Windows 10 Tip: Configure Windows Update for Business using Group Policy
In today’s Ask the Admin, I’ll show you how to configure Windows Update for Business in the Windows 10 November update (build 1511).
Along with the visual and performance improvements in the Windows 10 November update are features designed to encourage businesses to adopt Microsoft’s new operating system. While still a work in progress, as is the rest of Windows 10, Windows Update for Business is a set of options that give businesses more control over when updates are installed.
Before the latest update, Windows 10 (build 10240) Professional and Enterprise edition owners could defer non-security updates for a few months using the Defer upgrades checkbox under Advanced options in the Windows Update section of the Settings app, or using Group Policy. Now a new Group Policy setting has been added to give businesses more flexibility.
While none of this is much of problem for organizations that use System Center Configuration Manager (SCCM) or Windows Server Update Services (WSUS) for distributing updates, smaller businesses that connect directory to Microsoft’s update servers need more control over updates.
Windows Update for Business isn’t a product, but set of controls built-in to Windows 10. Additionally, there are three branches to which devices can be subscribed:
- Current Branch (CB)
- Current Branch for Business (CBB)
- Long Term Servicing Branch
If you don’t make any changes to your Windows 10 device, you are by default subscribed to the Current Branch. If you check the Defer upgrades box in Windows Update settings, you are then part of the Current Branch for Business. It’s important to note that none of the branches prevent critical security updates from installing, they are only designed to stop updates that include fixes and new functionality.
Configure Windows Update for Business using Group Policy
Before you get started, if you’re not familiar with Group Policy, take a look at How to Create and Link a Group Policy Object in Active Directory on the Petri IT Knowledgebase for a primer on working with Active Directory Group Policy Objects (GPOs). If you don’t have Active Directory but do have Windows 10 Professional or Enterprise editions, you can set the Windows Update configuration in local policy, which can be accessed using the Microsoft Management Console (MMC):
- Log in to Windows 10.
- Type mmc into the search bar, right click mmc in the results and select Run as administrator from the menu.
- Enter a local administrator account name and password, or give consent to elevate privileges, if prompted.
- In the console window, click CTRL+M to add a snap-in.
- In the Add or Remove Snap-ins window, select Group Policy Object Editor under Available snap-ins and then click Add.
- In the Select Group Policy Object dialog, leave Local Computer as the selected GPO and click Finish.
- Click OK in the Add or Remove Snap-ins window.
The GPO options for deferring upgrades and updates are as follows:
- Upgrades up to 8 months (monthly increments)
- Updates up to 4 weeks (weekly increments)
- Pause Upgrades and Updates until the next release
If the GPO is enabled but both the Defer Upgrades and Defer Updates settings are set to 0, computers within scope will be part of the Current Branch for Business.
- In the Group Policy Object Editor, expand Computer Configuration > Administrative Templates > Windows Components > Windows Update in the left of the console.
- In the right pane, double click Defer Upgrades and Updates.
- In the Defer Upgrades and Updates dialog box, change the GPO status to Enabled.
- Set the number of months by which to delay upgrades.
- Set the number of weeks by which to delay updates.
- Click OK.
The new Windows Update settings will be deployed to computers that fall in scope of the GPO or local policy object when Group Policy is refreshed.
More in Windows 10
How To Find Windows 10 Stop Codes and Fix Errors Quickly
Feb 6, 2023 | Michael Reinders
Microsoft Stops Selling Windows 10 Digital Downloads
Feb 1, 2023 | Rabia Noureen
Microsoft Offers Temporary Fix for Start menu or UWP App Freezing Issues on Windows 11 and 10
Jan 26, 2023 | Rabia Noureen
Microsoft to End Sale of Windows 10 Home and Pro Licenses This Month
Jan 19, 2023 | Rabia Noureen
Microsoft Releases a Script to Recover Some Windows App Shortcuts Deleted on Friday 13
Jan 16, 2023 | Rabia Noureen
[Updated] Microsoft to Fix Defender Bug Deleting Windows Apps Shortcuts from Taskbar
Jan 13, 2023 | Rabia Noureen
Most popular on petri