• 𝕸𝖔𝖘𝖘@infosec.pub
    link
    fedilink
    English
    arrow-up
    5
    ·
    11 months ago

    Setting up a GPO with WSUS to localhost will disable updates. But please don’t do that. As much as I hate updates, they’re very important.

    • KairuByte@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      4
      ·
      11 months ago

      Agreed, and I say that in every one of these discussions. :)

      The only time auto updates should be disabled is on machines with an uptime requirement, which should have regularly scheduled maintenance which includes updating their software. And of course any critical security updates should be installed asap even if it’s outside the normal maintenance window.

      • 𝕸𝖔𝖘𝖘@infosec.pub
        link
        fedilink
        English
        arrow-up
        3
        ·
        11 months ago

        I agree 100%. I don’t like autoreboots, but fully understand why they exist. People, in general, just stopped rebooting regularly. I have disabled autoreboot for a select few PCs in our environment, but I follow up with them within one week after I get notified that their computer updated and they haven’t rebooted. Most people in this group reboot within a day or two. I usually have to remind only one person.