Checks if a Group Policy configures the computer to enable Automatic Updates. When enabled, the computer downloads and installs security and other important updates automatically. Some auditors require that this setting is configured by a Group Policy.
Create or edit a configuration profile with the following information:
Create or edit the following script and configure it to run when the check fails:
Use the policy below to verify:
SELECT 1 FROM registry WHERE path LIKE 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate' AND CAST(data as integer) = 0;
$regPath = 'HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU'
$value = (Get-ItemProperty -Path $regPath -Name 'NoAutoUpdate' -ErrorAction SilentlyContinue).NoAutoUpdate
if ($value -eq 0) {
Write-Output 1
} else {
Write-Output 0
}
PowerShell commands are currently work in progress, contributions welcome.