WSUS: Recommended Group Policy Object (GPO) Settings
By default, computers pointed to Campus WSUS check for updates every 22 hours. Microsoft typically releases multiple virus definition updates daily for Microsoft Defender Antivirus. ITS recommends that computers check for and install new virus definitions every 6 hours.
Configuring Your WSUS GPO
All of the following settings are located in Computer Configuration | Policies | Administrative Templates | Windows Components | Windows Update.
Use the following settings to set Campus WSUS as the update server
- Specify intranet Microsoft update service location : Set the intranet update service for detecting updates: https://wsus.its.utexas.edu
- Specify intranet Microsoft update service location : Set the intranet statistics server: https://wsus.its.utexas.edu
It is recommended that you enable the following settings to keep Microsoft Defender Antivirus up to date with the latest definitions.
-
Allow Automatic Updates immediate installation - this will allow the computer to download and install certain updates that neither interrupt Windows services nor restart Windows (in particular, antivirus definition updates)
-
Automatic Updates detection frequency - Check for updates every 6 hours
Additional configurations are up to each department. For example, you can configure when updates should be installed that require a restart.