•WUA (Windows Update Agent) is Microsoft’s patch engine, the same background utility used when patching a home computer using Control Panel > Windows Updates.
•Kaseya leverages WUA by invoking WUA.api, Microsoft’s exposed portions of the WUA utility
•WUA is used for all patch scans and some or all patch installations (depending on File Source Configuration)
•Scan: WUA negotiates with Microsoft to determine the patches that are missing from and applicable to the endpoint
•Install: WUA negotiates all patch installations when the File Source is configured as “Download from Internet” OR when a patch is flagged as “Internet Based Install Only”
•WUA depends on two services (Start > Run > services.msc)
–Windows Update or Automatic Update (wuauserv)
–Background Intelligent Transfer Service (BITS)
•Patch Management > Windows Auto Update is used to configure the Windows Update client on the local machine
Kaseya recommends the Windows Update Client be disabled on the local machine:
This NOT the same as the Windows Update service, which must remain enabled and started (via Control Panel > Services):
•Ensure Group Policy is not configured to enable the Windows Update Client. Group Policy will overwrite Kaseya’s setting. An entry will be made in the Configuration Changes log if this occurs. Review https://support.microsoft.com/kb/328010 for details on configuring Windows Update via Group Policy
•Windows Action Center can also allow the user re-enabled Windows Automatic Updates and will result in an entry in the Configuration Changes log.
