none
Automatically restarting the server in the morning after patch(tuesday) installation

    Question

  • I would like my server to automatically install all the updates as soon as they come out, but when the server requires a reboot wait till 10AM in the morning before doing a reboot.

    For example at patch Tuesday the server would be rebooted on Wednesday at 10AM.

    How can I configure this?

    Saturday, November 24, 2012 12:48 PM

Answers

  • Hi,

    >>I remember I had something like I wanted working on server 2008R2 with some group policy's

    Open gpmc.msc, navigate to Computer Configuration\ Administrative Templates\Windows Components\Windows Update, enable "Allow Automatic Updates immediate installation" and "Delay Restart for scheduled installations" policies, you can specify how many numbers of minutes a scheduled restart will occur after the installation is finished. But you can't specify an accurate time when it reboots (like the second day 10AM as you said), to achieve this maybe you need some cutom startup scripts.

    Reference:

    How to configure automatic updates by using Group Policy or registry settings
    http://support.microsoft.com/kb/328010

    Regards,
    Cicely




    Monday, November 26, 2012 7:44 AM

All replies

  • Use the SCHTASKS.EXE command to run at 10am.

    Something like: c>: SCHTASKS.EXE /create /tn rebootafterpatchtuesday /tr "shutdown -r -t:0" /sc MONTHLY /mo SECOND /d WED

    Saturday, November 24, 2012 3:49 PM
  • That wouldn't work if a security patch is released which requires a reboot but isn't released on patch Tuesday.
    I remember I had something like I wanted working on server 2008R2 with some group policy's and maybe a registry setting.
    • Edited by Gijs007 Saturday, November 24, 2012 8:46 PM
    Saturday, November 24, 2012 8:46 PM
  • That wouldn't work if a security patch is released which requires a reboot but isn't released on patch Tuesday.
    I remember I had something like I wanted working on server 2008R2 with some group policy's and maybe a registry setting.

    Probably not a good idea to just apply every patch immediately after it is released on production hardware. How about setting up a WSUS server...and then queuing up all the patches for the month, testing them first, and then deploying them all on a specific day every month...preferably a weekend?

    Saturday, November 24, 2012 8:51 PM
  • That wouldn't work if a security patch is released which requires a reboot but isn't released on patch Tuesday.
    I remember I had something like I wanted working on server 2008R2 with some group policy's and maybe a registry setting.

    Probably not a good idea to just apply every patch immediately after it is released on production hardware. How about setting up a WSUS server...and then queuing up all the patches for the month, testing them first, and then deploying them all on a specific day every month...preferably a weekend?


    I'm aware of that, but in the last 10 years I've only once had a problem with Windows Updates causing trouble so I feel that Microsoft does a great testing job before releasing updates on Windows Update.
    I think its important to always run the latest security patches as soon as possible since the server is hooked up directly to the internet without any NAT devices between it.
    Beside that the server isn't going to be used for mission critical software, although down time should be minimized its not the end of the world if the server has a few hours of down time at most.
    Saturday, November 24, 2012 9:23 PM
  •  since the server is hooked up directly to the internet without any NAT devices between it.

    You should have a firewall and NAT-PORT configured. You should never have a production server connected directly to the Internet. An older PC loaded with Linux would make a great free firewall router. I have a linksys router that I bought 2 years ago for $50 that has a NAT and port filtering feature. That will help you out with security a LOT more than depending on security patches to be applied and rebooting your server on a random/daily basis.

    To each their own though. Good luck.

    • Edited by ABCFED Sunday, November 25, 2012 4:55 PM
    Sunday, November 25, 2012 4:53 PM
  • Hi,

    >>I remember I had something like I wanted working on server 2008R2 with some group policy's

    Open gpmc.msc, navigate to Computer Configuration\ Administrative Templates\Windows Components\Windows Update, enable "Allow Automatic Updates immediate installation" and "Delay Restart for scheduled installations" policies, you can specify how many numbers of minutes a scheduled restart will occur after the installation is finished. But you can't specify an accurate time when it reboots (like the second day 10AM as you said), to achieve this maybe you need some cutom startup scripts.

    Reference:

    How to configure automatic updates by using Group Policy or registry settings
    http://support.microsoft.com/kb/328010

    Regards,
    Cicely




    Monday, November 26, 2012 7:44 AM