Policy for updating windows patches
You can also assign that Group Policy to other groups of computers that you want it to apply to.
You can select any of the following options:• No auto-restart with logged on users for scheduled Automatic Updates installations.Windows Update policies can be created at account or site level. With Windows Update enabled, you allow Microsoft to control the installation of patches.However, if you are using a patch management policy to install only the patches you have selected, you do not want the automatic settings of Windows Update installing patches you have not approved.If you are using an AEM patch management policy to install only the patches you have selected, you do not want the automatic settings of Windows Update installing patches you have not approved.The most elegant way to do that is to create a Windows Update Policy to disable Automatic Windows Update on the devices you want to patch.If you have set up a Windows Server Update Services (WSUS) server, it will act as a location for other Windows devices to pull updates from, rather than each device having to download Windows updates separately.
It acts like a local cache, but only for Windows patches.
Therefore, you must first disable Automatic Windows Updates. Select one of the following options:• Automatically detect recommended updates for my computer and install them.• Download updates for me, but let me choose when to install them.• Notify me of updates, but do not automatically install them.• Turn off Automatic Updates.
- When this option is selected, the rest of the configuration options, except for WSUS, will be disabled and unchecked.
Since the Adobe Reader Updates comes in an executable instead of an MSI, we need to first extract the MSI file.
Luckily, Adobe does give you the steps needed to do this here.
If you are running Event Sentry, then you can use the Software Inventory feature to make sure that the update has been installed on all computers.