Name |
Source |
Type |
|---|---|---|
Notify to download updates |
Administrator |
Group Policy |
Set when Active Hours start |
Administrator |
Group Policy |
Set when Active Hours end |
Administrator |
Group Policy |
Specifies target server to host updates |
Administrator |
Group Policy |
Branch readiness level |
Administrator |
Group Policy |
Enable quality update deferral |
Administrator |
Group Policy |
Quality update deferral period |
Administrator |
Group Policy |
Enable feature update deferral period |
Administrator |
Group Policy |
Feature update deferall period |
Administrator |
Group Policy |
Enable drivers from Windows quality updates |
Administrator |
Group Policy |
Set Automatic Update options |
Administrator |
Group Policy |
Service Channel Configuration
Policy |
Registry Key |
|---|---|
GPO for Windows 10 version 1607 or later: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Feature Updates are receivced |
HKLM\SOFTWARE\Policies\Microsoft\Windows\ WindowsUpdate\BranchReadinessLevel |
GPO for Windows 10 version 1511: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Upgrades and Updates |
HKLM\SOFTWARE\Policies\Microsoft\Windows\ WindowsUpdate\DeferUpgrade |
MDM for Windows 10, version 1607 or later: .../Vendor/MSFT/Policy/Config/Update/BranchReadinessLevel |
HKLM\SOFTWARE\Microsoft\PolicyManager\default\ Update\BranchReadinessLevel |
MDM for Windows 10 version 1511: .../Vendor/MSFT/Policy/Config/Update/RequireDeferUgrade |
HKLM\SOFTWARE\Microsoft\PolicyManager\default\ Update\RequireDeferUpgrade |
Windows 10 version 1703 and later enables users to configure the branch readiness level for a device using Settings > Update & security > Windows Update > Advanced options.
|
Note: If configured by policy, this setting cannot be changed by the user. |
Feature Updates Reception Configuration
The maximum number of days that a feature update can be deferred is 365 days from the date of their availability from Microsoft on Windows Update.
Policy |
Registry Key |
|---|---|
GPO for Windows 10 version 1607 or later: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Feature Updates are receivced |
HKLM\SOFTWARE\Policies\Microsoft\Windows\ WindowsUpdate\DeferFeatureUpdates
HKLM\SOFTWARE\Policies\Microsoft\Windows\ WindowsUpdate\DeferFeatureUpdatesPeriodInDays |
GPO for Windows 10 version 1511: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Upgrades and Updates |
HKLM\SOFTWARE\Policies\Microsoft\Windows\ WindowsUpdate\DeferUpgradePeriod |
MDM for Windows 10, version 1607 or later: .../Vendor/MSFT/Policy/Config/Update/DeferFeatureUpdatesPeriodInDays |
HKLM\SOFTWARE\Microsoft\PolicyManager\default\ Update\DeferFeatureUpdatesPeriodInDays |
MDM for Windows 10 version 1511: .../Vendor/MSFT/Policy/Config/Update/DeferUpgrade |
HKLM\SOFTWARE\Microsoft\PolicyManager\default\ Update\RequireDeferUpgrade |
|
Note: It is possible for individual users to defer feature updates by using Settings > Update & security > Windows Update > Advanced options if not configured by policy. |
Pause Feature Updates Configuration
When a pause has been configured, the pause setting will automatically expire after a period of 35 days.
Policy |
Registry Key |
|---|---|
GPO for Windows 10 version 1607 or later: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Feature Updates are receivced |
1607: HKLM\SOFTWARE\Policies\Microsoft\Windows\ WindowsUpdate\PauseFeatureUpdates
1703 and later: HKLM\SOFTWARE\Policies\Microsoft\Windows\ WindowsUpdate\PauseFeatureUpdatesStartTime |
GPO for Windows 10 version 1511: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Upgrades and Updates |
HKLM\SOFTWARE\Policies\Microsoft\Windows\ WindowsUpdate\Pause |
MDM for Windows 10, version 1607 or later: .../Vendor/MSFT/Policy/Config/Update/PauseFeatureUpdates |
1607: HKLM\SOFTWARE\Microsoft\PolicyManager\default\ Update\PauseFeatureUpdates
1703 and later: HKLM\SOFTWARE\Microsoft\PolicyManager\default\ Update\PauseFeatureUpdatesStartTime |
MDM for Windows 10 version 1511: .../Vendor/MSFT/Policy/Config/Update/DeferUpgrade |
HKLM\SOFTWARE\Microsoft\PolicyManager\default\ Update\Pause |
The date feature updates were paused can be found in the PausedFeatureDate registry key under HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings.
If a device has resumed feature updates or not, can be checked in the PausedFeatureStatus registry key under HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings.
Value |
Status |
|---|---|
0 |
Not paused |
1 |
Paused |
2 |
Automatically resumed after being paused |
|
Note: It is possible for individual users to pause feature updates by using Settings > Update & security > Windows Update > Advanced options if not configured by policy. |
Quality Updates Reception Configuration
The reception of quality updates can be deferred for a period of up to 30 days from their release. Usually, quality updates are published monthly on the second Tuesday of the month.
Policy |
Registry Key |
|---|---|
GPO for Windows 10 version 1607 or later: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Quality Updates are received |
HKLM\SOFTWARE\Policies\Microsoft\Windows\ WindowsUpdate\DeferQualityUpdates
HKLM\SOFTWARE\Policies\Microsoft\Windows\ WindowsUpdate\DeferQualityUpdatesPeriodInDays |
GPO for Windows 10 version 1511: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Upgrades and Updates |
HKLM\SOFTWARE\Policies\Microsoft\Windows\ WindowsUpdate\DeferUpgradePeriod |
MDM for Windows 10, version 1607 or later: .../Vendor/MSFT/Policy/Config/Update/DeferQualityUpdatesPeriodInDays |
HKLM\SOFTWARE\Microsoft\PolicyManager\default\ Update\DeferQualityUpdatesPeriodInDays |
MDM for Windows 10 version 1511: .../Vendor/MSFT/Policy/Config/Update/DeferUpgrade |
HKLM\SOFTWARE\Microsoft\PolicyManager\default\ Update\RequireDeferUpgrade |
|
Note: It is possible for individual users to defer quality updates by using Settings > Update & security > Windows Update > Advanced options if not configured by policy. |
Pause Quality Updates Configuration
When a pause has been configured, the pause setting will automatically expire after a period of 35 days.
|
Note: IT administrators are able to prevent users from pausing updates starting with Windows 10, version 1809. |
Policy |
Registry Key |
|---|---|
GPO for Windows 10 version 1607 or later: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Quality Updates are receivced |
1607: HKLM\SOFTWARE\Policies\Microsoft\Windows\ WindowsUpdate\PauseQualityUpdates
1703 and later: HKLM\SOFTWARE\Policies\Microsoft\Windows\ WindowsUpdate\PauseQualityUpdatesStartTime |
GPO for Windows 10 version 1511: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Upgrades and Updates |
HKLM\SOFTWARE\Policies\Microsoft\Windows\ WindowsUpdate\Pause |
MDM for Windows 10, version 1607 or later: .../Vendor/MSFT/Policy/Config/Update/PauseQualityUpdates |
1607: HKLM\SOFTWARE\Microsoft\PolicyManager\default\ Update\PauseQualityUpdates
1703 and later: HKLM\SOFTWARE\Microsoft\PolicyManager\default\ Update\PauseQualityUpdatesStartTime |
MDM for Windows 10 version 1511: .../Vendor/MSFT/Policy/Config/Update/DeferUpgrade |
HKLM\SOFTWARE\Microsoft\PolicyManager\default\ Update\Pause |
The date quality updates were paused can be found in the PausedQualityDate registry key under HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings.
If a device has resumed quality updates or not, can be checked in the PausedQualityStatus registry key under HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings.
Value |
Status |
|---|---|
0 |
Not paused |
1 |
Paused |
2 |
Automatically resumed after being paused |
|
Note: It is possible for individual users to pause quality updates by using Settings > Update & security > Windows Update > Advanced options if not configured by policy. |
Windows Insider Preview Configuration
Windows 10 version 1709 and later:
•Group Policy: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Manage preview builds
•MDM: Update/ManagePreviewBuilds
•Microsoft Endpoint Configuration Manager: Enable dual scan, manage through Windows Update for Business policy
|
Note: This policy replaces the Toggle user control over Insider builds policy which is only supported up to Windows 10, version 1703. •Group Policy: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > Toggle user control over Insider builds •MDM: System/AllowBuildPreview |
It is possible to defer or pause the delivery using the policy setting used to Select when Feature Updates are received.
•Group Policy: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and Feature Updates are received
•MDM: Update/BranchReadinessLevel
Exclusion of Drivers from Quality Updates
Drivers can be excluded from quality updates starting with Windows 10, version 1607. This does not apply to drivers which are critical for the operating system.
Policy |
Registry Key |
|---|---|
GPO for Windows 10 version 1607 or later: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Do not include drivers with Windows updates |
HKLM\SOFTWARE\Policies\Microsoft\Windows\ WindowsUpdate\ExcludeWUDriverInQualityUpdate |
MDM for Windows 10 version 1607 or later: .../Vendor/MSFT/Policy/Config/Update/ExcludeWUDriverInQualityUpdate |
HKLM\SOFTWARE\Microsoft\PolicyManager\default\ Update\ExcludeWUDriverInQualityUpdate |
Summary Group Policy Settings Windows 10 version 1703 or later
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
GPO Key |
Key Type |
Value |
|---|---|---|
BranchReadinessLevel |
REG_DWORD |
2: Feature updates for the Windows Insider built - Fast (added in Windows 10 version 1709) are used 4: Feature updates for the Windows Insider built - Slow (added in Windows 10 version 1709) are used 8: Feature updates for the Windows Insider built (added in Windows 10 version 1709) are used 16: Windows 10 version 1703 - Feature Updates for the Current Branch are used Windows 10 version 1709, 1803, and 1809 - Feature updates from the Semi-Annual Channel (Targeted) (SAC-T) are used Windows 10 version 1903 or later - Feature updates from the Semi-Annual Channel are used 32: Feature updates from the Semi-Annual Channel are used Other value or absent: All applicable updates are used |
DeferQualityUpdates |
REG_DWORD |
1: defer quality updates Other value or absent: do not defer quality updates |
DeferQualityUpdates PeriodinDays |
REG_DWORD |
0 - 35: defer quality updates by given days |
PauseQualityUpdates StartTime |
REG_DWORD |
1: pause quality updates Other value or absent: do not pause quality updates |
DeferFeatureUpdates |
REG_DWORD |
1: defer feature updates Other value or absent: do not defer feature updates |
DeferFeatureUpdates PeriodinDays |
REG_DWORD |
0 - 365: defer feature updates by given days |
PauseFeatureUpdates Starttime |
REG_DWORD |
1: pause feature updates Other value or absent: do not pause feature updates |
ExcludeWUDriverIn QualityUpdate |
REG_DWORD |
1: exclude Windows Update drivers Other value or absent: offer Windows Update drivers |
Summary MDM Settings Windows 10 version 1703 or later
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Update
GPO Key |
Key Type |
Value |
|---|---|---|
BranchReadinessLevel |
REG_DWORD |
2: Feature updates for the Windows Insider built - Fast (added in Windows 10 version 1709) are used 4: Feature updates for the Windows Insider built - Slow (added in Windows 10 version 1709) are used 8: Feature updates for the Windows Insider built (added in Windows 10 version 1709) are used 16: Windows 10 version 1703 - Feature Updates for the Current Branch are used Windows 10 version 1709, 1803, and 1809 - Feature updates from the Semi-Annual Channel (Targeted) (SAC-T) are used Windows 10 version 1903 or later - Feature updates from the Semi-Annual Channel are used 32: Feature updates from the Semi-Annual Channel are used Other value or absent: All applicable updates are used |
DeferQualityUpdates PeriodinDays |
REG_DWORD |
0 - 35: defer quality updates by the given number of days |
PauseQualityUpdates StartTime |
REG_DWORD |
1: pause quality updates Other value or absent: do not pause quality updates |
DeferFeatureUpdates PeriodinDays |
REG_DWORD |
0 - 365: defer feature updates by the given number of days |
PauseFeatureUpdates Starttime |
REG_DWORD |
1: pause feature updates Other value or absent: do not pause feature updates |
ExcludeWUDriverIn QualityUpdate |
REG_DWORD |
1: exclude Windows Update drivers Other value or absent: offer Windows Update drivers |
WSUS Environment Options
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate
Entry Name |
Data Type |
Values |
|---|---|---|
ElevateNonAdmins |
Reg_DWORD |
Range = 1 | 0 1 = Updates can be allowed or disapproved by users in the Users security group. 0 = Updates can be allowed or disapproved by users in the Administrators group only. |
TargetGroup |
Reg_String |
Name of the group of which the device is a part of. This is used for client-side targeting. Paired with the TargetGroupEnabled policy. |
TargetGroupEnabled |
Reg_DWORD |
Range = 1 | 0 1 = Client-side targeting is used. 0 = Client-side targeting is not used. Paired with the TargetGroup policy. |
WUServer |
Reg_String |
The URL (http or https) of the WSUS server used by API callers by default and by Automatic Updates. Paired with the WUStatusServer policy. In order to be valid, they must contain the same value. |
WUStatusServer |
Reg_String |
The URL (http or https) of the server to which client computers send their reporting information if using the WSUS server configured by the WUServer key. Paired with the WUServer policy. In order to be valid, they must contain the same value. |
Automatic Update Configuration Options
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
Entry Name |
Data Type |
Values |
|---|---|---|
AUOptions |
Reg_DWORD |
Range = 2 | 3 | 4 | 5 2 = Notify before download 3 = Download automatically and notify of installation 4 = Download automatically and scheduled installation (only valid if ScheduledInstallDay and ScheduledInstallTime exist) 5 = Automatic updates that can be configured by the end-user |
AutoInstallMinor Updates |
Reg_DWORD |
Range = 0 | 1 0 = Minor updates are treated the same way as other updates 1 = Install minor updates silently |
DetectionFrequency |
Reg_DWORD |
Range = 1 - 22 (time in hours) This value represents the time between the detection cycles. |
DetectionFrequency Enabled |
Reg_DWORD |
Range = 0 | 1 0 = DetectionFrequency disabled (default value [22] is used) 1 = DetectionFrequency enabled |
NoAutoRebootWithLogged OnUsers |
Reg_DWORD |
Range = 0 | 1 0 = User will be notified about a restart (restart will occur after 5 minutes) 1 = Logged-on user can choose to restart the comuters |
NoAutoUpdate |
Reg_DWORD |
Range = 0 | 1 0 = Automatic Updates enabled 1 = Automatic Updates disabled |
RebootRelaunchTimeout |
Reg_DWORD |
Range = 1 - 1440 (time in minutes) This value represents the time between prompts for a scheduled restart. |
RebootRelaunchTimeout Enabled |
Reg_DWORD |
Range = 0 | 1 0 = RebootRelaunchTimeout disabled (default value [10] is used) 1 = RebootRelaunchTimeout enabled |
RebootWarningTimeout |
Reg_DWORD |
Range = 1 - 30 (time in minutes) This value represents the time for the restart warning countdown after updates with a deadline or scheduled updates have been installed. |
RebootWarningTimeout Enabled |
Reg_DWORD |
Range = 0 | 1 0 = RebootWarningTimeout disabled (default value [5] is used). 1 = RebootWarningTimeout enabled |
RescheduleWaitTime |
Reg_DWORD |
Range = 1 - 60 (time in minutes) This value represents the time the Automatic Updates wait after startup before applying missed updates. This only applies to scheduled installations not to updates with an expired deadline. |
RescheduleWaitTime Enabled |
Reg_DWORD |
Range = 0 | 1 0 = RescheduleWaitTime disabled (the missed installation will be reattempted during the next scheduled installation time) 1 = RescheduleWaitTime enabled |
ScheduledInstallDay |
Reg_DWORD |
Range = 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 0 = every day 1 = Sunday 2 = Monday 3 = Tuesday 4 = Wednesday 5 = Thursday 6 = Friday 7 = Saturday In order to apply, the value of AUOptions has to be 4. |
ScheduledInstallTime |
Reg_DWORD |
Range = 0 - 23 (time of day in 24h-format) |
UseWUServer |
Reg_DWORD |
Range = 0 | 1 0 = WUServer disabled 1 = WUServer enabled |