feature Updates are received*
-- GP name: *DeferFeatureUpdates*
-- GP element: *BranchReadinessLevelId*
-- GP path: *Windows Components/Windows Update/Windows Update for Business*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Select when Preview Builds and Feature Updates are received*
+* GP name: *DeferFeatureUpdates*
+* GP element: *BranchReadinessLevelId*
+* GP path: *Windows Components/Windows Update/Windows Update for Business*
+* GP ADMX file name: *WindowsUpdate.admx*
The following list shows the supported values:
-- 2 {0x2} - Windows Insider build - Fast (added in Windows 10, version 1709)
-- 4 {0x4} - Windows Insider build - Slow (added in Windows 10, version 1709)
-- 8 {0x8} - Release Windows Insider build (added in Windows 10, version 1709)
-- 16 {0x10} - (default) Semi-annual Channel (Targeted). Device gets all applicable feature updates from Semi-annual Channel (Targeted).
-- 32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel. (*Only applicable to releases prior to 1903, for all releases 1903 and after the Semi-annual Channel and Semi-annual Channel (Targeted) into a single Semi-annual Channel with a value of 16)
+* 2 {0x2} - Windows Insider build - Fast (added in Windows 10, version 1709)
+* 4 {0x4} - Windows Insider build - Slow (added in Windows 10, version 1709)
+* 8 {0x8} - Release Windows Insider build (added in Windows 10, version 1709)
+* 16 {0x10} - (default) Semi-annual Channel (Targeted). Device gets all applicable feature updates from Semi-annual Channel (Targeted).
+* 32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel. (*Only applicable to releases prior to 1903, for all releases 1903 and after the Semi-annual Channel and Semi-annual Channel (Targeted) into a single Semi-annual Channel with a value of 16)
@@ -978,12 +990,13 @@ The following list shows the supported values:
Allows IT admins to specify the number of days a user has before feature updates are installed on their devices automatically. Updates and restarts will occur regardless of active hours and the user will not be able to reschedule.
-ADMX Info:
-- GP Friendly name: *Specify deadlines for automatic updates and restarts*
-- GP name: *ConfigureDeadlineForFeatureUpdates*
-- GP element: *ConfigureDeadlineForFeatureUpdates*
-- GP path: *Administrative Templates\Windows Components\WindowsUpdate*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Specify deadlines for automatic updates and restarts*
+* GP name: *ConfigureDeadlineForFeatureUpdates*
+* GP element: *ConfigureDeadlineForFeatureUpdates*
+* GP path: *Administrative Templates\Windows Components\WindowsUpdate*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -1031,12 +1044,13 @@ Default value is 7.
Allows IT admins to specify the number of days a user has before quality updates are installed on their devices automatically. Updates and restarts will occur regardless of active hours and the user will not be able to reschedule.
-ADMX Info:
-- GP Friendly name: *Specify deadlines for automatic updates and restarts*
-- GP name: *ConfigureDeadlineForQualityUpdates*
-- GP element: *ConfigureDeadlineForQualityUpdates*
-- GP path: *Administrative Templates\Windows Components\WindowsUpdate*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Specify deadlines for automatic updates and restarts*
+* GP name: *ConfigureDeadlineForQualityUpdates*
+* GP element: *ConfigureDeadlineForQualityUpdates*
+* GP path: *Administrative Templates\Windows Components\WindowsUpdate*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -1085,12 +1099,13 @@ Allows the IT admin (when used with [Update/ConfigureDeadlineForFeatureUpdates](
-ADMX Info:
-- GP Friendly name: *Specify deadlines for automatic updates and restarts*
-- GP name: *ConfigureDeadlineGracePeriod*
-- GP element: *ConfigureDeadlineGracePeriod*
-- GP path: *Administrative Templates\Windows Components\WindowsUpdate*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Specify deadlines for automatic updates and restarts*
+* GP name: *ConfigureDeadlineGracePeriod*
+* GP element: *ConfigureDeadlineGracePeriod*
+* GP path: *Administrative Templates\Windows Components\WindowsUpdate*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -1140,18 +1155,20 @@ If enabled (when used with [Update/ConfigureDeadlineForFeatureUpdates](#update-c
When disabled, if the device has installed the required updates and is outside of active hours, it may attempt an automatic restart before the deadline.
-ADMX Info:
-- GP Friendly name: *Specify deadlines for automatic updates and restarts*
-- GP name: *ConfigureDeadlineNoAutoReboot*
-- GP element: *ConfigureDeadlineNoAutoReboot*
-- GP path: *Administrative Templates\Windows Components\WindowsUpdate*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Specify deadlines for automatic updates and restarts*
+* GP name: *ConfigureDeadlineNoAutoReboot*
+* GP element: *ConfigureDeadlineNoAutoReboot*
+* GP path: *Administrative Templates\Windows Components\WindowsUpdate*
+* GP ADMX file name: *WindowsUpdate.admx*
-Supported values:
-- 1 - Enabled
-- 0 (default) - Disabled
+Supported values:
+
+* 1 - Enabled
+* 0 (default) - Disabled
@@ -1222,23 +1239,24 @@ Enable IT admin to configure feature update uninstall period. Values range 2 - 6
-Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
+Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
Defers Feature Updates for the specified number of days.
Supported values are 0-365 days.
> [!IMPORTANT]
-> The default maximum number of days to defer an update has been increased from 180 (Windows 10, version 1607) to 365 in Windows 10, version 1703.
+> The default maximum number of days to defer an update has been increased from 180 (Windows 10, version 1607) to 365 in Windows 10, version 1703.
-ADMX Info:
-- GP Friendly name: *Select when Preview Builds and Feature Updates are received*
-- GP name: *DeferFeatureUpdates*
-- GP element: *DeferFeatureUpdatesPeriodId*
-- GP path: *Windows Components/Windows Update/Windows Update for Business*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Select when Preview Builds and Feature Updates are received*
+* GP name: *DeferFeatureUpdates*
+* GP element: *DeferFeatureUpdatesPeriodId*
+* GP path: *Windows Components/Windows Update/Windows Update for Business*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -1277,12 +1295,13 @@ Supported values are 0-30.
-ADMX Info:
-- GP Friendly name: *Select when Quality Updates are received*
-- GP name: *DeferQualityUpdates*
-- GP element: *DeferQualityUpdatesPeriodId*
-- GP path: *Windows Components/Windows Update/Windows Update for Business*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Select when Quality Updates are received*
+* GP name: *DeferQualityUpdates*
+* GP element: *DeferQualityUpdatesPeriodId*
+* GP path: *Windows Components/Windows Update/Windows Update for Business*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -1316,10 +1335,9 @@ ADMX Info:
> [!NOTE]
-> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpdatePeriod for Windows 10, version 1511 devices.
+> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpdatePeriod for Windows 10, version 1511 devices.
-
-Allows IT Admins to specify update delays for up to 4 weeks.
+Allows IT Admins to specify update delays for up to four weeks.
Supported values are 0-4, which refers to the number of weeks to defer updates.
@@ -1328,39 +1346,41 @@ If the "Specify intranet Microsoft update service location" policy is enabled, t
If the Allow Telemetry policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
OS upgrade:
-- Maximum deferral: 8 months
-- Deferral increment: 1 month
-- Update type/notes:
- - Upgrade - 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5
+
+* Maximum deferral: Eight months
+* Deferral increment: One month
+* Update type/notes:
+ * Upgrade - 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5
Update:
-- Maximum deferral: 1 month
-- Deferral increment: 1 week
-- Update type/notes: If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic:
-
- - Security Update - 0FA1201D-4330-4FA8-8AE9-B877473B6441
- - Critical Update - E6CF1350-C01B-414D-A61F-263D14D133B4
- - Update Rollup - 28BC880E-0592-4CBF-8F95-C79B17911D5F
- - Service Pack - 68C5B0A3-D1A6-4553-AE49-01D3A7827828
- - Tools - B4832BD8-E735-4761-8DAF-37F882276DAB
- - Feature Pack - B54E7D24-7ADD-428F-8B75-90A396FA584F
- - Update - CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83
- - Driver - EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0
+
+* Maximum deferral: One month
+* Deferral increment: One week
+* Update type/notes: If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic:
+ * Security Update - 0FA1201D-4330-4FA8-8AE9-B877473B6441
+ * Critical Update - E6CF1350-C01B-414D-A61F-263D14D133B4
+ * Update Rollup - 28BC880E-0592-4CBF-8F95-C79B17911D5F
+ * Service Pack - 68C5B0A3-D1A6-4553-AE49-01D3A7827828
+ * Tools - B4832BD8-E735-4761-8DAF-37F882276DAB
+ * Feature Pack - B54E7D24-7ADD-428F-8B75-90A396FA584F
+ * Update - CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83
+ * Driver - EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0
Other/cannot defer:
-- Maximum deferral: No deferral
-- Deferral increment: No deferral
-- Update type/notes:
- Any update category not specifically enumerated above falls into this category.
+* Maximum deferral: No deferral
+* Deferral increment: No deferral
+* Update type/notes:
+ Any update category not enumerated above falls into this category.
- Definition Update - E0789628-CE08-4437-BE74-2495B842F43B
-ADMX Info:
-- GP name: *DeferUpgrade*
-- GP element: *DeferUpdatePeriodId*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP name: *DeferUpgrade*
+* GP element: *DeferUpdatePeriodId*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -1394,12 +1414,11 @@ ADMX Info:
> [!NOTE]
-> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
+> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
>
-> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpgradePeriod for Windows 10, version 1511 devices.
+> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpgradePeriod for Windows 10, version 1511 devices.
-
-Allows IT Admins to specify additional upgrade delays for up to 8 months.
+Allows IT Admins to specify more upgrade delays for up to eight months.
Supported values are 0-8, which refers to the number of months to defer upgrades.
@@ -1409,10 +1428,11 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th
-ADMX Info:
-- GP name: *DeferUpgrade*
-- GP element: *DeferUpgradePeriodId*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP name: *DeferUpgrade*
+* GP element: *DeferUpgradePeriodId*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -1445,16 +1465,17 @@ ADMX Info:
-Specifies the scan frequency from every 1 - 22 hours with a random variant of 0 - 4 hours. Default is 22 hours. This policy should only be enabled when Update/UpdateServiceUrl is configured to point the device at a WSUS server rather than Microsoft Update.
+Specifies the scan frequency from every 1 - 22 hours with a random variant of 0 - 4 hours. Default is 22 hours. This policy should be enabled when Update/UpdateServiceUrl is configured to point the device at a WSUS server rather than Microsoft Update.
-ADMX Info:
-- GP Friendly name: *Automatic Updates detection frequency*
-- GP name: *DetectionFrequency_Title*
-- GP element: *DetectionFrequency_Hour2*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Automatic Updates detection frequency*
+* GP name: *DetectionFrequency_Title*
+* GP element: *DetectionFrequency_Hour2*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -1497,18 +1518,19 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
-ADMX Info:
-- GP Friendly name: *Do not allow update deferral policies to cause scans against Windows Update*
-- GP name: *DisableDualScan*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Do not allow update deferral policies to cause scans against Windows Update*
+* GP name: *DisableDualScan*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
The following list shows the supported values:
-- 0 - allow scan against Windows Update
-- 1 - do not allow update deferral policies to cause scans against Windows Update
+* 0 - allow scan against Windows Update
+* 1 - do not allow update deferral policies to cause scans against Windows Update
@@ -1552,24 +1574,25 @@ IT admins can, if necessary, opt devices out of safeguard protections using this
> [!NOTE]
> Opting out of the safeguards can put devices at risk from known performance issues. We recommend opting out only in an IT environment for validation purposes. Further, you can leverage the Windows Insider Program for Business Release Preview Channel in order to validate the upcoming Windows 10 Feature Update version without the safeguards being applied.
>
-> The disable safeguards policy will revert to “Not Configured” on a device after moving to a new Windows 10 version, even if previously enabled. This ensures the admin is consciously disabling Microsoft’s default protection from known issues for each new feature update.
+> The disable safeguards policy will revert to “Not Configured” on a device after moving to a new Windows 10 version, even if previously enabled. This ensures the admin is consciously disabling Microsoft’s default protection from known issues for each new feature update.
>
> Disabling safeguards does not guarantee your device will be able to successfully update. The update may still fail on the device and will likely result in a bad experience post upgrade as you are bypassing the protection given by Microsoft pertaining to known issues.
-ADMX Info:
-- GP Friendly name: *Disable safeguards for Feature Updates*
-- GP name: *DisableWUfBSafeguards*
-- GP path: *Windows Components/Windows Update/Windows Update for Business*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Disable safeguards for Feature Updates*
+* GP name: *DisableWUfBSafeguards*
+* GP path: *Windows Components/Windows Update/Windows Update for Business*
+* GP ADMX file name: *WindowsUpdate.admx*
The following list shows the supported values:
-- 0 (default) - Safeguards are enabled and devices may be blocked for upgrades until the safeguard is cleared.
-- 1 - Safeguards are not enabled and upgrades will be deployed without blocking on safeguards.
+* 0 (default) - Safeguards are enabled and devices may be blocked for upgrades until the safeguard is cleared.
+* 1 - Safeguards are not enabled and upgrades will be deployed without blocking on safeguards.
@@ -1602,7 +1625,7 @@ The following list shows the supported values:
-For Quality Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period.
+For Quality Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically execute, within the specified period.
The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system and user busy checks.
@@ -1613,23 +1636,25 @@ Value type is integer. Default is 14.
Supported value range: 2 - 30.
-If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (e.g. pending user scheduling).
+If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (for example, pending user scheduling).
If you disable or do not configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
+
1. No auto-restart with logged on users for scheduled automatic updates installations
2. Always automatically restart at scheduled time
3. Specify deadline before auto-restart for update installation
-ADMX Info:
-- GP Friendly name: *Specify Engaged restart transition and notification schedule for updates*
-- GP name: *EngagedRestartTransitionSchedule*
-- GP element: *EngagedRestartDeadline*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Specify Engaged restart transition and notification schedule for updates*
+* GP name: *EngagedRestartTransitionSchedule*
+* GP element: *EngagedRestartDeadline*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -1662,29 +1687,31 @@ ADMX Info:
-For Feature Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period.
+For Feature Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically execute, within the specified period.
Value type is integer. Default is 14.
Supported value range: 2 - 30.
-If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (e.g. pending user scheduling).
+If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (for example, pending user scheduling).
If you disable or do not configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
+
1. No auto-restart with logged on users for scheduled automatic updates installations
2. Always automatically restart at scheduled time
3. Specify deadline before auto-restart for update installation
-ADMX Info:
-- GP Friendly name: *Specify Engaged restart transition and notification schedule for updates*
-- GP name: *EngagedRestartTransitionSchedule*
-- GP element: *EngagedRestartDeadlineForFeatureUpdates*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Specify Engaged restart transition and notification schedule for updates*
+* GP name: *EngagedRestartTransitionSchedule*
+* GP element: *EngagedRestartDeadlineForFeatureUpdates*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -1719,25 +1746,27 @@ ADMX Info:
For Quality Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1 and 3 days.
-Value type is integer. Default is 3 days.
+Value type is integer. Default is three days.
-Supported value range: 1 - 3.
+Supported value range: 1-3.
If you disable or do not configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
+
1. No auto-restart with logged on users for scheduled automatic updates installations
2. Always automatically restart at scheduled time
3. Specify deadline before auto-restart for update installation
-ADMX Info:
-- GP Friendly name: *Specify Engaged restart transition and notification schedule for updates*
-- GP name: *EngagedRestartTransitionSchedule*
-- GP element: *EngagedRestartSnoozeSchedule*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Specify Engaged restart transition and notification schedule for updates*
+* GP name: *EngagedRestartTransitionSchedule*
+* GP element: *EngagedRestartSnoozeSchedule*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -1770,27 +1799,29 @@ ADMX Info:
-For Feature Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1 and 3 days.
+For Feature Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between one and three days.
-Value type is integer. Default is 3 days.
+Value type is integer. Default is three days.
Supported value range: 1 - 3.
If you disable or do not configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
+
1. No auto-restart with logged on users for scheduled automatic updates installations
2. Always automatically restart at scheduled time
3. Specify deadline before auto-restart for update installation
-ADMX Info:
-- GP Friendly name: *Specify Engaged restart transition and notification schedule for updates*
-- GP name: *EngagedRestartTransitionSchedule*
-- GP element: *EngagedRestartSnoozeScheduleForFeatureUpdates*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Specify Engaged restart transition and notification schedule for updates*
+* GP name: *EngagedRestartTransitionSchedule*
+* GP element: *EngagedRestartSnoozeScheduleForFeatureUpdates*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -1825,25 +1856,27 @@ ADMX Info:
For Quality Updates, this policy specifies the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending.
-Value type is integer. Default value is 7 days.
+Value type is integer. Default value is seven days.
-Supported value range: 2 - 30.
+Supported value range: 2 - 30.
If you disable or do not configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
+
1. No auto-restart with logged on users for scheduled automatic updates installations
2. Always automatically restart at scheduled time
3. Specify deadline before auto-restart for update installation
-ADMX Info:
-- GP Friendly name: *Specify Engaged restart transition and notification schedule for updates*
-- GP name: *EngagedRestartTransitionSchedule*
-- GP element: *EngagedRestartTransitionSchedule*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Specify Engaged restart transition and notification schedule for updates*
+* GP name: *EngagedRestartTransitionSchedule*
+* GP element: *EngagedRestartTransitionSchedule*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -1878,25 +1911,27 @@ ADMX Info:
For Feature Updates, this policy specifies the timing before transitioning from Auto restarts scheduled_outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending.
-Value type is integer. Default value is 7 days.
+Value type is integer. Default value is seven days.
Supported value range: 2 - 30.
If you disable or do not configure this policy, the default behaviors will be used.
If any of the following policies are configured, this policy has no effect:
+
1. No auto-restart with logged on users for scheduled automatic updates installations
2. Always automatically restart at scheduled time
3. Specify deadline before auto-restart for update installation
-ADMX Info:
-- GP Friendly name: *Specify Engaged restart transition and notification schedule for updates*
-- GP name: *EngagedRestartTransitionSchedule*
-- GP element: *EngagedRestartTransitionScheduleForFeatureUpdates*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Specify Engaged restart transition and notification schedule for updates*
+* GP name: *EngagedRestartTransitionSchedule*
+* GP element: *EngagedRestartTransitionScheduleForFeatureUpdates*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -1930,24 +1965,25 @@ ADMX Info:
> [!NOTE]
-> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
+> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
Allows IT Admins to exclude Windows Update (WU) drivers during updates.
-ADMX Info:
-- GP Friendly name: *Do not include drivers with Windows Updates*
-- GP name: *ExcludeWUDriversInQualityUpdate*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Do not include drivers with Windows Updates*
+* GP name: *ExcludeWUDriversInQualityUpdate*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
The following list shows the supported values:
-- 0 (default) – Allow Windows Update drivers.
-- 1 – Exclude Windows Update drivers.
+* 0 (default) – Allow Windows Update drivers.
+* 1 – Exclude Windows Update drivers.
@@ -1987,19 +2023,20 @@ Allows Windows Update Agent to determine the download URL when it is missing fro
-ADMX Info:
-- GP Friendly name: *Specify intranet Microsoft update service location*
-- GP name: *CorpWuURL*
-- GP element: *CorpWUFillEmptyContentUrls*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Specify intranet Microsoft update service location*
+* GP name: *CorpWuURL*
+* GP element: *CorpWUFillEmptyContentUrls*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
The following list shows the supported values:
-- 0 (default) – Disabled.
-- 1 – Enabled.
+* 0 (default) – Disabled.
+* 1 – Enabled.
@@ -2032,7 +2069,7 @@ The following list shows the supported values:
-Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies.
+Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies.
> [!WARNING]
> Setting this policy might cause devices to incur costs from MO operators.
@@ -2041,15 +2078,16 @@ Specifies whether to ignore the MO download limit (allow unlimited downloading)
The following list shows the supported values:
-- 0 (default) – Do not ignore MO download limit for apps and their updates.
-- 1 – Ignore MO download limit (allow unlimited downloading) for apps and their updates.
+* 0 (default) – Do not ignore MO download limit for apps and their updates.
+* 1 – Ignore MO download limit (allow unlimited downloading) for apps and their updates.
To validate this policy:
-1. Enable the policy and ensure the device is on a cellular network.
-2. Run the scheduled task on your device to check for app updates in the background. For example, on a mobile device, run the following commands in TShell:
+1. Enable the policy and ensure the device is on a cellular network.
+2. Run the scheduled task on your device to check for app updates in the background. For example, on a mobile device, run the following commands in TShell:
+
```TShell
exec-device schtasks.exe -arguments '/run /tn "\Microsoft\Windows\WindowsUpdate\Automatic App Update" /I'
```
@@ -2085,7 +2123,7 @@ To validate this policy:
-Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies.
+Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies.
> [!WARNING]
> Setting this policy might cause devices to incur costs from MO operators.
@@ -2094,15 +2132,16 @@ Specifies whether to ignore the MO download limit (allow unlimited downloading)
The following list shows the supported values:
-- 0 (default) – Do not ignore MO download limit for OS updates.
-- 1 – Ignore MO download limit (allow unlimited downloading) for OS updates.
+* 0 (default) – Do not ignore MO download limit for OS updates.
+* 1 – Ignore MO download limit (allow unlimited downloading) for OS updates.
To validate this policy:
-1. Enable the policy and ensure the device is on a cellular network.
-2. Run the scheduled task on your device to check for app updates in the background. For example, on a mobile device, run the following commands in TShell:
+1. Enable the policy and ensure the device is on a cellular network.
+2. Run the scheduled task on your device to check for app updates in the background. For example, on a mobile device, run the following commands in TShell:
+
```TShell
exec-device schtasks.exe -arguments '/run /tn "\Microsoft\Windows\WindowsUpdate\Automatic App Update" /I'
```
@@ -2142,20 +2181,21 @@ Used to manage Windows 10 Insider Preview builds. Value type is integer.
-ADMX Info:
-- GP Friendly name: *Manage preview builds*
-- GP name: *ManagePreviewBuilds*
-- GP element: *ManagePreviewBuildsId*
-- GP path: *Windows Components/Windows Update/Windows Update for Business*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Manage preview builds*
+* GP name: *ManagePreviewBuilds*
+* GP element: *ManagePreviewBuildsId*
+* GP path: *Windows Components/Windows Update/Windows Update for Business*
+* GP ADMX file name: *WindowsUpdate.admx*
The following list shows the supported values:
-- 0 - Disable Preview builds
-- 1 - Disable Preview builds once the next release is public
-- 2 - Enable Preview builds
+* 0 - Disable Preview builds
+* 1 - Disable Preview builds once the next release is public
+* 2 - Enable Preview builds
@@ -2189,11 +2229,9 @@ The following list shows the supported values:
> [!NOTE]
-> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use PauseDeferrals for Windows 10, version 1511 devices.
-
-
-Allows IT Admins to pause updates and upgrades for up to 5 weeks. Paused deferrals will be reset after 5 weeks.
+> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use PauseDeferrals for Windows 10, version 1511 devices.
+Allows IT Admins to pause updates and upgrades for up to five weeks. Paused deferrals will be reset after five weeks.
If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
@@ -2201,17 +2239,18 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th
-ADMX Info:
-- GP name: *DeferUpgrade*
-- GP element: *PauseDeferralsId*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP name: *DeferUpgrade*
+* GP element: *PauseDeferralsId*
+* GP ADMX file name: *WindowsUpdate.admx*
The following list shows the supported values:
-- 0 (default) – Deferrals are not paused.
-- 1 – Deferrals are paused.
+* 0 (default) – Deferrals are not paused.
+* 1 – Deferrals are paused.
@@ -2244,26 +2283,26 @@ The following list shows the supported values:
-Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
-
+Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
Allows IT Admins to pause feature updates for up to 35 days. We recomment that you use the *Update/PauseFeatureUpdatesStartTime* policy if you are running Windows 10, version 1703 or later.
-ADMX Info:
-- GP Friendly name: *Select when Preview Builds and Feature Updates are received*
-- GP name: *DeferFeatureUpdates*
-- GP element: *PauseFeatureUpdatesId*
-- GP path: *Windows Components/Windows Update/Windows Update for Business*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Select when Preview Builds and Feature Updates are received*
+* GP name: *DeferFeatureUpdates*
+* GP element: *PauseFeatureUpdatesId*
+* GP path: *Windows Components/Windows Update/Windows Update for Business*
+* GP ADMX file name: *WindowsUpdate.admx*
The following list shows the supported values:
-- 0 (default) – Feature Updates are not paused.
-- 1 – Feature Updates are paused for 35 days or until value set to back to 0, whichever is sooner.
+* 0 (default) – Feature Updates are not paused.
+* 1 – Feature Updates are paused for 35 days or until value set to back to 0, whichever is sooner.
@@ -2296,18 +2335,19 @@ The following list shows the supported values:
-Specifies the date and time when the IT admin wants to start pausing the Feature Updates. When this policy is configured, Feature Updates will be paused for 35 days from the specified start date.
+Specifies the date and time when the IT admin wants to start pausing the Feature Updates. When this policy is configured, Feature Updates will be paused for 35 days from the specified start date.
-Value type is string (yyyy-mm-dd, ex. 2018-10-28). Supported operations are Add, Get, Delete, and Replace.
+Value type is string (yyyy-mm-dd). Supported operations are Add, Get, Delete, and Replace.
-ADMX Info:
-- GP Friendly name: *Select when Preview Builds and Feature Updates are received*
-- GP name: *DeferFeatureUpdates*
-- GP element: *PauseFeatureUpdatesStartId*
-- GP path: *Windows Components/Windows Update/Windows Update for Business*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Select when Preview Builds and Feature Updates are received*
+* GP name: *DeferFeatureUpdates*
+* GP element: *PauseFeatureUpdatesStartId*
+* GP path: *Windows Components/Windows Update/Windows Update for Business*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -2344,19 +2384,20 @@ Allows IT Admins to pause quality updates. For those running Windows 10, version
-ADMX Info:
-- GP Friendly name: *Select when Quality Updates are received*
-- GP name: *DeferQualityUpdates*
-- GP element: *PauseQualityUpdatesId*
-- GP path: *Windows Components/Windows Update/Windows Update for Business*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Select when Quality Updates are received*
+* GP name: *DeferQualityUpdates*
+* GP element: *PauseQualityUpdatesId*
+* GP path: *Windows Components/Windows Update/Windows Update for Business*
+* GP ADMX file name: *WindowsUpdate.admx*
The following list shows the supported values:
-- 0 (default) – Quality Updates are not paused.
-- 1 – Quality Updates are paused for 35 days or until value set back to 0, whichever is sooner.
+* 0 (default) – Quality Updates are not paused.
+* 1 – Quality Updates are paused for 35 days or until value set back to 0, whichever is sooner.
@@ -2389,18 +2430,19 @@ The following list shows the supported values:
-Specifies the date and time when the IT admin wants to start pausing the Quality Updates. When this policy is configured, Quality Updates will be paused for 35 days from the specified start date.
+Specifies the date and time when the IT admin wants to start pausing the Quality Updates. When this policy is configured, Quality Updates will be paused for 35 days from the specified start date.
-Value type is string (yyyy-mm-dd, ex. 2018-10-28). Supported operations are Add, Get, Delete, and Replace.
+Value type is string (yyyy-mm-dd). Supported operations are Add, Get, Delete, and Replace.
-ADMX Info:
-- GP Friendly name: *Select when Quality Updates are received*
-- GP name: *DeferQualityUpdates*
-- GP element: *PauseQualityUpdatesStartId*
-- GP path: *Windows Components/Windows Update/Windows Update for Business*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Select when Quality Updates are received*
+* GP name: *DeferQualityUpdates*
+* GP element: *PauseQualityUpdatesStartId*
+* GP path: *Windows Components/Windows Update/Windows Update for Business*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -2468,18 +2510,19 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd
-Available in Windows 10, version 2004 and later. Enables IT administrators to specify which product they would like their device(s) to move to and/or stay on until they reach end of service or reconfigure the policy to target a new product.
+Available in Windows 10, version 2004 and later. Enables IT administrators to specify which product they would like their device(s) to move to and/or stay on until they reach end of service or reconfigure the policy to target a new product.
If no product is specified, the device will continue receiving newer versions of the Windows product it is currently on. For details about different Windows 10 versions, see [release information](/windows/release-health/release-information).
-ADMX Info:
-- GP Friendly name: *Select the target Feature Update version*
-- GP name: *TargetReleaseVersion*
-- GP element: *ProductVersion*
-- GP path: *Windows Components/Windows Update/Windows Update for Business*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Select the target Feature Update version*
+* GP name: *TargetReleaseVersion*
+* GP element: *ProductVersion*
+* GP path: *Windows Components/Windows Update/Windows Update for Business*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -2527,24 +2570,24 @@ By using this Windows Update for Business policy to upgrade devices to a new pro
> [!NOTE]
-> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices.
-
+> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices.
Allows the IT admin to set a device to Semi-Annual Channel train.
-ADMX Info:
-- GP name: *DeferUpgrade*
-- GP element: *DeferUpgradePeriodId*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP name: *DeferUpgrade*
+* GP element: *DeferUpgradePeriodId*
+* GP ADMX file name: *WindowsUpdate.admx*
The following list shows the supported values:
-- 0 (default) – User gets upgrades from Semi-Annual Channel (Targeted).
-- 1 – User gets upgrades from Semi-Annual Channel.
+* 0 (default) – User gets upgrades from Semi-Annual Channel (Targeted).
+* 1 – User gets upgrades from Semi-Annual Channel.
@@ -2578,10 +2621,9 @@ The following list shows the supported values:
> [!NOTE]
-> This policy is *only* recommended for managing mobile devices. If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead.
+> This policy is *only* recommended for managing mobile devices. If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead.
-
-Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end-user. EULAs are approved once an update is approved.
+Allows the IT admin to restrict the updates that are installed on a device to only those updates on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end user. EULAs are approved once an update is approved.
Supported operations are Get and Replace.
@@ -2589,8 +2631,8 @@ Supported operations are Get and Replace.
The following list shows the supported values:
-- 0 – Not configured. The device installs all applicable updates.
-- 1 – The device only installs updates that are both applicable and on the Approved Updates list. Set this policy to 1 if IT wants to control the deployment of updates on devices, such as when testing is required prior to deployment.
+* 0 – Not configured. The device installs all applicable updates.
+* 1 – The device only installs updates that are both applicable and on the Approved Updates list. Set this policy to 1 if IT wants to control the deployment of updates on devices, such as when testing is required prior to deployment.
@@ -2629,12 +2671,13 @@ The default value is 15 (minutes).
-ADMX Info:
-- GP Friendly name: *Configure auto-restart warning notifications schedule for updates*
-- GP name: *RestartWarnRemind*
-- GP element: *RestartWarn*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Configure auto-restart warning notifications schedule for updates*
+* GP name: *RestartWarnRemind*
+* GP element: *RestartWarn*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -2672,7 +2715,7 @@ Supported values are 15, 30, or 60 (minutes).
> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
Allows the IT Admin to specify the period for auto-restart warning reminder notifications.
@@ -2681,12 +2724,13 @@ The default value is 4 (hours).
-ADMX Info:
-- GP Friendly name: *Configure auto-restart warning notifications schedule for updates*
-- GP name: *RestartWarnRemind*
-- GP element: *RestartWarnRemind*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Configure auto-restart warning notifications schedule for updates*
+* GP name: *RestartWarnRemind*
+* GP element: *RestartWarnRemind*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -2731,25 +2775,26 @@ Supported operations are Add, Delete, Get, and Replace.
-ADMX Info:
-- GP Friendly name: *Configure Automatic Updates*
-- GP name: *AutoUpdateCfg*
-- GP element: *AutoUpdateSchDay*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Configure Automatic Updates*
+* GP name: *AutoUpdateCfg*
+* GP element: *AutoUpdateSchDay*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
The following list shows the supported values:
-- 0 (default) – Every day
-- 1 – Sunday
-- 2 – Monday
-- 3 – Tuesday
-- 4 – Wednesday
-- 5 – Thursday
-- 6 – Friday
-- 7 – Saturday
+* 0 (default) – Every day
+* 1 – Sunday
+* 2 – Monday
+* 3 – Tuesday
+* 4 – Wednesday
+* 5 – Thursday
+* 6 – Friday
+* 7 – Saturday
@@ -2782,7 +2827,7 @@ The following list shows the supported values:
-Enables the IT admin to schedule the update installation on the every week. Value type is integer. Supported values:
+Enables the IT admin to schedule the update installation on every week. Value type is integer. Supported values:
- 0 - no update in the schedule
- 1 - update is scheduled every week
@@ -2790,12 +2835,13 @@ Enables the IT admin to schedule the update installation on the every week. Valu
-ADMX Info:
-- GP Friendly name: *Configure Automatic Updates*
-- GP name: *AutoUpdateCfg*
-- GP element: *AutoUpdateSchEveryWeek*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Configure Automatic Updates*
+* GP name: *AutoUpdateCfg*
+* GP element: *AutoUpdateSchEveryWeek*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -2836,12 +2882,13 @@ Enables the IT admin to schedule the update installation on the first week of th
-ADMX Info:
-- GP Friendly name: *Configure Automatic Updates*
-- GP name: *AutoUpdateCfg*
-- GP element: *AutoUpdateSchFirstWeek*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Configure Automatic Updates*
+* GP name: *AutoUpdateCfg*
+* GP element: *AutoUpdateSchFirstWeek*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -2882,12 +2929,13 @@ Enables the IT admin to schedule the update installation on the fourth week of t
-ADMX Info:
-- GP Friendly name: *Configure Automatic Updates*
-- GP name: *AutoUpdateCfg*
-- GP element: *ScheduledInstallFourthWeek*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Configure Automatic Updates*
+* GP name: *AutoUpdateCfg*
+* GP element: *ScheduledInstallFourthWeek*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -2928,12 +2976,13 @@ Enables the IT admin to schedule the update installation on the second week of t
-ADMX Info:
-- GP Friendly name: *Configure Automatic Updates*
-- GP name: *AutoUpdateCfg*
-- GP element: *ScheduledInstallSecondWeek*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Configure Automatic Updates*
+* GP name: *AutoUpdateCfg*
+* GP element: *ScheduledInstallSecondWeek*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -2974,12 +3023,13 @@ Enables the IT admin to schedule the update installation on the third week of th
-ADMX Info:
-- GP Friendly name: *Configure Automatic Updates*
-- GP name: *AutoUpdateCfg*
-- GP element: *ScheduledInstallThirdWeek*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Configure Automatic Updates*
+* GP name: *AutoUpdateCfg*
+* GP element: *ScheduledInstallThirdWeek*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -3013,12 +3063,12 @@ ADMX Info:
> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
Enables the IT admin to schedule the time of the update installation.
-The data type is a integer.
+The data type is an integer.
Supported operations are Add, Delete, Get, and Replace.
@@ -3028,12 +3078,13 @@ The default value is 3.
-ADMX Info:
-- GP Friendly name: *Configure Automatic Updates*
-- GP name: *AutoUpdateCfg*
-- GP element: *AutoUpdateSchTime*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Configure Automatic Updates*
+* GP name: *AutoUpdateCfg*
+* GP element: *AutoUpdateSchTime*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -3070,19 +3121,20 @@ Allows the IT Admin to disable auto-restart notifications for update installatio
-ADMX Info:
-- GP Friendly name: *Turn off auto-restart notifications for update installations*
-- GP name: *AutoRestartNotificationDisable*
-- GP element: *AutoRestartNotificationSchd*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Turn off auto-restart notifications for update installations*
+* GP name: *AutoRestartNotificationDisable*
+* GP element: *AutoRestartNotificationSchd*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
The following list shows the supported values:
-- 0 (default) – Enabled
-- 1 – Disabled
+* 0 (default) – Enabled
+* 1 – Disabled
@@ -3121,9 +3173,10 @@ Value type is integer. Default is 0. Supported values 0, 1.
-ADMX Info:
-- GP name: *SetDisablePauseUXAccess*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP name: *SetDisablePauseUXAccess*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -3162,9 +3215,10 @@ Value type is integer. Default is 0. Supported values 0, 1.
-ADMX Info:
-- GP name: *SetDisableUXWUAccess*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP name: *SetDisableUXWUAccess*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -3203,11 +3257,12 @@ When you set this policy along with Update/ActiveHoursStart, Update/ActiveHoursE
-ADMX Info:
-- GP Friendly name: *Update Power Policy for Cart Restarts*
-- GP name: *SetEDURestart*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Update Power Policy for Cart Restarts*
+* GP name: *SetEDURestart*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -3248,18 +3303,19 @@ The following list shows the supported values:
-Available in Windows 10, version 1607 and later. By default, HTTP WSUS servers scan only if system proxy is configured. This policy setting allows you to configure user proxy as a fallback for detecting updates while using an HTTP based intranet server despite the vulnerabilities it presents.
+Available in Windows 10, version 1607 and later. By default, HTTP WSUS servers scan only if system proxy is configured. This policy setting allows you to configure user proxy as a fallback for detecting updates while using an HTTP-based intranet server despite the vulnerabilities it presents.
-This policy setting does not impact those customers who have, per Microsoft recommendation, secured their WSUS server with TLS/SSL protocol, thereby using HTTPS based intranet servers to keep systems secure. That said, if a proxy is required, we recommend configuring a system proxy to ensure the highest level of security.
+This policy setting does not impact those customers who have, per Microsoft recommendation, secured their WSUS server with TLS/SSL protocol, thereby using HTTPS-based intranet servers to keep systems secure. That said, if a proxy is required, we recommend configuring a system proxy to ensure the highest level of security.
-ADMX Info:
-- GP Friendly name: *Select the proxy behavior for Windows Update client for detecting updates with non-TLS (HTTP) based service*
-- GP name: *Select the proxy behavior*
-- GP element: *Select the proxy behavior*
-- GP path: *Windows Components/Windows Update/Specify intranet Microsoft update service location*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Select the proxy behavior for Windows Update client for detecting updates with non-TLS (HTTP) based service*
+* GP name: *Select the proxy behavior*
+* GP element: *Select the proxy behavior*
+* GP path: *Windows Components/Windows Update/Specify intranet Microsoft update service location*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -3304,16 +3360,17 @@ The following list shows the supported values:
Available in Windows 10, version 1803 and later. Enables IT administrators to specify which version they would like their device(s) to move to and/or stay on until they reach end of service or reconfigure the policy. For details about different Windows 10 versions, see [Windows 10 release information](/windows/release-health/release-information/).
-ADMX Info:
-- GP Friendly name: *Select the target Feature Update version*
-- GP name: *TargetReleaseVersion*
-- GP element: *TargetReleaseVersionInfo*
-- GP path: *Windows Components/Windows Update/Windows Update for Business*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Select the target Feature Update version*
+* GP name: *TargetReleaseVersion*
+* GP element: *TargetReleaseVersionInfo*
+* GP path: *Windows Components/Windows Update/Windows Update for Business*
+* GP ADMX file name: *WindowsUpdate.admx*
-Value type is a string containing Windows 10 version number. For example, 1809, 1903.
+Value type is a string containing Windows 10-version number. For example, 1809, 1903.
@@ -3364,11 +3421,12 @@ Options:
-ADMX Info:
-- GP Friendly name: *Display options for update notifications*
-- GP name: *UpdateNotificationLevel*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Display options for update notifications*
+* GP name: *UpdateNotificationLevel*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
@@ -3413,25 +3471,26 @@ ADMX Info:
> [!IMPORTANT]
> Starting in Windows 10, version 1703 this policy is not supported in IoT Mobile.
-Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet.
+Allows the device to check for updates from a WSUS server instead of Microsoft Update.
Supported operations are Get and Replace.
-ADMX Info:
-- GP Friendly name: *Specify intranet Microsoft update service location*
-- GP name: *CorpWuURL*
-- GP element: *CorpWUURL_Name*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Specify intranet Microsoft update service location*
+* GP name: *CorpWuURL*
+* GP element: *CorpWUURL_Name*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*
The following list shows the supported values:
-- Not configured. The device checks for updates from Microsoft Update.
-- Set to a URL, such as `http://abcd-srv:8530`. The device checks for updates from the WSUS server at the specified URL.
+* Not configured. The device checks for updates from Microsoft Update.
+* Set to a URL, such as `http://abcd-srv:8530`. The device checks for updates from the WSUS server at the specified URL.
@@ -3490,7 +3549,7 @@ This setting lets you specify a server on your network to function as an interna
To use this setting, you must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server. An optional server name value can be specified to configure Windows Update agent, and download updates from an alternate download server instead of WSUS Server.
-Value type is string and the default value is an empty string, "". If the setting is not configured, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet.
+Value type is string and the default value is an empty string, "". If the setting is not configured, and if Automatic Updates are not enabled, the Automatic Updates client connects directly to Windows Update.
> [!NOTE]
> If the "Configure Automatic Updates" Group Policy is disabled, then this policy has no effect.
@@ -3499,12 +3558,13 @@ Value type is string and the default value is an empty string, "". If the settin
-ADMX Info:
-- GP Friendly name: *Specify intranet Microsoft update service location*
-- GP name: *CorpWuURL*
-- GP element: *CorpWUContentHost_Name*
-- GP path: *Windows Components/Windows Update*
-- GP ADMX file name: *WindowsUpdate.admx*
+ADMX Info:
+
+* GP Friendly name: *Specify intranet Microsoft update service location*
+* GP name: *CorpWuURL*
+* GP element: *CorpWUContentHost_Name*
+* GP path: *Windows Components/Windows Update*
+* GP ADMX file name: *WindowsUpdate.admx*