Can standalone (not joined to domain ) Windows Server 2019 VM be configured to install updates automatically? [duplicate]

On a freshly-installed, non-domain-joined Windows Server 2019 (with desktop experience) VM, the ability to change Windows Update installation settings seems to have vanished, with the "Some settings are managed by your organization" message:

Windows Update settings showing settings disabled

Viewing the configured update policies shows two set on the device, both with a type of Group Policy:

  • Download the updates automatically and notify when they are ready to be installed
  • Set automatic update options

However, running rsop and gpresult both (as expected) show no group policy objects applied. (It's a standalone system, so no domain policy applies.)

Is this expected?

Amazon also acknowledge this for their 2019 EC2 images, but it seems odd that using gpedit.msc is the only mechanism for enabling automatic update installation.


Solution 1:

Popping this in an answer, as our workaround at least: we found the EC2 Server 2019 image had automatic update options set in the registry under HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU.

You can probably just clear these out if you want to set them in the UI, but we overwrote them to force updates into automatic installation, with values:

  • AUOptions = 4
  • NoAutoUpdate = 0
  • ScheduledInstallTime =
  • ScheduledInstallDay = 0
  • ScheduledInstallEveryWeek = 1