How can I stop Mandatory Automatic Restarts after I do a Windows Updates?

Posted on 2006-04-20
Last Modified: 2008-02-01
In Windows it used to be that when you do an automatic update, sometimes it would finish and let you close the window, sometimes depending on the update being installed you would be given the popup dialog asking to restart now or later. If you choose later it will ask again in 10 minutes and keep asking until you restart. So lately there are some updates done on servers that HAVE to have a restart done after the install, and there is no way to stop it from happening. It restarts within 5 minutes. This happens to a lot of people and a lot of different companies, we come in to work in the morning and see that servers have been restarted. We get pages in the middle of the night saying the servers are down. I didn't tell Microsoft to restart my computer, people are using them even at night and when they get restarted automatically it causes a drop in production and starts a panic.

So, is there a way to stop the servers from restarting automatically after these updates? I have searched and searched. I have found nothing that works. Others are asking the same question, yet I see no real answers. If it is impossible, then fine, I'll leave it at that and go on still believing that Microsoft sucks as always. At least they keep me in a job though huh?  :-)

I am using Windows 2003, 2000 and XP on a Windows 2000 domain. I am setting up WSUS, everything works perfect except it restarts machines automatically after I push certain installs.
    LVL 48

    Expert Comment

    Hi cwelchmindlessmediacom,

    in GPO
    Administrative Templates\Windows Components\Windows Update\No auto-restart for scheduled Automatic Updates installations

    Specifies that to complete a scheduled installation, Automatic Updates will wait for the computer to be restarted by any user who is logged on, instead of causing the computer to restart automatically.  If the status is set to Enabled, Automatic Updates will not restart a computer automatically during a scheduled installation if a user is logged in to the computer. Instead, Automatic Updates will notify the user to restart the computer.  Be aware that the computer needs to be restarted for the updates to take effect.  If the status is set to Disabled or Not Configured, Automatic Updates will notify the user that the computer will automatically restart in 5 minutes to complete the installation.  Note: This policy applies only when Automatic Updates is configured to perform scheduled installations of updates. If the Configure Automatic Updates policy is disabled, this policy has no effect.

    WSUS will give you a lot more control also :)


    Author Comment

    I tried this already, on 2 different domains even, it didn't work. All the servers I tested on were logged into, the AU was sheduled, they still restarted.
    LVL 48

    Expert Comment

    have you enabled the configure automatic updates policy also? ill send you a link to the reference sheet im going on - windows update is right down the bottom

    Author Comment

    yeah the policy is setup. However, I did do as the WSUS docs say to do, I created and linked a new group policy and I called it WSUS Group Policy. That is where I made all of the settings for Windows Updates. That's what the docs said to do. But, as for the "no reboot after update" setting, should that also be done in the WSUS Group Policy or should it be set in the Default Domain Policy? Also, should any of these policies be Enforced?

    LVL 12

    Accepted Solution

    For my servers I had to create a seperate OU for them and link their own GPO for updates...completely seperate from the standard workstation GPO.

    Here is the GPO:

    Computer Configuration (Enabled)hide
    Administrative Templateshide
    Windows Components/Windows Updatehide
    Policy Setting
    Allow Automatic Updates immediate installation Enabled
    Automatic Updates detection frequency Enabled
    Check for updates at the following
    interval (hours):  22
    Policy Setting
    Configure Automatic Updates Enabled
    Configure automatic updating: 4 - Auto download and schedule the install
    The following settings are only required
    and applicable if 4 is selected.
    Scheduled install day:  1 - Every Sunday
    Scheduled install time: 20:00
    Policy Setting
    Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box Disabled
    No auto-restart for scheduled Automatic Updates installations Enabled
    Specify intranet Microsoft update service location Enabled
    Set the intranet update service for detecting updates: http://server:8530
    Set the intranet statistics server: http://server:8530

    LVL 12

    Expert Comment

    As to your question about the 'no reboot after update', I always keep the settings together that way you don't have to go fishing all over for each piece....

    Author Comment

    Well I just worked on it more. Here's what I had it looking like...

        > Default Domain Policy
        > WSUS Policy
        > (ou) Computers
        > (ou) Servers
            > (ou) Windows 2000
                > Servers - Windows 2000 Policy
            > (ou) Windows 2003
                > Servers - Windows 2003 Policy
        > (ou) Test Servers
            > (ou) Windows 2000
                > Test Servers - Windows 2000 Policy
            > (OU) Windows 2003
                > Test Servers - Windows 2003 Policy

    The policies inside the servers OU's are there just for the client side name. The WSUS Policy was what I had everything else set in, so like you said I would not have to go fishing. But what i realized throughout the day was that in order to have it so the servers do not reboot after updates are done, I need to enable that feature on the Default Domain Policy, not on the WSUS Policy. So, while all the MS documentation was stating that it is best practice to create a new WSUS policy and put all of our settings in there, they were forgetting to tell us that the one feature everyone is griping about should not be set there, but be done in the Default Policy which is the policy they stated is best not to touch.

    Well, that is what worked for me. If it works for others in another way and not the way I just mentioned, then that's Microsoft for ya.
    LVL 48

    Expert Comment

    My policy looks virtually Identical to Mazaraats, but for any client that doesnt get controlled by WSUS i make the change in the default domain policy - MS best practices arent always best

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
    A quick step-by-step overview of installing and configuring Carbonite Server Backup.
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    This video discusses moving either the default database or any database to a new volume.

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now