locked
Servers restart after getting updated - Schedule the restart RRS feed

  • Question

  • I currently have a GPO deployed in our AD for applying updates using WSUS (on version 3.2).  In my GPO, under Computer Configuration --> Administrative Templates --> Windows Update I have the following settings:


    Allow Automatic Updates immediate installation Enabled  
    Allow non-administrators to receive update notifications Enabled  
    Automatic Updates detection frequency Enabled  
    Check for updates at the following 
    interval (hours):  22 
     

    Configure Automatic Updates Enabled  
    Configure automatic updating: 4 - Auto download and schedule the install 
    The following settings are only required 
    and applicable if 4 is selected. 
    Scheduled install day:  0 - Every day 
    Scheduled install time: 13:00 
     

    Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box Disabled  
    No auto-restart with logged on users for scheduled automatic updates installations Enabled  
    Re-prompt for restart with scheduled installations Enabled  
    Wait the following period before 
    prompting again with a scheduled 
    restart (minutes):  1440 
     
    Reschedule Automatic Updates scheduled installations Enabled  
    Wait after system 
    startup (minutes):  10 
     

    Specify intranet Microsoft update service location Enabled  
    Set the intranet update service for detecting updates: http://srv-wsus1 
    Set the intranet statistics server: http://srv-wsus1 
    (example: http://IntranetUpd01) 
     

    Turn on recommended updates via Automatic Updates 

    I want to specify restart times after update installations, for example I want to restart servers only Thursdays 10:00 PM. how should I change the settings?

    Or if its not possible at least schedule to restart on a specific time like every day 10:00 PM not on update installation time. (even despite wsus deadline)

    Thanks in advance







    Tuesday, April 21, 2015 3:58 AM

Answers

  • generally option 4 will start installing updates at the specified time, in your case everyday at 1PM and it will immediately restart the server after

    you cannot define when to install the updates and then when to restart the server, they occur one right after the other when employing WSUS. SCCM and SolarWinds may offer that level of granularity of control but WSUS is quite basic in that sense

    if you use the "Delay Restart for scheduled installations" option, you can postpone reboots by 30mins, that's as good as it gets

    you also have a conflicting policy here where you're not allowing systems with logged on users to restart automatically after updates have been installed - you may want to change that if your goal is to have all systems compliant

    I understand what you're looking for, I think we all want another option in there that will simply install updates automatically and not perform a reboot. that way you could just write a scheduled task or script that will reboot servers at the desired window, but that option just doesn't exist today with WSUS

    • Proposed as answer by Steven_Lee0510 Wednesday, April 22, 2015 6:07 AM
    • Marked as answer by Ghasem Shams Tuesday, April 28, 2015 11:21 AM
    Tuesday, April 21, 2015 3:35 PM
  • I currently have a GPO deployed in our AD for applying updates using WSUS (on version 3.2).  In my GPO, under Computer Configuration --> Administrative Templates --> Windows Update I have the following settings:


    Allow Automatic Updates immediate installation Enabled  
    Allow non-administrators to receive update notifications Enabled  
    Automatic Updates detection frequency Enabled  
    Check for updates at the following 
    interval (hours):  22 
     

    Configure Automatic Updates Enabled  
    Configure automatic updating: 4 - Auto download and schedule the install 
    The following settings are only required 
    and applicable if 4 is selected. 
    Scheduled install day:  0 - Every day 
    Scheduled install time: 13:00 
     

    Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box Disabled  
    No auto-restart with logged on users for scheduled automatic updates installations Enabled  
    Re-prompt for restart with scheduled installations Enabled  
    Wait the following period before 
    prompting again with a scheduled 
    restart (minutes):  1440 
     
    Reschedule Automatic Updates scheduled installations Enabled  
    Wait after system 
    startup (minutes):  10 
     

    Specify intranet Microsoft update service location Enabled  
    Set the intranet update service for detecting updates: http://srv-wsus1 
    Set the intranet statistics server: http://srv-wsus1 
    (example: http://IntranetUpd01) 
     

    Turn on recommended updates via Automatic Updates 

    I want to specify restart times after update installations, for example I want to restart servers only Thursdays 10:00 PM. how should I change the settings?

    Or if its not possible at least schedule to restart on a specific time like every day 10:00 PM not on update installation time. (even despite wsus deadline)

    Thanks in advance







    Deadlines can be problematic with WSUS because sometimes they do not behave like the admins would like them to behave.

    There is some really good information, although a little bit dated on Solar Winds web site.

    https://thwack.solarwinds.com/community/application-and-server_tht/patchzone/blog/2013/03/08/configuring-the-windows-update-agent--part-1

    Here is another link for scheduling that may help.

    https://thwack.solarwinds.com/community/application-and-server_tht/patchzone/blog/2013/04/04/configuring-the-windows-update-agent--scheduled-installations

    Hope these help a bit when using WSUS. SCCM and SolarWinds Patch Manager CAN include more granularity when scheduling patches.

    • Marked as answer by Ghasem Shams Tuesday, April 28, 2015 11:22 AM
    Tuesday, April 21, 2015 3:54 PM

All replies

  • generally option 4 will start installing updates at the specified time, in your case everyday at 1PM and it will immediately restart the server after

    you cannot define when to install the updates and then when to restart the server, they occur one right after the other when employing WSUS. SCCM and SolarWinds may offer that level of granularity of control but WSUS is quite basic in that sense

    if you use the "Delay Restart for scheduled installations" option, you can postpone reboots by 30mins, that's as good as it gets

    you also have a conflicting policy here where you're not allowing systems with logged on users to restart automatically after updates have been installed - you may want to change that if your goal is to have all systems compliant

    I understand what you're looking for, I think we all want another option in there that will simply install updates automatically and not perform a reboot. that way you could just write a scheduled task or script that will reboot servers at the desired window, but that option just doesn't exist today with WSUS

    • Proposed as answer by Steven_Lee0510 Wednesday, April 22, 2015 6:07 AM
    • Marked as answer by Ghasem Shams Tuesday, April 28, 2015 11:21 AM
    Tuesday, April 21, 2015 3:35 PM
  • I currently have a GPO deployed in our AD for applying updates using WSUS (on version 3.2).  In my GPO, under Computer Configuration --> Administrative Templates --> Windows Update I have the following settings:


    Allow Automatic Updates immediate installation Enabled  
    Allow non-administrators to receive update notifications Enabled  
    Automatic Updates detection frequency Enabled  
    Check for updates at the following 
    interval (hours):  22 
     

    Configure Automatic Updates Enabled  
    Configure automatic updating: 4 - Auto download and schedule the install 
    The following settings are only required 
    and applicable if 4 is selected. 
    Scheduled install day:  0 - Every day 
    Scheduled install time: 13:00 
     

    Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box Disabled  
    No auto-restart with logged on users for scheduled automatic updates installations Enabled  
    Re-prompt for restart with scheduled installations Enabled  
    Wait the following period before 
    prompting again with a scheduled 
    restart (minutes):  1440 
     
    Reschedule Automatic Updates scheduled installations Enabled  
    Wait after system 
    startup (minutes):  10 
     

    Specify intranet Microsoft update service location Enabled  
    Set the intranet update service for detecting updates: http://srv-wsus1 
    Set the intranet statistics server: http://srv-wsus1 
    (example: http://IntranetUpd01) 
     

    Turn on recommended updates via Automatic Updates 

    I want to specify restart times after update installations, for example I want to restart servers only Thursdays 10:00 PM. how should I change the settings?

    Or if its not possible at least schedule to restart on a specific time like every day 10:00 PM not on update installation time. (even despite wsus deadline)

    Thanks in advance







    Deadlines can be problematic with WSUS because sometimes they do not behave like the admins would like them to behave.

    There is some really good information, although a little bit dated on Solar Winds web site.

    https://thwack.solarwinds.com/community/application-and-server_tht/patchzone/blog/2013/03/08/configuring-the-windows-update-agent--part-1

    Here is another link for scheduling that may help.

    https://thwack.solarwinds.com/community/application-and-server_tht/patchzone/blog/2013/04/04/configuring-the-windows-update-agent--scheduled-installations

    Hope these help a bit when using WSUS. SCCM and SolarWinds Patch Manager CAN include more granularity when scheduling patches.

    • Marked as answer by Ghasem Shams Tuesday, April 28, 2015 11:22 AM
    Tuesday, April 21, 2015 3:54 PM