Solved

Automatic Updates

Posted on 2011-09-16
14
251 Views
Last Modified: 2012-05-12
I have a domain with about 1500, 2000 machines I have a WSUS server controlling updates.  I have a GPO with the following.. See Attached Screen Shot.

Is there a way to modify this so that the updates install automatically but the machine doesn't reboot?  Currently, It's set to download updates for me but let me choose when to install.  I want to change this to automatic but no reboot.  Is this possible? GPO Settings
0
Comment
Question by:WellingtonIS
  • 5
  • 3
  • 3
  • +1
14 Comments
 
LVL 90

Expert Comment

by:John Hurst
ID: 36549310
Some updates require a reboot, and not doing one will cause issues. Worse, some updates cannot be done at all unless the previous reboot takes place. So if you change to automatic, you must let updates restart the computer. Best done overnight if you can. ... Thinkpads_User
0
 

Author Comment

by:WellingtonIS
ID: 36549337
I realize that however, this is a  hospital so no down time at all on 90% of the PC's.  My problem is the nurses do not install them at all so they just sit there.  I can have my IT staff go around and install them but it's a waste of time.  so I'd rather install them automatically and then I can have the machines rebooted.  Even if my uses shut off the machines at least they will get updated.  But I need to make sure that the computer will not automatically reboot on it's own.  That is a must.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 36549363
If it is a *must* that the machine does not reboot on its own, then you need to use your prior setting (let user choose to install) and then have a process where those machines are restarted by the user when convenient.

... Thinkpads_User
0
 

Author Comment

by:WellingtonIS
ID: 36549397
So there's no way to install the updates without having the machine automatically reboot?  Even though the setting says no auto restart... in the GPO.  That will not stop an automatic reboot?  And there's nothing else on the local machine I can set either?
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 36549424
I have checked all the settings I can find locally. The issue as I see it is that automatic updates will leave the machine in a state of suspense if it cannot reboot. If it is "never" rebooted (say for a couple of weeks), the user may have other issues. Also, as I noted, there have been a few updates recently (all in one list) that won't happen until rebooted.

For me, in this situation, the "download but let me install" is the best compromise.

... Thinkpads_User
0
 

Author Comment

by:WellingtonIS
ID: 36549472
I think that maybe ok this way the user will be forced to reboot at some point.  I have to think about this one.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 66

Accepted Solution

by:
johnb6767 earned 500 total points
ID: 36552704
No auto-restart for scheduled Automatic Updates installations
http://support.microsoft.com/kb/328010

Perhaps in conjunction with a scheduled reboot (make sure to communicate with teh End Users, and allow AMPLE warning time before actual shutdown)....

This should allow your updates to happen, and then get processed when rebooted.
0
 

Author Comment

by:WellingtonIS
ID: 36562830
So far what I've done is enable the No auto restart in Group Policy.  I tested it on 1 machine this morning @ 11.  So far its 3:30 and the machine still hasn't rebooted.  I've added about 5 machines to the GPO to see if they will reboot.  I'm "assuming" I would need to do that registry fix on the local machines?  Can't do a scheduled reboot.  this is a hospital we work 24 x 7
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36564651
Just apply the policy to a wider scope via OU, once you confirm it works satisfactorily....
0
 

Author Comment

by:WellingtonIS
ID: 36567094
I'll let you know after 11 I took about 5 machines and tried it as a test.  Thx for the help.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36989783
Still interested..... Looks like http:#36562830 could be a verified solution.....
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 37052209
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video discusses moving either the default database or any database to a new volume.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now