locked
WSUS - Patching production servers RRS feed

  • Question

  • We have a group of production servers that are patched via WSUS but set to 'Auto download and notify for install' so they will not auto reboot.

    We had someone else handling updates up until recently, and I am working on improving the process. In the past they would remote in to all of the servers on a Saturday night during a maintenance window, click to install the updates, wait for the install to complete, then reboot the servers. 
    1.) Is there a way / GPO configuration for the updates to auto install but not reboot? 
    2.) Can I remote in to the servers during business hours and install then updates, then schedule a reboot during maintenance hours via task scheduler?
     
    I have the GPO setting of 'No auto-restart with logged on users for scheduled automatic updates installations' set to Enabled so I understand if I am logged in the server will not auto reboot. I am wondering if this is the same if I lock the server, and leave the session in a disconnected state. 
    If 1. above is not possible, my plan is to install updates manually on all servers at some point during the week during business hours, then 'lock' the server and allow the scheduled task to reboot over the weekend? Is this a valid method or is there a better way?
    Friday, April 21, 2017 4:59 PM

All replies

  • Hi commfudeaf,

    >1.) Is there a way / GPO configuration for the updates to auto install but not reboot? 

    We may select AU option 4, auto download and schedule the install; And enable policy "NO-auto restart when logged on users";

    >2.) Can I remote in to the servers during business hours and install then updates, then schedule a reboot during maintenance hours via task scheduler?

    If we use AU option 4, then we don't need to remote to the servers and click "Install updates" manually, the updates will be installed on schedule time.

    > have the GPO setting of 'No auto-restart with logged on users for scheduled automatic updates installations' set to Enabled so I understand if I am logged in the server will not auto reboot. I am wondering if this is the same if I lock the server, and leave the session in a disconnected state. 

    Yes, when there are users logon in the computer, then the computer will not be restart automatically.

    >my plan is to install updates manually on all servers at some point during the week during business hours, then 'lock' the server and allow the scheduled task to reboot over the weekend? Is this a valid method or is there a better way?

    You can do this, while I think with AU option 4, we don't need to install the updates manually.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, April 25, 2017 5:53 AM
  • Hi commfudeaf,

    Just to check if the above reply could be of help? If yes, you may mark useful reply as answer, if not, welcome to feedback.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, May 3, 2017 6:57 AM