diff --git a/defaults/main.yml b/defaults/main.yml
index 9fd768e..14a8194 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -530,3 +530,11 @@ public_firewall_log_path: '%SystemRoot%\System32\logfiles\firewall\publicfw.log'
 # public_firewall_log_size is the size of the log file
 # To conform to CIS stadnards the value should be 16,384 or greater. Value is in KB
 public_firewall_log_size: 16,384
+
+
+# 18.9.102.2
+# win16cis_wupdate_options are described below
+# value 2 - Notify for download and install, value 3 - Auto download and notify for install
+# value 4 - Auto download and schedule install (recommended), value 5 - Allow local admin to choose setting
+# value 7 - Auto download, notify to install, notify to restart
+win16cis_wupdate_options: 4
\ No newline at end of file
diff --git a/tasks/section18.yml b/tasks/section18.yml
index 523f3b8..179d2fb 100644
--- a/tasks/section18.yml
+++ b/tasks/section18.yml
@@ -2614,9 +2614,12 @@
 - name: "SCORED | 18.9.102.2 | PATCH | (L1) Ensure 'Configure Automatic Updates' is set to 'Enabled'"
   win_regedit:
       path: HKLM:\Software\Policies\Microsoft\Windows\Windowsupdate\Au
-      name: NoAutoUpdate
-      data: 0
+      name: "{{ item.name }}"
+      data: "{{ item.data }}"
       type: dword
+  with_items:
+      - { name: NoAutoUpdate, data: 0 }
+      - { name: AUOptions, data: "{{ win16cis_wupdate_options }}" }
   when:
       - rule_18_9_102_2
   tags: