Warning

 

Close
Confirm Action

Are you sure you wish to do this?

Cancel Confirm
17449 Online
bravocompany bravocompany bravocompany
brownells brownells
tnvc tnvc tnvc
AR15.COM
bravocompany
My Account
bravocompany bravocompany bravocompany
brownells brownells
tnvc tnvc tnvc
cz
aim
fightlite
silencerShop
springfield
CA
Holosun
magpul
Guns
brownells
bravocompany
skd
palmetto
JRH
geissele
DFC
GS
primaryArms
midwest
colt
vortex
RS
17449 Online
Holosun
GS
fightlite
Guns
vortex
skd
palmetto
magpul
colt
CA
brownells
midwest
bravocompany
geissele
silencerShop
DFC
RS
JRH
cz
springfield
aim
primaryArms
Site News The People of Virginia VS Grabigial BanBerger | ARFCOM News
4/9/2008 12:05:54 PM EDT
I recently deployed a SUS server.  

It seems to be installing updates at 2 ways.  

It installs updates when a user shutdown the PC.  It keeps the computer powered on until the updates and finished and it turns the PC off.  I have no problem with this.

The second way is uninitiated.  They don't click on install updates etc.  The user see a countdown timer until restart.  There is now way for the user to cancel the restart.

I have looked through all the settings but can't find away to keep it from restarting workstations.  

Any help?
4/9/2008 5:20:40 PM EDT
[#1]
I believe what you are looking for is in the windows updates settings on the client (or in your domain group policy if using AD)
run
gpedit.msc  
Computer -> Administrative -> Windows -> Windows Update
 
Probably what's enabled is Allow Automatic Updates immediate installation
Disable it.

That or No auto restart for scheduled Automatic Updates installations.

or both.
about a dozen options available in the policy

-B
4/9/2008 9:17:05 PM EDT
[#2]
normally GP overrides most other settings, but i have seen WSUS settings trump previous GP settings without any notification/acknowledgement from the sysadmin
4/10/2008 5:41:58 AM EDT
[#3]

Quoted:
I believe what you are looking for is in the windows updates settings on the client (or in your domain group policy if using AD)
run
gpedit.msc  
Computer -> Administrative -> Windows -> Windows Update
 
Probably what's enabled is Allow Automatic Updates immediate installation
Disable it.

That or No auto restart for scheduled Automatic Updates installations.

or both.
about a dozen options available in the policy

-B


Yes I am running an Active Directory.

I was in the group policy on the Domain Controller, but I don't have Windows Update.

Any way I can get it there?
4/10/2008 10:02:25 AM EDT
[#4]
bump


The users aren't happy.
4/10/2008 1:45:20 PM EDT
[#5]
The GPO setting you want is Administrative Templates->Windows Components->Windows Update -> Configure Automatic Updates.  Under 'Configure Automatic Update', you've probably got it set to a.) auto download and schedule the install, and b.) during the time the users are using their computers.

You could also set 'no auto-restart for scheduled automatic updates installations' to enabled (thus preventing the computer from automatically rebooting'.

Why not just deny all users to ability to shut down the computers and schedule the updates for after hours?  That's best practice in my eyes.
4/13/2008 7:49:52 PM EDT
[#6]
also, you're going to want to run RSOP (resultant set of policy) on the machines to see where they might be getting these settings from, if you thought you configured them right the first time.

This is one possible problem with not making separate GPOs and labeling them well.  I leave my default domain policy well enough alone, as I do my default domain controller policy.  You shouldn't go nuts and make different policies for every single thing you want to administer (this lengthens non-cached logon time), but when you start messing with the default domain policy you'd better document changes.
THBRD
colt
palmetto
RS
ar15com
bravocompany
geissele
blackhills
cmmg
CA
ar15com
LAPG
silencerShop
primaryArms
ar15com
Faxxon
LAPG
springfield
fightlite
SAS
Pro2A
gray