?
Solved

How can I stop Mandatory Automatic Restarts after I do a Windows Updates?

Posted on 2006-04-20
8
Medium Priority
?
342 Views
Last Modified: 2008-02-01
In Windows it used to be that when you do an automatic update, sometimes it would finish and let you close the window, sometimes depending on the update being installed you would be given the popup dialog asking to restart now or later. If you choose later it will ask again in 10 minutes and keep asking until you restart. So lately there are some updates done on servers that HAVE to have a restart done after the install, and there is no way to stop it from happening. It restarts within 5 minutes. This happens to a lot of people and a lot of different companies, we come in to work in the morning and see that servers have been restarted. We get pages in the middle of the night saying the servers are down. I didn't tell Microsoft to restart my computer, people are using them even at night and when they get restarted automatically it causes a drop in production and starts a panic.

So, is there a way to stop the servers from restarting automatically after these updates? I have searched and searched. I have found nothing that works. Others are asking the same question, yet I see no real answers. If it is impossible, then fine, I'll leave it at that and go on still believing that Microsoft sucks as always. At least they keep me in a job though huh?  :-)

I am using Windows 2003, 2000 and XP on a Windows 2000 domain. I am setting up WSUS, everything works perfect except it restarts machines automatically after I push certain installs.
0
Comment
  • 3
  • 3
  • 2
8 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16497626
Hi cwelchmindlessmediacom,

in GPO
Administrative Templates\Windows Components\Windows Update\No auto-restart for scheduled Automatic Updates installations

Specifies that to complete a scheduled installation, Automatic Updates will wait for the computer to be restarted by any user who is logged on, instead of causing the computer to restart automatically.  If the status is set to Enabled, Automatic Updates will not restart a computer automatically during a scheduled installation if a user is logged in to the computer. Instead, Automatic Updates will notify the user to restart the computer.  Be aware that the computer needs to be restarted for the updates to take effect.  If the status is set to Disabled or Not Configured, Automatic Updates will notify the user that the computer will automatically restart in 5 minutes to complete the installation.  Note: This policy applies only when Automatic Updates is configured to perform scheduled installations of updates. If the Configure Automatic Updates policy is disabled, this policy has no effect.

WSUS will give you a lot more control also :)

Cheers!
0
 

Author Comment

by:cwelchmindlessmediacom
ID: 16497868
I tried this already, on 2 different domains even, it didn't work. All the servers I tested on were logged into, the AU was sheduled, they still restarted.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16497928
have you enabled the configure automatic updates policy also? ill send you a link to the reference sheet im going on - windows update is right down the bottom

http://www.microsoft.com/downloads/details.aspx?FamilyID=7821C32F-DA15-438D-8E48-45915CD2BC14&displaylang=en
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 

Author Comment

by:cwelchmindlessmediacom
ID: 16498349
yeah the policy is setup. However, I did do as the WSUS docs say to do, I created and linked a new group policy and I called it WSUS Group Policy. That is where I made all of the settings for Windows Updates. That's what the docs said to do. But, as for the "no reboot after update" setting, should that also be done in the WSUS Group Policy or should it be set in the Default Domain Policy? Also, should any of these policies be Enforced?


Thanks
0
 
LVL 12

Accepted Solution

by:
Mazaraat earned 1500 total points
ID: 16501008
For my servers I had to create a seperate OU for them and link their own GPO for updates...completely seperate from the standard workstation GPO.


Here is the GPO:

Computer Configuration (Enabled)hide
Administrative Templateshide
Windows Components/Windows Updatehide
Policy Setting
Allow Automatic Updates immediate installation Enabled
Automatic Updates detection frequency Enabled
Check for updates at the following
interval (hours):  22
 
Policy Setting
Configure Automatic Updates Enabled
Configure automatic updating: 4 - Auto download and schedule the install
The following settings are only required
and applicable if 4 is selected.
Scheduled install day:  1 - Every Sunday
Scheduled install time: 20:00
 
Policy Setting
Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box Disabled
No auto-restart for scheduled Automatic Updates installations Enabled
Specify intranet Microsoft update service location Enabled
Set the intranet update service for detecting updates: http://server:8530 
Set the intranet statistics server: http://server:8530 
 


0
 
LVL 12

Expert Comment

by:Mazaraat
ID: 16501024
As to your question about the 'no reboot after update', I always keep the settings together that way you don't have to go fishing all over for each piece....
0
 

Author Comment

by:cwelchmindlessmediacom
ID: 16501959
Well I just worked on it more. Here's what I had it looking like...

Domain
    > Default Domain Policy
    > WSUS Policy
    > (ou) Computers
    > (ou) Servers
        > (ou) Windows 2000
            > Servers - Windows 2000 Policy
        > (ou) Windows 2003
            > Servers - Windows 2003 Policy
    > (ou) Test Servers
        > (ou) Windows 2000
            > Test Servers - Windows 2000 Policy
        > (OU) Windows 2003
            > Test Servers - Windows 2003 Policy

The policies inside the servers OU's are there just for the client side name. The WSUS Policy was what I had everything else set in, so like you said I would not have to go fishing. But what i realized throughout the day was that in order to have it so the servers do not reboot after updates are done, I need to enable that feature on the Default Domain Policy, not on the WSUS Policy. So, while all the MS documentation was stating that it is best practice to create a new WSUS policy and put all of our settings in there, they were forgetting to tell us that the one feature everyone is griping about should not be set there, but be done in the Default Policy which is the policy they stated is best not to touch.

Well, that is what worked for me. If it works for others in another way and not the way I just mentioned, then that's Microsoft for ya.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16503153
My policy looks virtually Identical to Mazaraats, but for any client that doesnt get controlled by WSUS i make the change in the default domain policy - MS best practices arent always best
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question