A Group Policy Object (GPO) is a virtual collection of policy settings and has a unique name, such as a GUID. Group Policy settings are contained in a GPO. A GPO can represent policy settings in the file system and in the Active Directory. There are a lot of enterprise management packages that help manage windows updates in a very good manner. Also with Configuration and Management tools, this can be managed as well. An example of this solution is Microsoft System Center Systems (SCCM). Here are some related GPO articles I have written. What is Group Policy Object and how can it be launched, GPUpdate Switches: GPUpdate vs GPUpdate force. For a comprehensive list of articles, kindly refer to this link.
Without solutions like SCCM etc, we find it difficult to centrally manage updates for server and client operating systems in Active Directory correctly. Group Policy is not the best solution
Group Policy can provide a limited way of achieving this functionality but not enough as it can often lead to other organizational problems. With Group Policy, here is it is configured and most times not sufficient for your organization’s need.
Launch the GPEditor via searching for gpedit.msc
- Navigate through Computer Configuration
- Administrative Templates
- Windows Components
- Windows Update 
Locate the Configure automatic update. Here you will see that the date is missing and with this, GPO is not regarded as an optimal solution for installing Windows Updates.
Group Policy Draw Back
– Because GPO does not have a scheduled installation date rather than days of the week and the monthly categorization, as shown above, this solution does not make it very effective for managing Windows Updates.
– If you are not using WSUS but directly pulling updates from the Microsoft Update Catalog
The biggest challenge here is, you cannot be explicitly withheld or push out updates immediately.
– The other strategy for system updates is to stick to maintenance times, and the best way to do that is to assign this setting at the Organisational Unit (OU) level. In this configuration, an OU would be created for a category of like servers. These OUs would all undergo their Windows Updates at the same time that is configured in the GPO for that OU.
If you do not have SCCM or any 3rd party application capable of performing this, the good news is that Windows Admin Center (WAC) is capable of performing this task. Follow the following link to see the steps on how this is performed.
I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.