:Parameters for automatic Update for Windows instances

Disclaimer: This article may contain information about third-party products. Such information is for reference only. Alibaba Cloud does not make any guarantee, express or implied, with respect to the performance and reliability of third-party products, as well as potential impacts of operations on the products.

Introduction

This article describes the following features related to Windows Update for Windows instances:

• Alibaba Cloud WSUS server
• Switch to Microsoft's Internet Windows Update server

Background

Alibaba Cloud WSUS server

The default group policy of Alibaba Cloud Windows instances is configured as Windows Server Update servers provided by Alibaba Cloud rather than official Microsoft Internet Windows Update servers. This is because in rare cases, security updates may cause problems. To prevent these potential risks, we will check the available Microsoft Windows security updates and release them to the WSUS server provided by Alibaba Cloud. After you have configured the Group Policy settings, the message will appear on the change settings page.

We modified Three Windows Update-related group policies as follows:

• Configure automatic updates
• Specify Intranet Microsoft Update Service location
• Allow automatic updates to install immediately

To view and verify the Windows Update group policy, follow these steps:

1. Open and run.
2. Enter gpedit.msc.
3. In the local group policy editor, open computer configuration > Manage templates > Windows components> Windows Update.

   Note: after modifying any of the group policies selected by the box in the figure, you must open the CMD as an administrator and run the gpupdate/force command to make the modification take effect.

Configure automatic updates

Double-click configure automatic updates to open the tab. The default options are enabled and 2- notifications download and notify installation. After selecting this option, you will be notified and then you can manually install the required updates.

You can modify the configuration as needed:

• If you want to manually manage the updated configuration, select 5-allow local administrators to select settings or not configured.
• If you choose disabled, you must download and manually install any available updates on Windows Update when you need it.

Specify Intranet Microsoft Update Service location

Double-click specify Intranet Microsoft Update Service location to open the tab. The default option is enabled.

After selecting this option, you can set up the corresponding update server and statistics server. After completing the configuration, you can run the telnet command to test whether the instance can be connected to port 80 of the application server. If the instance is connected to port 80, the connection between the instance and the application server is normal.

• For classic network ECS, the default servers are as follows:
  • Update Server: http://windowsupdate.aliyun-inc.com
  • Statistics server: http://windowsupdate.aliyun-inc.com
• For ECS instances in VPCs, the default servers are as follows:
  • Update Server: http://update.cloud.aliyuncs.com
  • Statistics server: http://update.cloud.aliyuncs.com

Allow automatic updates to install immediately

Double-click to allow automatic update installation now to open the tab. The default option is disabled. When this option is selected, the system will not automatically install updates. You can choose enabled to allow system automatic installation.

Switch to Microsoft's Internet Windows Update server

As the system needs to check for Windows security updates received from Microsoft, security updates from the WSUS server may be delayed compared with Microsoft. If the latency is unacceptable, use Microsoft's official Internet Windows Update server by referring to the following two methods:

• Modify group policy configurations
• Modify the registry configuration

Modify group policy configurations

1. Open and run.
2. Enter gpedit.msc.
3. In the local group policy editor, open computer configuration > Manage templates > Windows components> Windows Update.
4. Double-click the specify Intranet Microsoft Update Service location to open the tab and modify to not configured.
5. Open the CMD utility as an administrator, and run the gpupdate/force command to make the changes take effect.

Modify the registry configuration

In this example, Windows Server 2012 operating system is used to modify the registry and use Internet Windows Update Microsoft Server.

1. Open and run.
2. Enter regedit to open the registry editor.
3. To back up the registry of the WindowsUpdate Directory, follow these steps.
   1. Find the two directories in sequence.
   2. Click file in the menu > Export.
   3. In the export file dialog box, select a file path, such as reg-backup, and click save.
4. Follow these steps to modify the registry:
   1. In the WindowsUpdate Directory, click the AU directory.
   2. Double-click the UseWUServer item on the right to change the numeric data to 0, and then click OK.
   3. Double-click the AUOptions item on the right to change the value of the numeric data to 4 Or 2 Click OK.
      

      Tips: after AUOptions is changed to 4, the automatic update setting is set to automatically download and update, and the ECS instance may be restarted automatically to complete the update. If you want to be prompted before updating, set AUOptions to 2 (default).

   4. For more configuration options, see official Microsoft documentation.
5. Start a command prompt window (cmd.exe), and then run the following commands in sequence to restart the WuAuServ service. Now you can obtain updates from Microsoft's server.

   net stop WuAuServ
   net start WuAuServ
   
   

   The following command output is returned.
   

Application scope

• Elastic Compute Service

  Note: this operation is applicable to ECS instances Windows Server 2008 or later.