today we've noticed that on our Server 2016 OS machines we can't use the Windows Update GUI to Search for or Install Updates.
Controlling it with USOCLIENT startscan & USOCLIENT startinstall works as expected but the Button to Search for new and Install pending Updates is greyed out.
After a bit of testing (blocking our GPO, removing the Pulseway Patch Policy, Resetting Windows Update) it seems that Pulseway sets Registry Keys that interfere with either our (GPO) settings or sets invalid values which in turn lead to an unusable Windows Update GUI.
Server 2019 & 2022 work fine with GPO + Pulseway Patch Policy applied.
Next Screenshot is a Diff of the Registry Keys with just the GPO applied (left) and GPO + Patch Policy applied (right):
Our Windows Settings from the Patch Policy are set as follows:
I've tested changing the new Drop-Down in the Pulseway Patch Policy from "Automatically download updates and let a user choose when to install" to "Notify before downloading and installing and updates" - which controls the AUOptions Registry Key and changes that to 2, so it matches with our setting from GPO - but unfortunately that didn't change that behaviour (button still greyed out).
I've now tested removing a few keys to see which one's the culprit and manually deleting the Key "SetDisableUXWUAccessSetDisable" (which gets configured with the value 0 by Pulseway) and starting a Scan via "USOCLIENT startscan" restores the button to "Check for updates" in the UI.
"Prevent end users from executing and configuring Windows Update" in the Patch Policy is disabled, so it shouldn't be blocked but then again it's set correctly in the registry and I can't seem to find incompatibilities on that key with Server 2016.
The GPO Value for "Remove access to use all Windows Update features" (which this key sets) is supported on "At least Windows Server 2016 or Windows 10" according to our Windows Server 2022 ADMX.
Do you guys see anything, other than that Key, interfering?
Hello,
today we've noticed that on our Server 2016 OS machines we can't use the Windows Update GUI to Search for or Install Updates.
Controlling it with USOCLIENT startscan & USOCLIENT startinstall works as expected but the Button to Search for new and Install pending Updates is greyed out.
After a bit of testing (blocking our GPO, removing the Pulseway Patch Policy, Resetting Windows Update) it seems that Pulseway sets Registry Keys that interfere with either our (GPO) settings or sets invalid values which in turn lead to an unusable Windows Update GUI.
Server 2019 & 2022 work fine with GPO + Pulseway Patch Policy applied.
Next Screenshot is a Diff of the Registry Keys with just the GPO applied (left) and GPO + Patch Policy applied (right):
Our Windows Settings from the Patch Policy are set as follows:
I've tested changing the new Drop-Down in the Pulseway Patch Policy from "Automatically download updates and let a user choose when to install" to "Notify before downloading and installing and updates" - which controls the AUOptions Registry Key and changes that to 2, so it matches with our setting from GPO - but unfortunately that didn't change that behaviour (button still greyed out).
I've now tested removing a few keys to see which one's the culprit and manually deleting the Key "SetDisableUXWUAccessSetDisable" (which gets configured with the value 0 by Pulseway) and starting a Scan via "USOCLIENT startscan" restores the button to "Check for updates" in the UI.
"Prevent end users from executing and configuring Windows Update" in the Patch Policy is disabled, so it shouldn't be blocked but then again it's set correctly in the registry and I can't seem to find incompatibilities on that key with Server 2016.
The GPO Value for "Remove access to use all Windows Update features" (which this key sets) is supported on "At least Windows Server 2016 or Windows 10" according to our Windows Server 2022 ADMX.
Do you guys see anything, other than that Key, interfering?