4

We are using a registry entry to connect our internal workstations to our WSUS server and everything seems to be working except the NoAutoRebootWithLoggedOnUsers entry. Without fail, over the last few weeks, our lab setup as well as our users have been prompted to restart their machines with a 15 minute time out and there's nothing they can do about it. They can't postpone or cancel the restart, all options in the prompt are greyed out. Below is the registry file we are using to connect our workstations to our WSUS server:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"AcceptTrustedPublisherCerts"=dword:00000001
"ElevateNonAdmins"=dword:00000000
"WUServer"="http://xxx.xxx.xxx.xxx:8530"
"WUStatusServer"="http://xxx.xxx.xxx.xxx:8530"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"AUOptions"=dword:00000004
"AutoInstallMinorUpdates"=dword:00000001
"DetectionFrequencyEnabled"=dword:00000001
"DetectionFrequency"=dword:00000002
"NoAutoUpdate"=dword:00000000
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"RebootRelaunchTimeout"=dword:00000030
"RebootRelaunchTimeoutEnabled"=dword:00000001
"RescheduleWaitTime"=dword:00000020
"RescheduleWaitTimeEnabled"=dword:00000001
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003
"UseWUServer"=dword:00000001

There is a bit of redundancy, if you want to call it that, having both the NoAutoRebootWithLoggedOnUsers entry as well as the entries for RebootRelaunchTimeout but we wanted to see if we could either disable the restart, or give our users a larger window within which they could wrap up their work, etc. before restarting. Neither of these entries seems to work, but our priority is getting NoAutoRebootWithLoggedOnUsers working and any help with this would be greatly appreciated.

the_pete
  • 143
  • 7
  • Anyone that can help with this? – the_pete Jun 16 '14 at 15:41
  • Did you check to see if the keys exist on the target machine? Don't you have a domain to do this via GPO? – Bigbio2002 Jun 24 '15 at 16:28
  • We monitor the registries of each machine withing OCSNG and can verify that all necessary registry entries are in place. Unfortunately we aren't on a domain which we know could solve the issue flat out so we're stuck with this. – the_pete Jun 24 '15 at 16:53
  • What version of Windows are your workstations? – Bigbio2002 Jun 29 '15 at 13:03
  • They are a mix of Win 7 x64 and Win 8 (not 8.1) x64. We already know that because the WSUS server is "old" it doesn't handle the discovery, labeling, and sorting of Win 8 properly. – the_pete Jun 29 '15 at 15:59
  • You can set RebootWarningTimeoutEnabled = 1 and RebootWarningTimeoutEnabled = 30 / 0x1E (minutes maximum allowed) to give your users more time than the default 15. Very odd that NoAutoReboot.. isn't working though. The users are standard users, not local admins? – Bigbio2002 Jun 29 '15 at 16:07
  • The WSUS .reg file is imported on the users machine using the local admin account but each user logs in as a Standard user. – the_pete Jun 29 '15 at 18:05
  • Can you use regedit to remote to a target machine and verify the existence of the registry keys? Does the forced reboot happen on both the Win 7 and 8 machines? – Bigbio2002 Jun 30 '15 at 16:50
  • We can remote to those machines and have verified the existence of the keys through PSExec and regedit. Every machine that is connected to the WSUS server will reboot if the update requires it; Win 7, Win 8, Server 2012, etc. – the_pete Jun 30 '15 at 18:00
  • I'm stumped. I was going to suggest changing ElevateNonAdmins to 0x1, but it supposedly has no effect on Win 7/8. Worth a try for fun though. Do any of your updates from WSUS have deadlines applied? That could be causing the forced reboots. – Bigbio2002 Jul 07 '15 at 16:20
  • We don't set deadlines, just a time to begin the install which is usually 5pm EST on all non-WSUS Lab machines. The lab machines are set to install as soon as we approve the updates. – the_pete Jul 07 '15 at 19:06
  • Have you tried adding the keys I suggested above? – Bigbio2002 Jul 07 '15 at 20:26
  • For your Windows 8 machines, you also need to install patch KB2883201 in order for it to respect legacy Windows Update GPO schedules. – Bigbio2002 Jul 10 '15 at 16:33
  • We'll get on this. To date, we've installed every KB for Win 7 and Win 8 that were suggested by the server and during new machine setup we allow Windows to install all updates. – the_pete Jul 10 '15 at 18:27

0 Answers0