We have WSUS pushing updates out to our user's workstations, and things are going relatively well with one annoying caveat: there seems to be an issue with a pop-up being displayed in front of some users informing them that their machine will be rebooted in 15 minutes, and they have nothing to say about it:
This may be because they did not log out the prior night. Nevertheless, this is a bit too much and is very counter-productive for our users.
Here is a bit about our environment: Our users are running Windows XP Pro
and are part of an Active Directory Domain
. WSUS is being applied via Group Policy
. Here is a snapshot of the GPO that is enforcing the WSUS rules:
Here is how I want WSUS to work (ideally - I'll take whatever can get me close):
I want updates to automatically download and install every night. If a user is not logged in, I would like the machine to reboot. If a user is logged in, I would like their machine not to reboot, but instead wait until the next "installation period" where it can perform any other needed installations and reboot then (provided the a user account is not still logged in). If a user is to be prompted for reboot, it should only happen once per day (if possible), but every time they are prompted, they must have a way to postpone the reboot.
I do not want users to be forced to restart their computer whenever the computer thinks it should happen (unless it's after an update installation and there are no logged in users). That doesn't seem productive to force a system restart in the midst of a person's workday. Is there something that I can do with the GPO that would help make WSUS less intrusive? Even if it gave the user an option to Restart Later - that would be better than what is happening now.
edit
The goal is to be able to automatically download and install updates every night, and rebooting the machine only if there are no users logged on when the machine wants to reboot. If Windows has to nag the user about rebooting, this is perfectly fine - as long as they have an option to postpone that reboot.
edit
It turns out, we have some deadlines set on some updates (SP3, Client-Side Extensions, etc.), and with the post found below, some light has been shed on the situation: