WSUS policy and Auto Restart

Home Forums Microsoft Networking and Management Services GPO WSUS policy and Auto Restart

This topic contains 2 replies, has 3 voices, and was last updated by Avatar Anonymous 6 years, 5 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • Avatar
    avilt
    Member
    #161196

    I have the following GPO settings in Active Directory for WSUS. But with this policy, if no user is logged in to the system, the Windows updates are installed and rebooted automatically. How can I prevent the server from restarting (The security patches should be installed but no auto restart)


    Configure Automatic Updates: Enabled
    Configure automatic updating: 4 – Auto download and schedule the install
    The following settings are only required
    and applicable if 4 is selected.
    Scheduled install day: 0 – Every day
    Scheduled install time: 12:00

    Policy Setting Comment
    No auto-restart with logged on users for scheduled automatic updates installations Enabled
    Specify intranet Microsoft update service location Enabled
    Set the intranet update service for detecting updates: [URL]http://mywsus[/URL]
    Set the intranet statistics server: [URL]http://mywsus[/URL]
    (example: [URL]http://IntranetUpd01[/URL])


    Avatar
    Anonymous
    #371481

    Re: WSUS policy and Auto Restart

    If WSUS updates apply without anyone logged in, and at least one update requires a restart, then the computer restarts. That’s down to the nature o fthe updates themselves, and not all updates will requrie a restart. If you don’t want a restart to take place because you’re updating a server, then don’t force the updates to apply automatically to the servers. Do those manually. Allow the updates to download when they’re approved, but do the installs interactively. When the restart message pops up, click ‘restart later’, then schedule a restart task for a period when the outage will have minimal impact. The server will have to be restarted at some point for the applied updates to begin functioning, so it can’t be helped, but at least you can minimize the impact to users.

    For user workstations, apply the updates when no one’s logged on (middle of the night?) and let them restart. That forces compliance in your environment, and doesn’t kick users off while they’re working.

    Avatar
    Ossian
    Moderator
    #188142

    Re: WSUS policy and Auto Restart

    Have to say my policy for servers is always “download but don’t install” (for clients it is “download, install and sod the users” :twisted:)– since you are wanting to do manual restarts, triggering the updates manually should not be more work.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.