WSUS - Computers Restarting at 4:30 PM to install Upates

I've walked into a weird situation at my new job 5 servers in place

1) Server R2 2012 - AD server
2) Server R2 2012 - App and File Server (RWW)
3) Server 2012 - Exchange 2013 server
4) SBS 2003 - Microsoft CRM 4.0 Server
5) Windows Server 2003 - Houses our alarm system and WSUS

In WSUS on the 2003 server, the time set is 9:30 pm, however a handful of computers restart anywhere between 410 and 440 pm in the afternoon when the office is still open.  They get a pop up asking if they want to postpone for 10 minutes, an hour or 4 hours, however no matter what selection they pick after 10 minutes the pop up comes back and after the third time it automatically restarts regardless of what is picked, causing people to lose work.

I can't find any setting anywhere to make a change to stop this.  Any ideas?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Radhakrishnan RSenior Technical LeadCommented:

This is happening because the WSUS updates been scheduled to install as soon as approved (auto approval). This should be controlled by group policy.

start>>run>>gpmc.msc>>Edit the default domain policy (or whatever the policy you are using to deploy windows update)>>Computer Configuration>>Policies>>Administrative Templates>>>Windows Components>>Windows Update>>In the right hand side you will able to see several settings related to WSUS. You can change this according to your requirement.

PS- If the settings didn't find in default domain policy, you can run a rsop.msc onto a station and locate the above path and see which policy is being applied, change that policy accordingly.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
FosterThomasAuthor Commented:
Thanks I found the policy and edited to the picture below, this was the only thing in the list that was enabled so I figured it had to be the cause.

I selected number 3, thinking it should auto download the updates and then prompt the user to install?
Seth SimmonsSr. Systems AdministratorCommented:
for your servers, recommend auto download and notify for install
then reboot when you are ready; preferably after hours or the weekend
monitor it to make sure it comes up ok

this was the only thing in the list that was enabled so I figured it had to be the cause

well, yes...though that is the only item in the list that is enabled?  if that's the case then it isn't configured to use WSUS, it is just using windows update

have you opened the WSUS console and verified those systems are reporting to it?
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

FosterThomasAuthor Commented:
Whats the benefit from WSUS or just Microsoft Automatic Updates?  I just want the computers to be up to date and monitored and not manually have to update them, but control the time they restart.
FosterThomasAuthor Commented:
There are two other things enabled sorry I worded the above wrong, here is everything in that WSUS group policy
Seth SimmonsSr. Systems AdministratorCommented:
ok so it looks like it is using WSUS
with WSUS you can control what computer groups (or OU depending on how you have it configured) get updates.  sometimes you want to hold back an update because of a known issue or to block windows 10 update notifications.  i suggested to restart manually as you don't want all your domain controllers updating and rebooting at the same time.  also with exchange, you want to make sure everything comes up ok else you don't want the next morning to discover something broke
FosterThomasAuthor Commented:
My servers are not hooked up to WSUS, I update them manually every sunday night and restart.

Only User computers are added to WSUS, I just need to figure out how to get them to stop auto restarting, but also have the updates download and install, because I know users won't hit install if they see something pop up.

What of the 4 settings in my first picture above do you think is best.
Radhakrishnan RSenior Technical LeadCommented:
I would suggest to select 4 -Auto download and schedule the install. So, that this can be scheduled when users are not using the machines.
FosterThomasAuthor Commented:
I made the changes, will monitor for a few days then close the question out, thanks guys
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.