No announcement yet.

WSUS policy and Auto Restart

  • Filter
  • Time
  • Show
Clear All
new posts

  • WSUS policy and Auto Restart

    I have the following GPO settings in Active Directory for WSUS. But with this policy, if no user is logged in to the system, the Windows updates are installed and rebooted automatically. How can I prevent the server from restarting (The security patches should be installed but no auto restart)
    Configure Automatic Updates: Enabled
    Configure automatic updating: 4 - Auto download and schedule the install
    The following settings are only required
    and applicable if 4 is selected.
    Scheduled install day: 0 - Every day
    Scheduled install time: 12:00

    Policy Setting Comment
    No auto-restart with logged on users for scheduled automatic updates installations Enabled
    Specify intranet Microsoft update service location Enabled
    Set the intranet update service for detecting updates: http://mywsus
    Set the intranet statistics server: http://mywsus
    (example: http://IntranetUpd01)

  • #2
    Re: WSUS policy and Auto Restart

    If WSUS updates apply without anyone logged in, and at least one update requires a restart, then the computer restarts. That's down to the nature o fthe updates themselves, and not all updates will requrie a restart. If you don't want a restart to take place because you're updating a server, then don't force the updates to apply automatically to the servers. Do those manually. Allow the updates to download when they're approved, but do the installs interactively. When the restart message pops up, click 'restart later', then schedule a restart task for a period when the outage will have minimal impact. The server will have to be restarted at some point for the applied updates to begin functioning, so it can't be helped, but at least you can minimize the impact to users.

    For user workstations, apply the updates when no one's logged on (middle of the night?) and let them restart. That forces compliance in your environment, and doesn't kick users off while they're working.
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **


    • #3
      Re: WSUS policy and Auto Restart

      Have to say my policy for servers is always "download but don't install" (for clients it is "download, install and sod the users" )-- since you are wanting to do manual restarts, triggering the updates manually should not be more work.
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd

      ** Remember to give credit where credit is due and leave reputation points where appropriate **