This FAQ explains how Atera’s Configuration Policies help IT admins centrally manage Windows updates and device reboots across all endpoints. These policies improve compliance, security, and user experience by allowing precise control over update behavior, reboot timing, and user notifications.
Overview
Q: What is a Configuration Policy in Atera?
A: A Configuration Policy allows you to centrally control patching and reboot settings for Windows devices. Policies can be applied at the Customer, Folder, or Agent level to maintain consistency and compliance across your environment.
Setup and Configuration
Q: How do I set up a Configuration Policy for Windows Updates?
A: When creating a policy, you can:
Enable “Control via Atera’s IT Automation Profiles (Recommended)” for full centralized patch management, or
Choose “Allow automatic Windows local updates” to let devices manage updates independently.
Q: How does policy inheritance work?
A: Configuration Policies follow a hierarchical structure:
Customer-level policies apply to all Folders and Agents unless overridden.
Folder-level policies override Customer-level ones.
Agent-level policies override both.
Q: Does Atera override existing Group Policy Objects (GPO)?
A: No. Domain GPOs always take precedence. Atera Configuration Policies do not override or remove GPO settings.
Policy Management and Enforcement
Q: What happens if I disable, unassign, or delete a policy?
A: Disabling or deleting a policy stops enforcement but does not automatically revert device settings.
To restore original configurations, select “Revert to device settings” before removing the policy.
Q: Why do some devices remain locked or have grayed-out Windows Update options after policy removal?
A: If Atera previously managed updates, registry keys may persist. To resolve this:
Reassign the policy.
Set it to “Allow automatic Windows local updates.”
Wait for enforcement, then remove it again.
You can also manually clear registry entries if needed.
Q: How often are Configuration Policies enforced?
A:When a Configuration Policy is assigned per device, its settings are applied instantly.
However, when assigned at the Customer or Folder level, enforcement occurs approximately every 12 hours to ensure all devices receive the updated settings.
Q: When are changes applied after updating a policy?
A: Updates take effect within 10–12 hours. Offline devices apply changes the next time they check in.
Reboots and Notifications
Q: What are the restart options after updates?
A: You can customize reboot behavior to:
Allow user control over restarts
Set restart delays (15–180 minutes)
Restrict restarts to outside active hours
Force reboots after a set number of ignored prompts
Q: How do reboot popups and notifications work?
A: Users receive toast notifications reminding them to restart. After the configured number of ignored prompts, a forced reboot occurs automatically.
Q: Can I allow end users to control device restarts?
A: Yes. You can let users postpone reboots and only enforce them after multiple missed notifications.
Automation and Compatibility
Q: How do Configuration Policies interact with Automation Profiles?
A: Configuration Policies override the “Reboot if needed” setting in IT Automation Profiles.
Reboots follow the policy’s defined rules, not automation defaults.
Q: Do Configuration Policies affect all device types?
A: Most options apply to Windows 10, Windows 11, and Windows Server 2022+.
Some features, such as toast notifications, are not supported on servers.
Q: Do Configuration Policies work on Windows Home editions?
A: No. These settings rely on Group Policy support, which is not available in Windows Home editions.
Q: Why are some Windows restart scheduling options not working on certain Windows Server versions?
A: Some advanced restart scheduling features, such as Active Hours–based restarts or delayed restart timing, are not supported on Windows Server 2016 and Windows Server 2019.
Configuration Policies interact directly with the Windows Update Agent (WUA) built into each operating system. Windows Server 2016 and 2019 are Long-Term Servicing Channel (LTSC) versions based on older Windows 10 core builds (1607 and 1809). These versions do not include the newer Windows Update for Business capabilities required for granular restart scheduling.
Because of this operating system limitation, certain reboot timing options may appear configurable in Atera but will not execute on those server versions.
For full restart scheduling functionality, Windows 10 (newer builds), Windows 11, or Windows Server 2022 and later are required.
Troubleshooting
Q: Why can’t users manually run Windows Updates when a policy is active?
A: When “Control via Atera’s IT Automation Profiles” is enabled, manual update access is disabled.
Switch to “Allow automatic Windows local updates” to restore it.
Q: How can I manually revert a device to default Windows Update behavior?
A: To manually revert a device to default Windows Update behavior, first unassign or remove any active Atera configuration policies, then delete (or set to 0) the registry values SetDisableUXWUAccess in HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate and NoAutoUpdate in HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU, and finally restart the Windows Update service or the device or reboot the device completely; this restores manual update controls and the standard Windows update interface for end users.
Q: What should I do if the “Check for updates” button is still grayed out?
A: Ensure the policy is set to allow updates, wait for it to sync (up to 12 hours), and reboot the device if necessary.
Q: How can I troubleshoot missing user notifications?
A:
Confirm Windows notification settings are enabled.
Verify that local or domain GPOs aren’t blocking toast notifications.
Reboot the device after enabling notifications.
Policy Monitoring
Q: How are policy changes tracked or audited in Atera?
A: Every edit, assignment, or deletion of a Configuration Policy is logged under Admin > Users and Security > Audit Log.
Q: Are policy changes sent as alerts to admins?
A: No. Atera does not generate real-time alerts for policy changes.
However, all actions are recorded in the Audit Log for compliance and review.
