How to Enable or Disable Check for Windows Updates/Check For Updates Greyed Out

How to Enable or Disable Check for Windows Updates

启用Windows更新(To Enable "Check for updates" in Windows Update):
1. Local Group Policy Editor(只有域环境中的服务器需要配置此项)
Computer Configuration/Administrative Templates/Windows Components/Windows Update
In the right pane of Windows Update in Local Group Policy Editor, double click/tap on the “Remove access to use all Windows Update features” policy to edit it.
Not Configured or Disabled(默认为Not Configured,即启用更新)
如果是Enabled,则禁用更新。

2. 通过修改注册表项来启用或禁用更新
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
DisableWindowsUpdateAccess=0
ElevateNonAdmins=0

ElevateNonAdmins说明:
1 = Users in the Users security group are allowed to approve or disapprove updates.
0 = Only users in the Administrators user group can approve or disapprove updates.

 

另外是WUServer及WUStatusServer注册表项设置(不需要设置,可删除,让Windows Updates自动从官网下载更新)
------------
一般只有公司内部有几十台或上百台服务器时才需要设置。配置一台内部的Windows更新服务器,所有内网服务器都连接到这台服务器,否则如果全部服务器都从微软的官网去下载补丁,则会占用公司网络带宽,并且速度也慢。
To determine the WSUS server that the client computers and servers connect to for updates, add the following registry values to the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\
WUServer (REG_SZ)
This value sets the WSUS server by HTTP name (for example, http://IntranetSUS).
WUStatusServer (REG_SZ)
This value sets the SUS statistics server by HTTP name (for example, http://IntranetSUS).
-------------

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
NoAutoUpdate=0
SetDisableUXWUAccess=0
AUOptions=3
UseWUServer=0则使用WUServer及WUStatusServer指定的服务器来下载更新,如果=1,则使用微软的官网更新下载补丁。

1=Yes, 0=No.

AUOptions注册表项的值说明:
1: Keep my computer up to date is disabled in Automatic Updates. 禁用更新。
2: Notify of download and installation.
3: Automatically download and notify of installation. 一般设置为3,即让Windows自动下载更新,然后提醒用户安装更新。
4: Automatically download and scheduled installation.

ScheduledInstallDay (REG_DWORD):
0: Every day.
1 through 7: The days of the week from Sunday (1) to Saturday (7).

 如果服务器受到黑客攻击,导致Winows更新失败,或者”检查在线更新“按钮为灰色的不可点击,则可以检查上述注册表项是否被修改,导致Windows Update被禁用。

遇到的问题:Windows Server 2016 被攻击,无法在线更新,”Check For Update“  greyed out。检查并修改上述注册表项,重启服务器后可正常更新。

参考链接:

https://docs.microsoft.com/en-us/windows/deployment/update/waas-wu-settings

其它:

https://www.darrylvanderpeijl.com/windows-server-2016-update-settings/

 

另外,如果在线更新报错或者手动下载的补丁包安装失败,可参考下面的Blog来解决:

Windows Update Error 0x8024401c - 遠離塵世の方舟 - 博客园 (cnblogs.com)

Fix Windows update standalone installer stuck at searching for updates - 遠離塵世の方舟 - 博客园 (cnblogs.com)

posted on 2021-01-16 07:01  遠離塵世の方舟  阅读(507)  评论(0编辑  收藏  举报

导航