RonniePedersen

Seems like you hit it on the head. Oh well, we'll have to just let the background processes do the work instead. Thanks

Short and sweet: If I change the shell value in [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] to example iexplore.exe in a kiosk machine (and nothing else, no GP security changes), Windows update stops working. It will try to initiate download of updates, but after 5+ minutes of "preparing", it throws a generic error message. If I revert the shell key to explorer.exe, everything works fine at the next login. I honestly don't remember if the background WUP service is functional, but at this point in time we need to be able to initiate it manually. Any Ideas?