Open you start menu and type Group, then click Edit group policy
Expand Computer Configuration \ Administrative Templates \ Windows Components \ Windows Update
Double click Configure Automatic Updates and enable the policy, and configure it as needed.
configure automatic updating
Enabled
3 - auto download and notify for install
Head back to Windows Update and click Check for updates, once it is done click on the Advanced options
You should see your new settings being 'enforced.'
When it finished downloading, you get a toast notification that there are updates and you need to install them.
Note that you must click install now. Restarting or shutting down from the start menu does not appear to trigger the install process.
option 2
Press Win + R and type regedit then hit Enter
Navigate to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
(you may need to create the keys manually if they don't exist)
Create a new DWORD value called AUOptions and enter a value of either 2 or 3.2 = Notify before download
3 = Automatically download and notify of installation
Restart PC
Check for updates
Inspect Advanced Settings
option 3
Task Scheduler.
Click Start and type Task Scheduler
Navigate to Task Scheduler Library >> Microsoft >> Windows >> UpdateOchestrator
To disable automatic reboots right-click on Reboot and select disable.
...
On Any Hyper-V virtual machine it adds the Floppy disk drive, and there is not an option to remove the drive from the settings window of the VM
The Way to remove this drive is by changing a value in the registry of the virtual machine that is running windows. However as I join my VMs to a domain I can utilise group policy to apply this change
I created a new group policy called "Remove Hyper V Floppy disk drive"
I went into Computer configuration > preferences > windows Settings > Registry
From there I right clicked on registry and selected new > Registry item
And set the following values:
Action: Update
Hive: HKey_Local_Machine
Key Path: SYSTEM\CurrentControlSet\Services\flpydisk
Value name: Start
Value Type: REG_DWORD
Value: 4
Base: Decimal
Then I clicked Apply and OK
I applied it to the root of the domain so that it would apply to all devices on the domain...
1) Press the windows key and R and type gpedit.msc and click OK
2) Go to Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives
And double-click the “Require additional authentication at startup” option
3) Enable and tick both to allow BitLocker without a compatible TPM
...
If the server is not on a domain
1. On the start menu type Administrative Tool
2. Select Local Security Policy.
3. Change the password Must Meet Complex Requirements option to Disabled.
In a domain enviroment
Group Policy Management
Expand Forrest >> Domains >> Your Domain Controller.
Right click on the Default Domain Policy and click on the Edit from the context menu.
Now Expand Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy
Double-click on the Passwords Must Meet Complexity Requirements option in the right pane.
Select Disabled under define this policy setting:
Click Apply then OK all the way out and close the GPO window.
In order to refresh the policy type the following command: “gpupdate /force” in the CMD window and click ENTER.
...
Disabling Windows Hello for business:
I use Office 365 I wanted to test out the AD Connect. Which allows me to join the pc's the azure domain and login with AD accounts setup on the DC, this allows me to keep existing permission on Server and I do not need to join it to Azure AD.
What I found was that when logging in it prompted to setup a pin, to get pass this follow the steps below:
Enter in Login credentials
click on setup PIN, then click on the X, it will give an error message, click on Skip for now
open Group Policy gpedit.msc
Got to "Administrative Templates > Windows Components > Windows Hello for Business" under both User configuration and Computer configuration, double click on Use Windows Hello for Business and select Disabled
Log off and back in to confirm it is working
...
By default you can connect to anyone session on a server, however this can be locked down via group policy. It is located:
Administrative Templates>Windows components>Remote Desktop Services>Remote Session Host>Connections
And is called "Set rules for remote control of Remote Desktop Services user sessions”...