7

We have a Windows Server 2003 terminal server, and our IT department does not want to disable Automatic Updates. The problem is, when an update gets applied that requires a reboot, users get a popup about it and can hit Restart Now to reboot the server.

Is there a way to keep Automatic Updates on, but not give regular users the Restart popup after an update?

Rachel
  • 630
  • 4
  • 12
  • 22

2 Answers2

5

Disable the group policy allowing the notification to non-admins:

Computer Configuration > Administrative Templates > Windows Components > Windows Update > Allow non-administrators to receive update notifications

But, this behavior is the default - so either someone's specifically enabled this policy in the past, or the users are admins?

Shane Madden
  • 112,982
  • 12
  • 174
  • 248
  • The users are not admins and this behavior is set to the default... – Rachel Aug 29 '11 at 16:56
  • Check resultant set of policy and the actual setting in the registry to verify - `HKLM\Software\Policies\Microsoft\Windows\Windowsupdate\ElevateNonAdmins` – Shane Madden Aug 29 '11 at 17:06
  • That registry key doesn't seem to exist for me. In fact, it only goes as far as `HKLM\Software\Policies\Microsoft\windows` - no `WindowsUpdate` folder – Rachel Aug 29 '11 at 17:11
  • Wait.. sounds like this is the "updates just installed, you need to reboot" nag message, not the "updates are pending, click to install" message? With no users logged in, the system would just restart automatically - what behavior are you looking to get? – Shane Madden Aug 29 '11 at 17:25
  • 1
    Users get able to restart our terminal servers due to a Windows Update popup, and I want to stop this behavior. I didn't get a chance to see the popup, but judging from the Event Viewer it was caused by an Automatic Update. – Rachel Aug 29 '11 at 17:58
1

That's pretty irritating for a number of reasons. You should never just automatically apply every update that comes to you, but if you ARE going to do it, you should set up a scheduled time to apply them and reboot...Leaving that to the user is absurd in a production environment.

To set up a time, go to Control Panel->System->Automatic Updates(tab) and do "Automatic" and put in a time (defaults to 3:00am).

To do it properly, set up WSUS, so you can deploy all updates more efficiently across the domain.

Satanicpuppy
  • 5,917
  • 1
  • 16
  • 18
  • Not my decision to keep Automatic Updates turned on. If I have my way they're always disabled, even at home. The setting selected on the server is actually Download but let me choose when to Install, so I have no idea why users would be getting Restart popups. – Rachel Aug 29 '11 at 17:05
  • @rachel: "Let me choose when to install" is Microsoft-ese for "Bug me every 10 minutes until I click 'install'". If they have to be on, set it to reboot automatically at a convenient time. – Satanicpuppy Aug 29 '11 at 17:17