Overview
This article describes the recommended Windows Update Group Policy settings for the individual servers and groups of machines when LanGuard automatic remediation is set up, and you do not want to use the Windows Update feature to patch Windows machines.
Solution
The Windows Update service has to be enabled for the GFI LanGuard to function correctly, yet sometimes it can cause unexpected issues. Therefore when you configure auto-remediation for a server or a group, it is recommended to disable automatic Windows Update downloads on the target machine(s), but NOT the service itself.
This isn't a setting that you can enforce via the LanGuard; it must be configured in your environment either through GPO or manually.
Using GPO to Disable Automatic Updates
You can follow our guide for Windows 10 as an example of how to do this via Group Policy Objects as this solution is valid for Windows Server operating systems as well. Refer to the Configure Group Policy Settings for the Automatic Updates for the description of all the available GPO settings.
Manually Disabling Automatic Updates
On Windows Server machines, you can manually disable automatic updates with the help of the Server Configuration sconfig tool:
- Open an elevated command prompt window or PowerShell session.
- Type sconfig and press Enter.
- Select option 5 (Windows Update Settings).
- Select “M” for Manual updates.