The standard automatic updating feature in Windows 8 is called Windows Update. Not only is Windows Update used to update the operating system, it is also used to update programs that ship with the operating system and hardware device drivers. The sections that follow discuss how Windows Update works and how it can be used to help keep a computer up to date.
Windows Update is a client component that connects periodically to a designated server and checks for updates. Once it determines that updates are available, it can be configured to download and install the updates automatically or to notify users and administrators that updates are available. The server component to which Windows Update connects is either the Windows Update website hosted by Microsoft (http://windowsupdate.microsoft.com/) or a designated Windows Update Services server hosted by your organization.
Windows Update supports distribution and installation of the following:
Critical updates Updates that are determined to be critical for the stability and safeguarding of a computer
Security updates Updates that are designed to make the system more secure
Update roll-ups Updates that include other updates
Service packs Comprehensive updates to the operating system and its components, which typically include critical updates, security updates, and update roll-ups
Optional updates Updates that may be useful, including updates for drivers
By default, Windows Update gets updates for drivers from the Windows Update website. You also can specify that you want Windows Update to search the Windows Server Update Services managed server for driver updates, or to first search the Windows Server Update Services managed server, but if no update is found there, then search Windows Update. To do this, enable and configure the Specify The Search Server For Device Driver Updates policy in the Administrative Templates policies for Computer Configuration under System\Device Installation. Select Search Managed Server or Search Managed Server, Then WU, as appropriate.
A key part of the extended functionality allows Windows Update to prioritize downloads so that updates can be applied in order of criticality. This allows the most critical updates to be downloaded and installed before less critical updates. You can also control how a computer checks for new updates and how it installs them. The default polling interval used to check for new updates is 22 hours. Through Group Policy, you can change this interval. By default, every day at 3:00 A.M. local time, computers install updates they’ve downloaded. You can modify the installation to require notification or change the install times.
Windows 8 reduces the number of restarts required after updates by allowing a new version of an updated file to be installed even if the old file is currently being used by an application or system component. To do this, Windows 8 marks the in-use file for update and then automatically replaces the file the next time the application is started. With some applications and components, Windows 8 can save the application’s data, close the application, update the file, and then restart the application. As a result, the update process has less impact on users.
Automatic updating uses the Background Intelligent Transfer Service (BITS) to transfer files. BITS is a service that performs background transfers of files and allows interrupted transfers to be restarted. BITS version 4.0, which is included with Windows 8, improves the transfer mechanism so that bandwidth is used more efficiently, which in turn means that less data is transferred and the transfer is faster. Through Group Policy, BITS can be configured to download updates only during specific times and to limit the amount of bandwidth used. You configure these and other settings by using the Set Up A Work Schedule To Limit The Maximum Network Bandwidth Used For BITS Background Transfers policy. This policy is found in the Administrative Templates policies for Computer Configuration under Network\Background Intelligent Transfer Service (BITS) in Group Policy. Additionally, by using BITS 4.0, Windows 8 can obtain updates from trusted peers across a local area network (LAN), as well as from an update server or from Microsoft directly. Once a peer has a copy of an update, other computers on the local network can automatically detect this and download the update directly from the peer, meaning a required update may need to be transferred across the wide area network (WAN) only once rather than dozens or hundreds of times.
You can use automatic updating in several different ways. You can configure systems by using the following options:
Install Updates Automatically With this option, the operating system retrieves all updates at a configurable interval (22 hours by default) and then installs the updates at a scheduled time, which by default is every day at 3:00 A.M. This configuration represents a change in behavior from Windows XP because users are not required to accept updates before they are installed. Updates are instead downloaded automatically and then installed according to a specific schedule, which can be once a day at a particular time or once a week on a particular day and time.
Download Updates But Let Me Choose Whether To Install Them With this option (the default), the operating system retrieves all updates as they become available and then prompts the user when the updates are ready to be installed. The user can then accept or reject each update. Accepted updates are installed. Rejected updates are not installed, but they remain on the system so that they can be installed later.
Check For Updates But Let Me Choose Whether To Download And Install Them With this option, the operating system notifies the user before retrieving any updates. If the user elects to download the updates, she still has the opportunity to accept or reject them. Accepted updates are installed. Rejected updates are not installed, but they remain on the system so that they can be installed later.
Never Check For Updates When automatic updates are disabled, users are not notified about updates. Users can, however, download updates manually from the Windows Update website.
When Windows Update is configured for automatic download and installation, users are minimally notified of update availability or installation. Tapping or clicking a notification on the taskbar allows you to get more information about an update.
Windows can use Windows Update in several additional ways as well:
Windows Update is used to restore removed payloads.
Windows Update is used to reinstall corrupted components.
Binaries needed to install features of Windows are referred to as payloads. On servers running Windows Server 2012, not only can you uninstall an optional feature, but you also can uninstall and remove the payload for that optional feature using the -Remove parameter of the Uninstall-WindowsFeature cmdlet.
You can install a feature and restore its payload using the Install-WindowsFeature cmdlet. By default, payloads are restored via Windows Update. To specify alternate source file paths, you can enable and configure the Specify Settings For Optional Component Installation And Component Repair policy in the Administrative Templates policies for Computer Configuration under System. The policy also allows you to specify that you never want to download payloads from Windows Update.
Alternate paths can be shared folders or Windows Imaging (WIM) files. Separate each alternate path with a semicolon. With WIM files, specify the Universal Naming Convention (UNC) path to the shared folder containing the WIM file and the index of the image to use with the following syntax:
wim:\\ServerName\ShareName\ImageFileName.wim:Index
where ServerName is the name of the server, ShareName is the name of the shared folder, ImageFileName.wim is the name of the WIM file, and Index is the index of the image to use, such as
wim:\\CorpServer62\Images\install.wim:2
If an operating system component is corrupted and Windows 8 detects this, the content required to repair the component can be downloaded from Windows Update. By default, the component update is done via Windows Server Update Services (WSUS), if available. By enabling and configuring the Specify Settings For Optional Component Installation And Component Repair policy, you can specify an alternate source file path. You also can specify that you want Windows Update to get the update directly from the Windows Update web site, rather than going through WSUS.
Windows 8 organizes updates into the following broad categories:
Important updates Includes critical updates, security updates, update roll-ups, and service packs for the operating system and programs that ship with the operating system
Recommended updates Includes updates to drivers that are provided with the operating system and recommended optional updates
Microsoft product updates Includes updates for other Microsoft products that are installed on the computer, as well as new optional Microsoft software
Point and print drivers Includes updates to drivers that provide client-side rendering capability
By default, Windows Update includes updates to web compatibility lists from Microsoft. Sites listed are displayed in Compatibility view automatically. You can configure this feature by using Administrative Templates policies for Computer Configuration under Windows Components\Internet Explorer\Compatibility View.
REAL WORLD When you are using a standard edition of Windows 8, Windows Update continues to search for compatible point and print drivers if it fails to find any on the computer itself or on the Windows Update site. If the computer does not find a match, it attempts to create a mismatch connection by using any available driver that supports the hardware. However, when you are using enterprise editions of Windows 8, you must explicitly enable the Extend Point And Print Connection To Search Windows Update policy to obtain the same behavior. This policy is found in Administrative Templates policies for Computer Configuration under Printers.
By default, Windows 8 is configured to automatically install important updates. You can configure automatic updates on a per-computer basis by completing the following steps:
In Control Panel, tap or click System And Security. Under Windows Update, tap or click Turn Automatic Updating On Or Off.
Use the selection list provided to specify whether and how updates should occur (see Figure 1).
If you’ve enabled updates and also want to install drivers and optional updates, select the Give Me Recommended Updates The Same Way I Receive Important Updates check box.
Tap or click OK.
Figure 1. Configure Windows Update.
Using an extension component called Microsoft Update, you can extend Windows Update to include updates for other Microsoft products that are installed on the computer, as well as new optional Microsoft software. When you install some Microsoft products, Microsoft Update can be downloaded and installed automatically as part of the setup process.
You can determine whether a computer is using Microsoft Update by following these steps:
In Control Panel, tap or click System And Security, and then tap or click Windows Update.
If the computer is configured to use Microsoft Update, you’ll see the following message in the lower portion of the page:
You receive updates: For Windows and other products from MicrosoftUpdate.
You can install Microsoft Update by completing these steps:
In the panel that says Get Updates For Other Products, click the related Find Out More link. This opens the Windows Update page at the Microsoft website in the default browser.
After you read about Microsoft Update, select I Agree To The Terms Of Use, and then click Install.
So long as automatic updates are enabled, the computer will get updates for Microsoft products as part of the automatic update process. From then on, when you are working with Windows Update, you can click Change Settings, and then enable or disable Microsoft updates by selecting or clearing the Give Me Updates For Microsoft Products check box.
By default, Windows Update runs daily at 3:00 A.M. as part of other automatic maintenance but does not wake the computer to perform this maintenance. If the computer is in use or off at the scheduled maintenance time, automatic maintenance will run the next time the computer is powered on and idle. Automatic maintenance also runs when the computer is powered on and idle if maintenance is behind schedule.
To change this behavior, follow these steps:
Tap or click the Updates Will Be Automatically Installed During The Maintenance Window link. Use the selection list provided to choose the desired maintenance time, such as 5:00 AM (see Figure 2).
When the computer is plugged in, you can elect to wake the computer to perform scheduled maintenance. Select the related check box to allow this.
Figure 2. Manage the scheduled maintenance window.
In an Active Directory domain, you can centrally configure and manage automatic updates by using the Administrative Templates policies for Computer Configuration under Windows Components\Windows Update. Table 1 summarizes the key policies and adds one exception for a policy under User Configuration\Windows Components.
Using the Administrative Templates policies for Computer Configuration under Windows Components\Maintenance Scheduler, you can control the run schedule for automatic maintenance. The maintenance boundary is the daily scheduled time for starting automatic maintenance. For virtual machines running on a computer, Windows adds a random delay of up to 30 minutes. This delay is configurable as well.
Table 1. Policies for Managing Automatic Updates
POLICY
FUNCTION
Allow Automatic Updates Immediate Installation
When enabled, this setting allows automatic updates to immediately install updates that do not interrupt Windows services or require the computer to be restarted. These updates are installed immediately after they are downloaded.
Allow Non-Administrators To Receive Update Notifications
When enabled, this setting allows any user logged on to a computer to receive update notifications as appropriate for the automatic updates configuration. If disabled or not configured, only administrators receive update notifications.
Automatic Updates Detection Frequency
When enabled, this setting defines the interval to be used when checking for updates. By default, computers check approximately every 22 hours for updates. If you enable this policy and set a new interval, that interval will be used with a wildcard offset of up to 20 percent of the interval specified. This means that if you set an interval of 10 hours, the actual polling interval would depend on the computer and be between 8 and 10 hours.
Configure Automatic Updates
When you enable this setting, you can configure how automatic updates work using similar options to those described earlier in this section. You can also include the installation as part of scheduled maintenance (if enabled). To do this, enable and configure the policies under Computer Configuration\Windows Components\Maintenance Scheduler.
Delay Restart For Scheduled Installations
By default, when a restart is required after an automatic update, the computer is restarted after a 15-minute delay. To use a different delay, enable this policy, and then set the delay time.
Enable Client-Side Targeting
When it is enabled and you’ve specified an intranet Microsoft update service location, this setting allows an administrator to define a target group for the current Group Policy Object. Client-side targeting allows administrators to control which updates are installed on specified groups of computers. Before an update is deployed, it must be authorized for a particular target group. The setting applies only when using an intranet Microsoft update service.
Enabling Windows Update Power Management To Automatically Wake Up The System To Install Scheduled Updates
When this policy is enabled and the computer is configured for automated, scheduled installation of updates, Windows Update uses the computer’s power management features to wake the computer from hibernation at the scheduled update time and then install updates. This wake-up-and-install process does not occur if the computer is on battery power.
No Auto-Restart With Logged On Users For Scheduled Automatic Updates Installations
When enabled, this setting specifies that the computer will not automatically restart after installing updates that require a restart if a user is currently logged on. Instead, the user is notified that a restart is needed. Restarting the computer enforces the updates.
Re-Prompt For Restart With Scheduled Installations
When enabled, and when automatic updates are configured for scheduled installation of updates, this setting ensures that the logged-on user is prompted again after a set interval if a restart was previously postponed. If this setting is disabled or not configured, the default reprompt interval of 10 minutes is used.
Remove Access To Use All Windows Update Features
When you enable this setting, all Windows Update features are removed. Users are blocked from accessing Windows Update, and automatic updating is completely disabled. (User Configuration policy.)
Reschedule Automatic Updates Scheduled Installations
When enabled, this setting specifies the amount of time to wait after system startup before proceeding with a scheduled installation that was previously missed.
Specify Intranet Microsoft Update Service Location
When enabled, this setting allows you to designate the fully qualified domain name of the Microsoft Update server hosted by your organization and of the related statistics server. Both services can be performed by one server.
Turn On Recommended Updates Via Automatic Updates
When this policy is enabled, recommended updates, including those for drivers and other optional updates, are installed along with important updates.
The main Windows Update page provides details about the last time the computer or a user checked for updates, the last time updates were installed, and the current automatic update configuration. You can determine Windows Update usage or manually check for updates by following these steps:
In Control Panel, tap or click System And Security. Tap or click Windows Update. Statistics are provided about the most recent check for updates, the last time updates were installed (even if not completely successful), and the current update configuration.
If you want to manually check for updates, tap or click Check For Updates.
To install optional updates that may be available, tap or click the link that shows how many optional updates are available.
On the Select Updates To Install page, select the updates to install, and then tap or click OK.
The Windows Update download manager tracks both successful and failed updates by using an update history log. You can access this log by following these steps:
In Control Panel, tap or click System And Security. Tap or click Windows Update.
In the left panel, tap or click View Update History. This displays the View Update History page.
On the View Update History page, updates listed with a Succeeded status were downloaded and installed. Updates listed with a Failed status were downloaded but failed to install. You also might see a status of Pending Restart or Canceled. Some updates can be completed only during startup of the operating system, and those updates will have a Pending Restart status. Once the computer is restarted and the update is installed, the status will change as appropriate. The downloading of updates can be canceled for a variety of reasons. For example, users can cancel downloads of updates via Windows Update in Control Panel. Restarting the computer can cancel the download of an update as well.
To remove an update while accessing the View Update History page, tap or click Installed Updates. Then, on the Installed Updates page, press and hold or right-click the update that you do not want and tap or click Uninstall.
If an automatic update causes a problem on a system, don’t worry. You can remove an automatic update in the same way that you uninstall any other program. Simply follow these steps:
Tap or click View Update History, and then tap or click Installed Updates.
To remove an update, select it in the list provided, and then tap or click Uninstall.
Over time, a user might accumulate a number of updates that were intentionally not installed but still appear on the list of updates available for installation. If you or the user has reviewed the update and you don’t want to install it, you can hide the update by completing the following steps:
Tap or click the link telling you how many updates are available.
On the Select Updates To Install page, press and hold or right-click the update you do not want to install, and then tap or click Hide Update.
If a user declines an update or has asked not to be notified about or install updates automatically, you can restore the updates so that they can be installed. To do this, complete the following steps:
Tap or click Restore Hidden Updates.
On the Restore Hidden Updates page, select an update you want to install, and then tap or click Restore.
Windows 8 will restore the update so that it can be selected and installed through the normal notification and installation process.
