Check Your Automatic Update Status
(get-itemproperty hklm:\software\policies\microsoft\windows\windowsupdate\au -ea SilentlyContinue).NoAutoUpdate -ne 1
TYPICAL COMPANY EXCUSES FOR NOT ALLOWING AUTOMATIC UPDATES:
Companies often make their own problems worse by avoiding automatic updates.
- BUSINESS CRITICAL – One of the most common is that an update might take down a “business critical” application.
This is an argument that is not well thought out because the cost of not allowing updates is far worse and not only affects the business-critical needs of the organization, but also the security of its employees and all other connected parties.
- APPLICATIONS MAY BREAK – If applications break because of an update, then it gives us an opportunity to fix the underlying problem, and make the applications more secure and conform to current standards that other processes depend on. It is often much easier and certainly more sustainable, to fix any inherent problems in the application environment than it is to compound the problem by ignoring or postponing the update process, even if it is in favor of a different solution such as WSUS. Those solutions should be in addition to the built-in automatic update features of Windows, not instead of.
It is my overwhelming belief as a Cyber Security Engineer, that the practice of not allowing systems to be updated on their own, outside of WSUS and other update systems, is a very big mistake and one that is unfortunately common among a large percentage of companies.