The trick here is to not have Windows Update do the install via the Automatic Updates mechanism. You can set it to automatically download, but for automatic installs, there's no way to stop the reboot timer from triggering unless there's a user logged into the system, such as with the No auto-restart with logged on users for scheduled automatic updates installations policy. Since this is for servers, I'm going to assume that this is not the default case, and that nobody being logged in doesn't mean the machine's resources aren't necessary at the moment.
Set up a scheduled task that will trigger the install of the updates and report when the updates are finished, or some other action, so that you know the computer is due for a restart.
I very quickly modified the script found here to suit your needs:
# Author: Gregory Strike
# Website: www.GregoryStrike.com
# Date: 02-19-2010
# Information: This script was adapated from the WUA_SearchDownloadInstall.vbs VBScript from Microsoft. It uses the
# Microsoft.Update.Session COM object to query a WSUS server, find applicable updates, and install them.
# < --- SNIP --- >
$UpdateSession = New-Object -Com Microsoft.Update.Session
$UpdateSearcher = $UpdateSession.CreateUpdateSearcher()
$SearchResult = $UpdateSearcher.Search("IsInstalled=0 and Type='Software'")
$UpdatesToInstall = New-Object -Com Microsoft.Update.UpdateColl
For ($X = 0; $X -lt $SearchResult.Updates.Count; $X++){
$Update = $SearchResult.Updates.Item($X)
If ($Update.IsDownloaded) {
$Null = $UpdatesToInstall.Add($Update)
}
}
If ($Install.ToUpper() -eq "Y" -or $Install.ToUpper() -eq "YES"){
Write-Host("")
Write-Host("Installing Updates...") -Fore Green
$Installer = $UpdateSession.CreateUpdateInstaller()
$Installer.Updates = $UpdatesToInstall
$InstallationResult = $Installer.Install()
$ResultsBody = "List of Updates Installed with Results:"
For ($X = 0; $X -lt $UpdatesToInstall.Count; $X++){
$ResultsBody = $ResultsBody + "`r`n" + $UpdatesToInstall.Item($X).Title + ": " + $InstallationResult.GetUpdateResult($X).ResultCode
}
If ($InstallationResult.RebootRequire -eq $True){
Send-MailMessage -From server@example.com -To admin@example.com -Subject "Server has installed updates that require a reboot" -Body
} else {
Send-MailMessage -From server@example.com -To admin@example.com -Subject "Server has installed updates that do not require a reboot" -Body
}
}
NOTE:
You can use the original script linked and modify that to do the detect and download as well, in which case it would probably be best to disable the Configure Automatic Updates policy.
Addendum:
There's a Windows Update PowerShell Module in the Microsoft Script Center that provides the functionality needed to write your own Windows Update scripts easily. In fact, there are many good resources (at the time of this writing) on the first page of google for the search: powershell windows update