cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GLFI699
Engaged Sweeper

Hello, Lansweeper patch day report shows me if the Windows KB is installed but i find PCs that are not updated because the user instead of choosing “install and restart” or “Install and shut down” only chooses Restart or Shut down.

Looking through the Windows update GPO policies I can’t find anything that would only show “Install and restart” or “update and shut down” to the user when the update is installed.
In your opinion is it possible via GPO?

Maybe, is it possible to create a report in Lansweeper thet help?

2 REPLIES 2
Jacob_H
Lansweeper Employee
Lansweeper Employee

Welcome to the world of reverse engineering 🙂    You can run gpresult using command prompt:   gpresult /h gpreport.html  ... which will make an HTML file that you can open and it will show you all GPO policies that are applied to the user and computer.

As for lansweeper reports -  yes, it can help you!  Registry scanning is your friend - I use it all the time - if you need to know something, chances are it's in the registry.

you can scan for several registry keys to put you on the right path:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU

  • AUOptions (2: Notify for download and notify for install. 3: Auto download and notify for install. 4: Auto download and schedule the install. 5: Allow local admin to choose settings.
  • ScheduledInstallDay (0: Every day. 1 to 7: Specific day of the week (Sunday = 1, Monday = 2, ..., Saturday = 7)
  • ScheduledInstallTime
  • NoAutoUpdate (0: Automatic Updates is enabled, 1: Automatic Updates is disabled.)
  • NoAutoRebootWithLoggedOnUsers (0: Allow automatic reboot. 1: Prevent automatic reboot when users are logged on.)
  • RebootRelaunchTimeout
  • RebootRelaunchTimeoutEnabled

key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired   - there are other registry keys you can google but I think that's a reliable(ish) key to use.

You can reference:  https://community.lansweeper.com/t5/scanning-your-network/scan-registry-values-with-custom-registry-...

Also: https://www.lansweeper.com/resources/report/operating-system/custom-registry-key-audit/

 

David_GF
Lansweeper Tech Support
Lansweeper Tech Support

hi @GLFI699. It is possible to manage the options that users see regarding Windows updates via Group Policy Objects (GPO), but that falls out of the Lansweeper Support scope. We recommend checking MS documentation on how to configure the group policy for automatic updates.

The report that can help you find what Windows assets do not have yet the latest patches is the patch day report itself. 



~~~~~~~ (〃 ̄︶ ̄)人( ̄︶ ̄〃) ~~~~~~~
Sweep that LAN, sweep it!