MS Edge Maintenance

What are others doing when it comes to maintaining MS Edge on Windows servers?

It would seem that the monthly cumulative hotfix MS sends us do not contain updates for Edge.

Leave self updating enabled by GPO. That get’s most of them. For the rest that are firewalled, we include the latest Edge Fixlet in our monthly baseline.

We don’t use GPO. Most Windows we have are not in AD.

You can use GPO without a domain locally on each server, it’s just more difficult to manage as AD based GPO can self propagate. Also you can apply registry keys for those GPO… main downside is, when you do, it does not reflect in Group Policy MMC.

It’s been 2 years since I looked at this… but from what I recall, these are the two primary edge keys to set for self updating… and I think by default it is enabled. Adjust as needed… can you can use Local GPO to set the policies and then compare to what the registry has… if you go the registry method.

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EdgeUpdate]
“AutoUpdateCheckPeriodMinutes”=dword:00000000
“UpdateDefault”=dword:00000000

Alternatively, you could use a Fixlet/Action as a policy to set the required values in the registry. The main drawback that I see from this approach or the GPO approach is that a user has to initiate the update.

Pushing updates to Edge via patch management has its own challenges due to the pace of the security updates released by Microsoft (and Google). It is a quandary with no simple solutions.

If you set GPO to enforce automatic updating, along with a frequency, then the user does not have to do anything other then close Edge so it can swap out the EXE. It’s working well for us, most servers update without issue unless there is a firewall blocking access which is where we just update with a fixlet.

1 Like