Windows Update Settings via Registry Entries and Their Effect on Patching Activity

Product Version: 6.5.0.0

Overview

In some customer environments, Windows Update policies and registry settings can impact the remediation process in Saner CVEM. Certain registry entries may prevent updates from being detected or installed automatically, which can affect the patching results.

This article provides guidance on key registry entries affecting Windows updates and how to identify applied policies using Group Policy results.

Windows Update Registry Entries

The following registry settings are located under:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

Identifying Applied Policies Using Group Policy Results

If Windows Update settings show a red asterisk (*), it indicates that policies are applied. To review them:

1. Open Command Prompt or PowerShell with administrative privileges.

2. Run the command:

   gpresult /h gpresult.html
   

3. Open the generated gpresult.html file in a web browser.

4. Navigate to the Computer Details section to review applied Group Policy Objects.

• The gpresult.html file will be saved in the directory where the command was run unless a different path is specified.

• Example location on a device: C:\Users\Administrator
  

The report will consolidate all applied policies, making it easier for administrators to identify configurations that may affect Windows remediation jobs.

Conclusion

By reviewing these registry settings and applied Group Policy Objects, administrators can:

• Identify policies preventing automatic updates.

• Troubleshoot issues affecting Windows patching in Saner CVEM.

• Ensure that remediation jobs run successfully by adjusting conflicting settings.