No Auto-restart for Scheduled Automatic Update Installation Option

Discussion:

(too old to reply)

2006-10-05 18:50:02 UTC

All,

I want all my servers to point to our WSUS server, but the problem I am
seeing is that when I set the option to download and install and configure it
to not auto-restart it still does. Okay so I know this is by design, but I
can't afford to have 50 servers reboot after getting patched. Is there a way
to set this up so it will download and install, but not reboot? How about a
configuration or template that could say download on whatever date I choose
and reboot at a certain time? the other thing is that I don't want to go to
50 servers and manually install. HELP...

Cal166

2006-10-05 20:23:02 UTC

Permalink

Yes, you can tell the servers not to restart until a user manually logs in
and restarts it. Its all in the Group Policy.

Computer Configurations-->Adminstrative Templates-->Windows
Components-->Windows Update-->No Auto-Restart for Scheduled Automatic Updates
Installations------Select ENABLED!

Hope this helps.

CaL

2006-10-05 22:17:03 UTC

Permalink

The problem with that is I don't have users directly logged in every server.
Every time I have tested this w/o a user logged into the server it reboots
accordingly to the policy settings.

Post by Cal166
Yes, you can tell the servers not to restart until a user manually logs in
and restarts it. Its all in the Group Policy.
Computer Configurations-->Adminstrative Templates-->Windows
Components-->Windows Update-->No Auto-Restart for Scheduled Automatic Updates
Installations------Select ENABLED!
Hope this helps.
CaL

Lawrence Garvin (MVP)

2006-10-06 03:03:29 UTC

Permalink

Post by Cal166
Yes, you can tell the servers not to restart until a user manually logs in
and restarts it. Its all in the Group Policy.

No.. you cannot do this.

Please review your understanding of the policy settings, because this is
the one thing you absolutely cannot do with WSUS.

If a user is not logged onto a system when the scheduled installation event
completes, the system will be restarted at that time.

The /only/ way you can preclude a system restart after a scheduled
installation is if an Administrator, or elevated privilege, user is logged
onto the system at the time the installation completes.

Post by Cal166
Computer Configurations-->Adminstrative Templates-->Windows
Components-->Windows Update-->No Auto-Restart for Scheduled Automatic Updates
Installations------Select ENABLED!

This is the policy setting that ensures the presentation of the Restart
Now/Restart Later dialog box when a user is logged onto the system at the
time the installation completes. The "Restart Later" option will only be
available to Administrator or elevated-privilege users.

--
Lawrence Garvin, M.S., MVP-Software Distribution
Everything you need for WSUS is at
http://technet2.microsoft.com/windowsserver/en/technologies/featured/wsus/default.mspx
And, everything else is at
http://wsusinfo.onsitechsolutions.com
....

Lawrence Garvin (MVP)

2006-10-06 03:09:25 UTC

Permalink

Post by LG
All,
I want all my servers to point to our WSUS server, but the problem I am
seeing is that when I set the option to download and install and configure it
to not auto-restart it still does

This is correct, because there is /no/ option so "download and install and
not restart". The issue is in understanding the meaning of AUTO-restart. An
AUTO-restart means it happens automatically, with no ability on the part of
a logged on user to control or defer the action. Configuring the system to
NOT auto-restart, means only that the logged on user will be given a dialog
box to choose to initiate the restart. Administrator and elevated-privilege
users will also have the option to defer the restart. If no user is logged
on , the system will always restart upon completion of the installation of
updates.

Post by LG
Okay so I know this is by design, but I
can't afford to have 50 servers reboot after getting patched. Is there a way
to set this up so it will download and install, but not reboot?

Yes, it's called manual, or interactive, installation of updates, using
Option #3, which is the recommended methodology for updating servers.

In the event you have too many servers to do manual installations with, then
you might also consider the idea of a "maintenance window". See this article
for some ideas on managing update installations in a "maintenance window".
How can I update my server when I have a fixed maintenance window?
http://wsusinfo.onsitechsolutions.com/articles/011.htm

Post by LG
How about a
configuration or template that could say download on whatever date I choose
and reboot at a certain time?

Another variation, using this theme, is to use CAU Option #3, but also
configure a deadline for some period of time after you expect the detection
and downloads to be complete. If the updates are not installed by the
deadline the WUA will automatically install the updates and restart the
system at the configured deadline. You can configure the deadline on a
per-target-group basis, and it can be configured in hourly increments on any
day you choose.