How can I get Windows 10 to actually automatically install updates? For the life of me - I cannot get this to work....

[SonicMojo]

All,

 

Most posts I read across the NET today go into great detail on how to STOP Windows 10 from ruining the user experience by updating/restarting at the most annoying time.  Lo and behold - I am in the other camp - I actually want the machine to restart - with a 15 minute warning window to the user. But try as I might - I simply cannot get this to work - like ever.

Some background. I have a test set up with the 3 Virtual PCs (Hyper-V) running several different flavors of Windows 10 Enterprise ( v1607 LTSB, v1709 and now v1809)

I have Local GP set on each VM - set as follows:

Computer Config->Admin Templates->WIndows Components->Windows Update->Configure Automatic Updates to Option 4 "Auto Download and Schedule the Install"
Kick off time is Everyday @ 6:00am on any week of each month.
Updates come from a local WSUS installed on one of my internal servers - the local GP from each VM hits WSU without issue. WSUS is operating correctly. 

I use a typical monthly approval routine where each Wednesday (the day after Patch Tuesday) - I approve the latest cumulative updates and usually the Adobe flash patches for ONLY my "Virtual PCs" group on WSUS. All three VMs are in this WSUS computer group. I have spent probably a weeks worth of time over the last month trying to figure out why none of these machines will ever "automatically" download and install updates.

I have been over and over the GPOs with a various other forum groups - all have the same 6 settings but no downloads ever occur.

The best I ever get is - after basic approvals are done on Wednesday and I check the VMs on say - Thursday - I see that all three have indeed checked in with WSUS and all three have reported back listing the updates that need to be installed - but none of the VMs actually  take the next step to install anything automatically. 

They all just sit there - waiting for me to open the Windows Update settings dialog manually and hit Install Now.

 

It's almost like these installs are actually using option 3 in the GP object - Auto Download and NOTIFY for install rather than 4 - Auto Download and Schedule the install. 

Other settings in the GPOs are set to hard reboot the machine within 15 minutes regardless if anyone is logged in or not. 

I think it may have something to do with either a user being logged on OR "Active Hours" on all three VMs .

 

All three installs have default Active Hours of 8:00am to 5:00pm. I would think that setting the updates to occur at 6:00am each day would allow at least 2 hours to install the updates automatically before we hit the 8:00am Active Hours start time.

 

In other tests - I reduced Active Hours to 1:00pm - 3:00pm and still no updates install even with no one using the VM from 6:00am to 12:59pm. I still have to manually click Install Now.

What am I missing?  This is truly making me nuts. Appreciate any tips from the field.

B

Edited October 24, 2018 by Vocalpoint