If you need to update group policy to change an update schedule or make other alterations you can do so, even after patches have been approved on the WSUS server.
Open Group Policy Management and browse to the relevant GPO you want to update, right click and Edit the GPO. If you’re using Advanced Group Policy Management you’ll need to check out the policy before editing. Expand Computer Configuration > Policies > Administrative Components > Windows Components > Windows Update.
Double click the setting you want to change and update as appropriate. For the purpose of this post I have updated the scheduled install day from ‘1 – Every Sunday’ to ‘4 – Every Wednesday’.
Click Ok to save the change. If you’re using Advanced Group Policy Management you’ll need to right click the GPO and check in, and then deploy the GPO.
Depending on your environment you may need to wait a short while for replication, you can force a group policy refresh on a server by running gpupdate /force from the command line. Furthermore if you are running Windows 2012 or 2012 R2 you can right clicking an OU in group policy management and select Group Policy Update.
We can test if the group policy has updated by opening the registry on one of the servers and browsing to: COMPUTER\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU. Cross check the settings in the registry with those you changed on the group policy.
You’ll notice straight away the data is a decimal or hexadecimal value, you may have noticed too that the options in the GPO editor had a corresponding number. In this case I changed the scheduled install day from ‘1 – Sunday’ to ‘4 – Wednesday’, the value of the registry option ScheduledInstallDay has changed from 1 to 4, so I know the change has taken effect.
Another important thing to note is the UseWUServer option, this must be set to 1 to use a WSUS server, or none of the other options apply. You can go up a level to ‘Windows Update’ to check the configured Windows Update server.
Finally, here is a really useful list of registry values for Automatic Updates: https://technet.microsoft.com/en-us/library/dd939844%28v=ws.10%29.aspx.
esxsi.com 