Set deadline for windows update installation in WSUS
January 25, 2012 5 Comments
In certain circumstances, when using WSUS (Windows Server Update Services) in your environment, you may wish to deploy a critical Windows update sooner than your scheduled installation window. Personally, I would excercise extreme caution using this setting due to the gotchas outlined at the end of this post. However, this can easily be achieved by setting a deadline for installation when you approve the update or updates. In the WSUS console simply select the update or updates, and then right click them and choose ‘Approve …’ as shown.
Approving an update in the WSUS console
Once the ‘Approve Updates’ screen opens, choose which group of computers you want to approve the update for. In this case I have chosen ‘All Computers’, and then ‘Approved for Install’. Next right click the ‘All Computers’ group again and choose ‘Deadline’ and then ‘Custom’ as shown:
Set a custom deadline for installation of an update in the WSUS console
The ‘Choose Deadline’ screen opens. Choose the date and time that you want the update or updates to be installed at, as shown:
Choose the date and time for your deadline
Thats it, your update will now be installed at the time that you have set. There are a couple gotchas using this setting that it is worth being aware of. Firstly if the update with the deadline requires a restart, the computer will reboot after installation regardless of what the user is doing at the time. It is therefore probably best to avoid deadline times in the middle of the working day when users may suddenly find their computers reboot with little or no warning causing them to lose work. Secondly, a deadline will override the ‘No auto-restart with logged on users for scheduled automatic updates installations’ Group Policy setting, so again be careful if you have this GPO setting enabled, as you may not expect your computers to reboot, but they will in this case.
References:
http://technet.microsoft.com/en-us/library/dd939923(WS.10).aspx
Assumed updates are needed, what will happen if the PCs are not turned on at the deadline? Does it force user to install the updates on the next day they come into work?
Thanks,
Thats right if the deadline has passed when the machine is switched off, it will install the update as soon as it next checks in to the WSUS server.
See the section ‘Expired and Unexpired Deadlines’ in this technet document for further details:
http://technet.microsoft.com/en-us/library/dd939923(v=ws.10)
I think it’s important to note that the auto-update setting should be set to “3” so that the client will download but not auto-install until the deadline. If set to “4” (auto-install), the updates will still install earlier (although a reboot would not be mandatory).
is there any logs to check if deadline was set during patch approval?
Hey ,
Thanks for the post , absolutely helpful . now for the latest version of wsus 6.2 where do we find the option to set deadline for the patch
Expecting reply on this
Thanks