- Newest
- Most votes
- Most comments
Please considering below:
- Disable Automatic Updates via Group Policy:
-
Open the Group Policy Management Console (GPMC).
-
Navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Update.
-
Set the policy "Configure Automatic Updates" to Disabled. This prevents Windows Update from automatically downloading and installing updates, which could interfere with SSM's patching schedule.
- Ensure Windows Update Service is Running:
- The Windows Update service must be enabled and running for SSM to apply patches. However, it should not be configured to automatically install updates outside of SSM's control.
- Disable Scheduled Tasks for Windows Update:
-
Check for any scheduled tasks related to Windows Update (e.g., in Task Scheduler under Microsoft > Windows > UpdateOrchestrator).
-
Disable tasks like "Reboot" or "Scheduled Start" to prevent unexpected reboots.
- Use SSM Maintenance Windows:
- Define maintenance windows in AWS Systems Manager to control when patches are applied and reboots occur. This ensures updates happen only during the specified timeframes.
- Review Patch Baselines:
Ensure your SSM patch baselines are configured correctly to include only the updates you want to apply. This helps avoid unnecessary updates that could cause unexpected behavior.
You should consider one more Group Policy setting in 1st section.
- Disable Automatic Updates via Group Policy:
- Open the Group Policy Management Console (GPMC).
- Navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Update.
- Set the policy "Configure Automatic Updates" to Disabled. This prevents Windows Update from automatically downloading and installing updates, which could interfere with SSM's patching schedule.
- Use Computer Configuration\Administrative Templates\Windows Components\Windows update\Do not connect to any Windows Update Internet locations to enable this policy.
Relevant content
- asked 3 years ago
