Examples of Windows Update Policies
Table of Contents
Here are some example Windows Update Management policy settings you might consider.
Tip: Be sure to also review the Best Practices for Windows Update Policies.
Review All Updates, No Forced Reboots
To manually review all updates and not force reboots, set up you Windows Update Policy as follows:
First, configure all approvals to “Manual”:

Then for the Schedule Specification:
- Set the Frequency to “Daily,”
- Check the “If offline, run at next boot” box, and
- Select “Do not reboot” for the Reboot Specification.

As a result of this configuration,
- Each day the system will review all pending updates during the day,
- The Patching Dashboard will show statuses of “Needs Review,” and the Last Evaluated dates will populate.
- Syncro will only install updates after manual approval.

Weekly Updates with Defer & KB Block, Forced Reboot and Warning Message
This example illustrates a configuration of a weekly Windows Update policy for a standard workstation.
First, for the Security Approvals, select “Approve” for Critical, Important, and Moderate levels; select “Manual” for Low and Other.
For the Windows & Microsoft Category Approvals (non-security updates), select “Approve” for Critical Updates, Update Rollups, Service Packs, and Definition Packs so they're automatically approved. Select “Defer” for Feature Packs and specify a Deferred Patch Time Period Default of 7 days. For Drivers and Other, select “Manual.”

Then for the Schedule Specification:
- Set the time to start updating to 20:00, the Frequency to Weekly, and the Weekday to Sunday.
- Set the Interval to “Every” and check the “If offline, run at next boot” box.

This means updates will run every Sunday at 8 p.m. If the Asset is offline, this Windows Update Policy will run when the Asset is next online.
Tip: You can use a policy to block specific KBs from installing. In the screen above, KB1234567 is excluded on this policy for the reason noted in the Description. KB7654321 is excluded globally across all Syncro Policies. (See also: Patch Exclusions.)
Finally, set the Reboot Specification:
- Select “Prompt with message and attempt reboot at specified time,”
- Enter a Reboot Message of your choice (e.g. “Your computer will be rebooted at 11 p.m. Please save and close all of your work.”
- Set the Reboot By field to 23:00.
Update All with a 2 Week Defer & Manual Reboot
This example illustrates a configuration of a Windows Update policy for a server that you want to update, but manually control the reboot.
First, configure all approvals to “Defer" and specify the Deferred Patch Time Periods Default to 2 Weeks:

Then for the Schedule Specification:
- Choose a day and time that's outside business hours, and set the Frequency to “Weekly."
- Check the “If offline, run at next boot” box, and
- Select “Do not reboot” for the Reboot Specification.
