Our domain has about 30 servers used for hosting LOB applications. We do updates only quarterly but unfortunately we've situations where local admins have installed MS updates and rebooted servers when they should not have, disrupting service. So, I wanted to see:
1. How to disable to pop-up that appears in the notification area that tells users there are MS updates ready to install. I'm looking through Group Policy but can only find a setting to disable the pop up for non-admins. And I can't remove certain domain users from the local admins group, however, those particular users are not domain admins.
2. How to restrict the MS updates so only domain administrators can install MS updates. Can't find this setting and have looked online.
We're running purely 2008. The DCs are both 2008 R2. Forest and domain functional levels are 2008 R2. All servers are part of the domain.