- Regular users being able to install update and restart a *** server *** (https://support.microsoft.com/en-za/help/4014345/how-to-block-user-access-to-windows-update-on-windows-server-2016) ;
- "Dual scan" feature resulting in the lovely GPO "Do not allow deferral policies to cause scan against Windows Update". It tooks me 30 min to understand the latter (and I'm not sure I get it right).
I just can believe the Windows Update mess we're in....
Man, I just want updates being downloaded only and being able to install them on *** servers *** when I decide by clicking "install updates".
Hence the "3 - Auto download and notify for install" former option.
And, of course I don't want users being able to install updates nor restart a *** server ***.
What was wrong with that ?