Skip to main content

Currently using WSUS (hate it) and looking to migrate to Automox. How do you guys have your GPOs configured in regards to WIndows Updates? Do you just leave them as default or do you suppress them from looking to Microsoft for updates so Automox is needed to trigger and manage?

Hi Dimforest. We have a lot of similarities to how group policy works. For example we allow our group configurations to modify registry entries similar to group policy. If you set your group to the following





You’ll prevent the device from going out on it’s own and pulling down updates while allowing it to pull updates from Microsoft during your scheduled patch time. Let me know if that doesn’t make sense.


I have the same setting as the screenshot above. This gives us predictable patching, and control. This is the reason for going with a platform like Automox.


I will second what @jesumyip says.



I’m a brand new Automox customer myself and have had rock-solid, predictable patching with the settings @jason.goode posted above.



So far, I highly recommend Automox!


Hey @dimforest, @jason.goode’s suggestion is the the best way to handle patching through Automox without WSUS. GPOs and the Automox OS Patch Management settings can “stomp” on each other if both are applying, and cause unpredictable results.


I suggest removing your GPO settings that manage Windows Updates when you switch over to Automox. This can save you some troubleshooting in the future.


One tip for everyone who is replacing GPOs with Automox - this site will assist you greatly : https://gpsearch.azurewebsites.net/



It’s a reference site that lists out all the GPOs you will ever need, and the corresponding registry key settings. 🙂


Great site! Thank you for sharing. In addition to that one, I also use this site as well: https://admx.help/