locked
Windows 10 Pro & WSUS - Install Updates on Shutdown RRS feed

  • Question

  • Hi,

    I just installed WSUS on Windows Server 2012 (without R2) with the Hotfix 3095113. I have set the update settings in the WSUS GPO to "Auto download and notify for install" and Windows 10 reflects this as "Notify for install".

    This actually works and I am informed in Action Center about new updates. However, there is no Option to install the updates at reboot and shutdown - Windows shows just the normal shutdown and reboot options. "Fast Shutdown" is already disabled.

    I only get the options if I install updates manually that require a restart. After they have been installed - approx 30 minutes laters - the start menu options change to "Shutdown and install updates" and "Reboot and install updates".

    Is there a way to get this functionality working so the option to install updates on shutdown is always shown when new updates are available? On Windows 7 we are installing all updates during shutdown which is especially important for 3rd party updates like Java and Flash which cannot be installed during a browser is running.

    The Windows 10 version I'm testing with is 1511 x64.

    Thanks,
    Michael

    Wednesday, January 13, 2016 4:12 PM

Answers

  • Yes, when opening the Updates UI I can install updates manually. In addition to that, if one of the installed updates requires a reboot, the shutdown options in the start menu change to "update and shutdown" and "update and restart" (but only 20 minutes or so later...)

    This actually doesn't make sense to me since it would be more useful to display the "update and shutdown" options once updates are available.

    BTW, in addition to that, updates are installed immediately when going to the Update UI and just searching for updates. First it searches, then ist just installes the updates right away.

    This article from 2011 in regard to Windows 8 also states that installing updates during shutdown was one of the most used options to install updates by users back then:

    https://blogs.msdn.microsoft.com/b8/2011/11/14/minimizing-restarts-after-automatic-updating-in-windows-update/

    Install-at-shutdown – The majority of automatic update users (39%) are updating when they shut down their systems. For these users, there is no automatic restart because the system can complete all steps of the installation during shutdown. This is the least disruptive experience for users, and so we do want to “hitch a ride” whenever we can on user-initiated shutdowns instead of inconveniencing users with a separate restart.

    As mentioned in my OP, having the option to install updates provides a "clean" system to install updates with no applications running. This is especially helpful when updating 3rd party applications through WU like Java or Flash which cannot be updated when they are running.

    If the option has actually cut out then we need to actually schedule installations during the night when no PCs are running. Then, as to my understanding, the updates are going to be installed after the next bootup - then there maybe is a small chance that the users haven't started using the applications yet. However, it makes an additional reboot necessary which isn't very user friendly at all - the option to install updates during shutdown was perfect!

    /edit:

    I also did a little mor digging and figured out that the option to install updates at shutdown seems to have been removed already from Windows 8 and therefore Windows 10 as well:

    See this blog post from Microsoft:

      https://blogs.msdn.microsoft.com/b8/2011/11/14/minimizing-restarts-after-automatic-updating-in-windows-update/

    In a comment directly from Microsoft they write:

    You bring up a good point about the frequency and long times to complete installations during shutdown. I agree this can be frustrating especially when you are in hurry. On win8, we set out to strike a balance between always allowing user to have a choice and securing the system in a timely manner. We have done a few things here that cumulatively will improve the experience of updating during shutdown. 1) WU will install all updates before the 3 day pending restart message is shown and hence only the system re-initialization and pending file renames for the updates will be left to be completed during shutdown. This will shorten the time taken to “update and shutdown” compared to Win7/Vista where WU also does the installation during shutdown. 2) Since we are consolidating the restarts with the security updates, you should see the “Update and Shutdown” only when there is a pending restart (day 2 and day3 after a pending restart message is shown in login screen) ie 2 days in a month. In addition, on day 1 after the restart message is shown in login screen, you still have a choice to do just a “shutdown”. The intent here being that you can take the proactive action to restart the machine at your convenience.   

    So, basically this means that we need to perform scheduled installations of updates and will see the message „Shutdown and update“ only after the updates have actually already been installed and there is a reboot needed.

    Thanks,
    Michael



    • Edited by sam.bell Thursday, January 14, 2016 3:23 PM
    • Marked as answer by sam.bell Friday, January 15, 2016 9:08 AM
    Thursday, January 14, 2016 11:04 AM

All replies

  • Hi sam,

    Please first keep focus on the WSUS forum with the experts there to narrow down this issue, and if any further help needed with Windows 10, then post back.

    Thank you for your understanding.

    Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, January 14, 2016 9:32 AM
  • I have set the update settings in the WSUS GPO to "Auto download and notify for install" and Windows 10 reflects this as "Notify for install".

    This actually works and I am informed in Action Center about new updates. However, there is no Option to install the updates at reboot and shutdown - Windows shows just the normal shutdown and reboot options. "Fast Shutdown" is already disabled.

    I only get the options if I install updates manually that require a restart. After they have been installed - approx 30 minutes laters - the start menu options change to "Shutdown and install updates" and "Reboot and install updates".

    Is there a way to get this functionality working so the option to install updates on shutdown is always shown when new updates are available? On Windows 7 we are installing all updates during shutdown which is especially important for 3rd party updates like Java and Flash which cannot be installed during a browser is running.

    This sounds similar to Windows8, I think this behaviour change was introduced with Win8.
    If you open the Updates UI, you get the opportunity to install the updates, right?

    I don't recall there being a solution to this for Win8, maybe there still isn't one for Win10, other than opening the Updates UI, or, enforcing a deadline or schedule.


    Don [doesn't work for MSFT, and they're probably glad about that ;]

    Thursday, January 14, 2016 10:53 AM
  • Yes, when opening the Updates UI I can install updates manually. In addition to that, if one of the installed updates requires a reboot, the shutdown options in the start menu change to "update and shutdown" and "update and restart" (but only 20 minutes or so later...)

    This actually doesn't make sense to me since it would be more useful to display the "update and shutdown" options once updates are available.

    BTW, in addition to that, updates are installed immediately when going to the Update UI and just searching for updates. First it searches, then ist just installes the updates right away.

    This article from 2011 in regard to Windows 8 also states that installing updates during shutdown was one of the most used options to install updates by users back then:

    https://blogs.msdn.microsoft.com/b8/2011/11/14/minimizing-restarts-after-automatic-updating-in-windows-update/

    Install-at-shutdown – The majority of automatic update users (39%) are updating when they shut down their systems. For these users, there is no automatic restart because the system can complete all steps of the installation during shutdown. This is the least disruptive experience for users, and so we do want to “hitch a ride” whenever we can on user-initiated shutdowns instead of inconveniencing users with a separate restart.

    As mentioned in my OP, having the option to install updates provides a "clean" system to install updates with no applications running. This is especially helpful when updating 3rd party applications through WU like Java or Flash which cannot be updated when they are running.

    If the option has actually cut out then we need to actually schedule installations during the night when no PCs are running. Then, as to my understanding, the updates are going to be installed after the next bootup - then there maybe is a small chance that the users haven't started using the applications yet. However, it makes an additional reboot necessary which isn't very user friendly at all - the option to install updates during shutdown was perfect!

    /edit:

    I also did a little mor digging and figured out that the option to install updates at shutdown seems to have been removed already from Windows 8 and therefore Windows 10 as well:

    See this blog post from Microsoft:

      https://blogs.msdn.microsoft.com/b8/2011/11/14/minimizing-restarts-after-automatic-updating-in-windows-update/

    In a comment directly from Microsoft they write:

    You bring up a good point about the frequency and long times to complete installations during shutdown. I agree this can be frustrating especially when you are in hurry. On win8, we set out to strike a balance between always allowing user to have a choice and securing the system in a timely manner. We have done a few things here that cumulatively will improve the experience of updating during shutdown. 1) WU will install all updates before the 3 day pending restart message is shown and hence only the system re-initialization and pending file renames for the updates will be left to be completed during shutdown. This will shorten the time taken to “update and shutdown” compared to Win7/Vista where WU also does the installation during shutdown. 2) Since we are consolidating the restarts with the security updates, you should see the “Update and Shutdown” only when there is a pending restart (day 2 and day3 after a pending restart message is shown in login screen) ie 2 days in a month. In addition, on day 1 after the restart message is shown in login screen, you still have a choice to do just a “shutdown”. The intent here being that you can take the proactive action to restart the machine at your convenience.   

    So, basically this means that we need to perform scheduled installations of updates and will see the message „Shutdown and update“ only after the updates have actually already been installed and there is a reboot needed.

    Thanks,
    Michael



    • Edited by sam.bell Thursday, January 14, 2016 3:23 PM
    • Marked as answer by sam.bell Friday, January 15, 2016 9:08 AM
    Thursday, January 14, 2016 11:04 AM
  • Hi sam.bell,

    >if one of the installed updates requires a reboot, the shutdown options in the start menu change to "update and shutdown" and "update and restart" (but only 20 minutes or so later...)

    I tested it in my lab, when configure "Auto download and notify for install",  after win10 client check there is a new update from WSUS server, it will download and install it automatically, after the update is installed successfully, it will require a reboot immediately. But something needs to notice, we need to click reboot in the update UI instead of the start menu.

    You may test something in your lab, check the result:

    Check if use MU instead of WSUS to install updates could achieve your goal, also check if reset windows update component on window 10 could work.

    Reset windows update component:

    https://support.microsoft.com/en-us/kb/971058

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.


    Friday, January 15, 2016 2:23 AM
  • Thanks Anne,

    I am testing in a lab as well and my experience with Windows 10 Pro 1511 x64 and WSUS 4.0 on Server 2012 with Hotfix 3095113 is different.

    With the GPO configured as "Auto download and notify for install":

    1. Windows does not install the updates automatically if it discovers them in the background. Instead Windows will only notify me that updates are available. After installing them manually using the Update UI, Windows plans a reboot for me and after some time I am offered the "Shutdown and update" and "Restart and update" buttons in the start menu.

    2. Windows however does install them immediately if searching manually for updates. That is by going to the Update UI and pressing "Search for updates". Then, if updates are available, they are installed immediately.

    I don't think resetting Windows Update will bring the "real" "Shutdown and install updates" from Windows 7 back - the Information in the article mentioned in my last post actually seems pretty clear to me.

    Thanks,
    Michael

    Friday, January 15, 2016 8:36 AM
  • Thanks Anne,

    I am testing in a lab as well and my experience with Windows 10 Pro 1511 x64 and WSUS 4.0 on Server 2012 with Hotfix 3095113 is different.

    With the GPO configured as "Auto download and notify for install":

    1. Windows does not install the updates automatically if it discovers them in the background. Instead Windows will only notify me that updates are available. After installing them manually using the Update UI, Windows plans a reboot for me and after some time I am offered the "Shutdown and update" and "Restart and update" buttons in the start menu.

    2. Windows however does install them immediately if searching manually for updates. That is by going to the Update UI and pressing "Search for updates". Then, if updates are available, they are installed immediately.

    I don't think resetting Windows Update will bring the "real" "Shutdown and install updates" from Windows 7 back - the Information in the article mentioned in my last post actually seems pretty clear to me.

    Thanks,
    Michael

    Michael, in your testing when using "Auto download and notify for install", if a user does not manually install the updates will Windows 10 eventually force the installation after a certain amount of time?  I'm trying to narrow down how this behavior works. 

    Thanks

    Thursday, February 4, 2016 10:03 PM
  • Hi Jas,

    yes, I have learned that after a specific period of time Windows will show a window which displays that updates need to be installed. You must install updates then. I have not explicitly tested this yet but seen this on my productive workstation so I cannot tell for sure what the time span was. I think it was three days (needs to be verified though).

    What I have also seen: If an update requires a reboot, Windows will reboot the Computer even though a user is, the Computer is locked and applications are running. That is not good! According to

    https://blogs.msdn.microsoft.com/b8/2011/11/14/minimizing-restarts-after-automatic-updating-in-windows-update/

    the behaviour in Windows 8 was that the Computer is not restarted if a user is logged on but instead that the user will be notified for three days. If no restart was performed in three days, Windows will force the user at the next logon with a 15 Minute Countdown. So no risk for data loss! That's different now with Windows 10!

    Friday, February 5, 2016 8:45 AM
  • Thank you for the information.  I am currently testing this scenario on two of my workstations to see exactly how long the time frame is. 

    I have read that with Windows 10 version 1511 the 'No auto-restart with logged on users for scheduled installations' GPO was finally implemented properly and it will adhere to that.  But I have not tested this, nor do I know if it applies when using the 'Notify for install' GPO setting.  All needs to be tested to know for sure. 

    Are you currently using the 'Notify for install' GPO, or are you using the 'Automatically download and install on a schedule' GPO, and if you are using a schedule do you have the 'Install during automatic maintenance' option enabled?  I only ask because I am trying to get a feel for what other settings people are using to see what has been working best.

    Thank you for your feedback. 

    • Proposed as answer by stephenmbell Tuesday, March 7, 2017 9:37 PM
    Friday, February 5, 2016 5:15 PM
  • I have set the GPO to "Notify for install" and also have the "No auto-restart with logged on users for scheduled installations" enabled. I have not tested the behaviour with setting the option to schedule for install. However, the descriptive text in the setting "No auto restart with logged on..." states that this is only supported on Windows 2000 and XP.

    Currently I think it is going to come down to using scheduled installs combined with planned maintenance windows for installations. That is because we are also updating 3rd party software like JRE using Windows Update. On Windows 7, we are using the option to install updates on shutdown which works great - since all applications are closed before the installation begins. Without that option its possible that updates for i.e. JRE are getting installed while for instance a browser is open. The installation will fail then. So we actually might Need to plan downtime for installting updates. Which is a hugh step back! Why not offering the option to install updates on shutdown like in Windows 7...

    Where have you read that the "No auto-restart" policy is working with version 1511?

    btw, that is the information Windows displays when it forces an update for installation (sorry for not having this in English but should be translatable):

    Monday, February 8, 2016 2:17 PM
  • The issue that I have raised to Microsoft, which currently looks like a bug, is that when using scheduled installations it won't restart at the scheduled time, which Microsoft says you also have to enable the 'Always automatically restart at the scheduled time' GPO when using scheduled installations.  There is a bug with the 'Autorestart' GPO that seems to take precedence over the scheduled installation time and then forces the user to restart when Windows 10 finds any potential updates, since it installs updates immediately when they are found.  The Autorestart GPO only allows you to configure up to 180 minutes to delay the restart as well.  Basically, it essentially ignores any scheduled install time you choose. 
    Monday, February 8, 2016 4:34 PM
  • So if I understand correctly updates are installed immediately when scheduled installations are used? Come on Microsoft... How would a company actually deploy Windows 10 until July 29th if even such essentials don't work as expected.

    Tuesday, February 9, 2016 8:22 AM
  • So if I understand correctly updates are installed immediately when scheduled installations are used? Come on Microsoft... How would a company actually deploy Windows 10 until July 29th if even such essentials don't work as expected.


    Theoretically yes.  Once updates are approved on the WSUS server, and a Windows 10 client checks for updates, it will install them automatically when using scheduled automatic updates.  At least that's the behavior I have noticed.  Microsoft claims you need to use the 'Always reboot at the scheduled time' GPO when configuring automatic updates on a schedule, which is option #4 under that GPO, in order for it to reboot at the scheduled time.  The problem though is that when you enable the 'Always reboot at the scheduled time' GPO, and once a Windows 10 client checks for and installs an update needing a restart, the prompt to restart instantly pops up and you can only configure the GPO to allow the user to delay for up to 180 minutes.  So that 'Auto reboot' GPO seems to override the scheduled time set in Automatic Updates' every time, when it shouldn't be. 
    Tuesday, February 9, 2016 4:16 PM
  • The problem here is not only the automatic reboot but that updates are installed immediately once they are found in WSUS. As written above, when upgrading 3rd party software like Java it is vital that no applications are running. If installting updates at shutdown is not available anymore the only alternative would be to schedule the install during a timeframe where no applications are running. But if Windows always installs update automatically then there is no way to schedule such a timeframe... I will perform another test using the new cumulative update published yesterday.

    If you haven't noticed yet, Microsoft just annonced two helpful articles regarding Windows 10 servicing that will be updaded on a regular basis:

    https://technet.microsoft.com/de-de/windows/mt679505.aspx?ocid=wc-ext-aka&f=255&MSPPError=-2147217396

    http://windows.microsoft.com/en-us/windows-10/update-history-windows-10

    Maks things a little more transparent.

    Wednesday, February 10, 2016 9:13 AM
  • Yes, exactly.  Doesn't seem like you can use automatic scheduled updates and only have it install during a specific time frame.  Once Windows 10 checks in to WSUS, which is roughly every 22 hours, by design it will download and install any available updates automatically when using that GPO and option #4 (schedule).  Very frustrating needless to say. 

    Thank you for posting those links.  Definitely good information on fixes that are implemented with the updates. 

    Wednesday, February 10, 2016 3:52 PM
  • I have approved KB 3135173 in WSUS now and set the GPO to schedule the install. Let's see how this is going to work out next night!
    Thursday, February 11, 2016 1:45 PM
  • Please let us know your results.  Very curious to see if you experience the same behavior. 
    Thursday, February 11, 2016 3:45 PM
  • What I can tell so far is that the updates have not been installed automatically at the time they were found. Instead, Windows states that they are installed automatically when the computer is not used:

    I also checked the Event Logs for Windows Update and have not found any events stating that installation is scheduled for 03:00 AM. Have not further checked the Get-WindowsUpdateLog cmdled however since it seems it replaced the old C:\windows\windowsupdate.log

    Thursday, February 11, 2016 4:14 PM
  • It most likely went through the usual 'Preparing for installation' step, and has now scheduled a restart to finish installing the updates.  That's what I notice on my clients at least.  You also need to look at Task Manager under Microsoft>Windows>UpdateOrchestrator to see the 'Reboot' task that should be scheduled now.  UpdateOrchestrator is the service that controls updates with Windows 10.  My clients would get this far, but most of them would never reboot at the scheduled time, a couple did, but not all of them.  In my troubleshooting, it would be very sporadic restarting behavior. 

    Thursday, February 11, 2016 4:26 PM
  • Sorry, I meant Task Scheduler, not task manager. 
    Thursday, February 11, 2016 4:34 PM
  • The updates were actually installed at 03:00am as planned:

    Windows also has not rebooted automatically but scheduled the reboot for next night 03:00am. I am however not notified about the planned reboot in Action Center. I however see "Update and reboot" and "Update and shutdown" in the start menu now.

    The planned reboot is also reflected in Task Scheduler. There also is a task called "Policy install" which is set to 03:00am (scheduled install time) and last ran when the updates were installed. It actually looks like this Task is related to the scheduled install time which is set by the GPO. In theory, if I change the GPO from 03:00 to 04:00am, this should be reflected here as well. Once new updates are found I guess this should also change from "Disabled" to "Ready". I will further test this and come back to you.

    eUnfortunately what makes testing a little more complicated is the fact that when manually searching for updates in the UI, Windows installs them immediately. So I need to wait for Windows to automatically find updates in the background and check the status of the taks.

    TThanks for the info on UpdateOrchestrator - I didn't know this before!

    Friday, February 12, 2016 8:29 AM
  • I have tested and can confirm that the task "Policy Install" is set to Ready when updates are available but have not been installed yet. I still have to double check whether the trigger time actually corresponds to the scheduled install time set in the GPO. Will do this by changing the time from 03:00am to 02:00am and check whether this reflects in task planner.

    For those who didn't know, here's an blog post describing how to generate the windowsupdate.log in Windows 10:

    http://blogs.technet.com/b/charlesa_us/archive/2015/08/06/windows-10-windowsupdate-log-and-how-to-view-it-with-powershell-or-tracefmt-exe.aspx

    Mine does not reference any Information regarding scheduled installations. I can only see when updates are found and installed. It seems the of the updates is not triggered by WUA itself but by something different, guess the task "PolicyInstall"...

    Friday, February 12, 2016 2:51 PM
  • If you change the time in the GPO you should see it reflected under the UpdateOrchestrator task as well. 

    You are basically experiencing the exact same issue I am.  Windows 10 will check for and install any potential updates at the time set within the 'Automatic Updates' GPO, but it will fail to restart almost every time, forcing you to restart manually in order to complete the installations.  I have only seen Windows 10 restart at the scheduled time for updates a couple of times, but 90% of the time they will never restart.  And there is no notification of a pending reboot at all as well; the same as what you are experiencing.

    Hopefully Microsoft can release a fix for this soon because my planned Windows 10 roll out has come to a stop until this is resolved. 

    Friday, February 12, 2016 3:39 PM
  • *sigh* just give us back Shutdown and install updates! This works really well.  We approve updates and next time a user shuts their PC down they install, SIMPLE, it works fine, why mess with this?!  Like others have said we also update bits of 3rd party software via WSUS Acrobat Reader, Java etc.  We encourage users to power off their PC's when they go home so a schedule restart over night isn't an option!  Plus even if we ask them to leave their PC's on they'll just lock them and might well have bits of software we want to update open.

    So far we only have a handful of Win10 in production but this will increase soon and I want this sorted.  God knows its simple enough!

    Wednesday, March 2, 2016 11:29 AM
  • *sigh* just give us back Shutdown and install updates! This works really well.  We approve updates and next time a user shuts their PC down they install, SIMPLE, it works fine, why mess with this?!  Like others have said we also update bits of 3rd party software via WSUS Acrobat Reader, Java etc.  We encourage users to power off their PC's when they go home so a schedule restart over night isn't an option!  Plus even if we ask them to leave their PC's on they'll just lock them and might well have bits of software we want to update open.

    So far we only have a handful of Win10 in production but this will increase soon and I want this sorted.  God knows its simple enough!


    From my testing the GPO that controls the 'Install Updates and Shutdown/Restart'  option on the Start screen does work fine with Windows 10.  I enabled that for testing and those two options would show up eventually, but not right away.  If I remember correctly, you had to let Windows 10 check for updates on it's own in the background and also use the 'Configure Automatic Updates' #3 option (Notify to Install) for it to eventually show those two options on the Start screen.  I haven't tested it in a while, so other options for the 'Configure Automatic Updates' GPO may work with it now, but you would have to test to know for sure. 
    Wednesday, March 2, 2016 3:51 PM
  • I'm testing a few VM's now.  I have got it to give me the option of Shutdown and install updates, but I first did a manual search for new updates.   I've got a couple of test GPOs and some VM's so I'll spend a bit of time messing (should really have to waste my time doing this but hey)  All I want is for approved updates to be downloaded to the client boxes and then installed on shutdown, simple
    Thursday, March 3, 2016 9:11 AM
  • Based on my experience update are installed immediately when performing a manual search and updates are available. This at least is true for security updates.

    While the GPO setting to only notifiy works, based on my experience Windows in this case will not notifiy the user about new updates and will also not display the Update and Shutdown button. The Button is only available after updates have been installed and require a reboot. This means that the button cannot be used to install updates on shutdown.

    I have just approved the new update KB3140743 in WSUS with the GPO setting set to automatically install updates on 02:00am. Even though I have set the GPO to 02:00am weeks ago, the task "Policy install" in "Update Orchestrator" in task planer is still set to 03:00am. Let's see when the updates gets actually installed and if Windows reboots automatically or notifies me about the reboot.

    BR
    Michael

    Thursday, March 3, 2016 11:02 AM
  • Based on my experience update are installed immediately when performing a manual search and updates are available. This at least is true for security updates.

    While the GPO setting to only notifiy works, based on my experience Windows in this case will not notifiy the user about new updates and will also not display the Update and Shutdown button. The Button is only available after updates have been installed and require a reboot. This means that the button cannot be used to install updates on shutdown.

    I have just approved the new update KB3140743 in WSUS with the GPO setting set to automatically install updates on 02:00am. Even though I have set the GPO to 02:00am weeks ago, the task "Policy install" in "Update Orchestrator" in task planer is still set to 03:00am. Let's see when the updates gets actually installed and if Windows reboots automatically or notifies me about the reboot.

    BR
    Michael


    what a total pain!  Thank God for VM's snapshot, make changes, test, restore snapshot, etc
    Thursday, March 3, 2016 12:26 PM
  • According to the corresponding article, KB3140743 requires a reboot. We are testing with five Windows 10 computers and - unless the computers are automatically rebooted after installation - will leave them on for three days with a logged on user and open. Most important to me is that Windows does not reboot automatically in case a user is still logged on. The article https://blogs.msdn.microsoft.com/b8/2011/11/14/minimizing-restarts-after-automatic-updating-in-windows-update/ (though intended for Windows 8) states that Windows does not reboot automatically if a user is logged on but forces the user to reboot after three days. We'll see.
    Thursday, March 3, 2016 12:51 PM
  • According to the corresponding article, KB3140743 requires a reboot. We are testing with five Windows 10 computers and - unless the computers are automatically rebooted after installation - will leave them on for three days with a logged on user and open. Most important to me is that Windows does not reboot automatically in case a user is still logged on. The article https://blogs.msdn.microsoft.com/b8/2011/11/14/minimizing-restarts-after-automatic-updating-in-windows-update/ (though intended for Windows 8) states that Windows does not reboot automatically if a user is logged on but forces the user to reboot after three days. We'll see.

    yep we're the same.  I work in a research lab so we don't want PC's connected to bits of kit running experiments rebooting! I have a separate OU for such PC's so I can give them a different GPO if needs be.
    Thursday, March 3, 2016 2:13 PM
  • I can confirm that the updates have actually been installed at 02:00am as planned in the GPO. In addition to that, the time for the task "PolicyInstall" in task planner has also changed to 02:00am.

    Windows now tells me that a reboot is required and pending. It has choosen tomorrow 02:00am for the reboot and there also is a corresponding task in task planer. Unfortunately, it states that the reboot is about to take place independent from user logon:

    We'll see whether the reboot is actually performed even though a user is logged on! That would be messy...

    Friday, March 4, 2016 9:59 AM
  • So far Windows 10 did not reboot automatically. The GUI says that the next reboot is planned for tomorrow 02:00am so I guess due to applications running and my user logged on Windows skips the reboot every time and moves the date 24 hours to the future. The history in Task Planner for the reboot task states it has been completed and logs something about a process named musnotification.exe. Don't know what this is so far but maybe is related to moving the reboot time to the future. Still no notifications in the GUI about a necessary reboot yet! Would have expected that Windows notifies me this morning that I need to reboot.

    Monday, March 7, 2016 8:36 AM
  • I currently have a win10 VM powered on with no user logged in.  I have it set to download and schedule install updates (option 4)

    I also have allow automatic updates immediate installation

    and

    no auto-restart with logged on users for scheduled automatic update installations.

    I started this on Friday, so far (Monday today) it has installed a load of updates and is now waiting for a restart which is scheduled for today at 3pm.  Interestingly I have the option of restart or shutdown and install updates. I've logged back out of the PC so I'll see what happens later today

    Monday, March 7, 2016 9:56 AM
  • ok reboot didn't happen today, not sure why as no user was logged in. It now says its scheduled for 3:30AM tomorrow morning. We shall see!
    Monday, March 7, 2016 4:46 PM
  • I also haven't seen any reboot so far. Maybe this is due to the update didn't contain any security fixes so a reboot is not enforced?
    Tuesday, March 8, 2016 9:01 AM
  • ok so the VM did reboot over night (not sure why it didn't the first time)  So with the setting above I do get behaviour that will be ok for our users.  We encourage our users to power off their boxes overnight but these setting seem to give a restart\shutdown and install updates as well so that should be fine.
    Tuesday, March 8, 2016 10:06 AM
  • The option "Shutdown and restart" is only displayed after updates have been installed and a reboot is required. In case of updating 3rd party software like Java this is no option since Java is updated in the background and not during shutdown.

    The only option in my case is to ask users to log off, leave their computer on and install updates during the night so no applications are running in the background.

    Tuesday, March 8, 2016 10:13 AM
  • that's not so much an issue for us as we use SCE for software deployment, including new versions of Java and updating Acrobat reader updates can be set to install by a specified time so a reboot isn't required the software just gets installed in the background.

    I'd still prefer to have the windows 7 update way of doing things!

    Tuesday, March 8, 2016 10:28 AM
  • I've installed KB3140768 during the night on Friday and left the computer on - so far no automatic reboot, even though the update contains an security patch.

    Regarding Java and Reader update with SCE: Are you doing these during off-hours when noone is working? Since I guess as long as the browser is running an update of Java will fail whether it's done with SCE or not? Or can you customize the update to close any browsers before installing the update?

    Thanks,
    Michael

    Monday, March 14, 2016 11:42 AM
  • I've seen the behaviour that you have myself.  Leave PC on with no one logged in and it doesn't reboot just increments the scheduled time on a day, but it seems to do the reboot on the second day, well has done on my site, but it is odd.

    The updates for Acrobat DC reader get deployed with windows updates.  Java we don't patch per se we do a install of the latest version (patching Java is a nightmare I wish it would just go away and die!)  We don't keep up with the latest version otherwise we'd be deploying it every few weeks plus it always breaks something!

    Monday, March 14, 2016 1:03 PM
  • Still no reboot in my case. Even though its good that the computers don't reboot automatically if a user is logged on, I would expect Windows to notify after a given amount of time and force the user to reboot. Otherwise it is possible that security updates don't get completely installed (if no reboot at all will take place).

    Regarding Java, we're patching it using Windows Update during shutdown. We are using Secunia CSI which provides us with the corresponding 3rd party updates which we can upload to and distribute using WSUS then. This works fine actually and patching Java is a great success here. It however only works if no application (like IE) is running that has a Java plugin loaded.

    Tuesday, March 15, 2016 10:01 AM
  • Still no reboot in my case. Even though its good that the computers don't reboot automatically if a user is logged on, I would expect Windows to notify after a given amount of time and force the user to reboot. Otherwise it is possible that security updates don't get completely installed (if no reboot at all will take place).

    Regarding Java, we're patching it using Windows Update during shutdown. We are using Secunia CSI which provides us with the corresponding 3rd party updates which we can upload to and distribute using WSUS then. This works fine actually and patching Java is a great success here. It however only works if no application (like IE) is running that has a Java plugin loaded.

    Make sure to enable the 'Always automatically reboot after installation' GPO.  Microsoft has mentioned that for Windows 10 this needs to be enabled in order for it to reboot at the scheduled time.  I recently tested this and all my Windows 10 clients did reboot at the scheduled time set in the GPO. 

    The notifications still appear to be broken in Windows 10 though so we will probably have to wait for a fix from Microsoft before those work properly. 

    Tuesday, March 15, 2016 2:56 PM
  • Thanks, I didn't know that. Just read the description of that GPO and it seems that the PC in this case even reboots when a user is logged on. The text also says that without that GPO being enabled Windows should notify the user in the login screen for at least two days (before performing a restart I guess).

    It's however strange that once I saw a Windows notification telling me that Updates need to be installed (see one of my posts before). As far as I remember, that was while the GPO was set to only notify but I also remember that this behaviour was not consistent.

    Will do some further testing and hope that Microsoft will fix the notification thingy.

    Wednesday, March 16, 2016 8:45 AM
  • how are you finding Secunia?  I had a demo of it last month looks pretty good but not sure it warrants us buying it. We're only around 300 clients, but we're an academic site so will probably get a decent discount, still not sure. 
    Wednesday, March 16, 2016 8:51 AM
  • We're using it since about three years now and are very satisfied as it just works as expected. We have local clients installed on each computer that is scanning for software once a day so we get a good insight about what software and versions are installed. For common software like Adobe Reader, Flash, Java, Firefox and so on they provide ready-to-install packages that can be published to WSUS and then distributed to clients the normal way. You also have the ability to create customized packages for distribution as long as the corresponding installer supports silent installation. As we're only using Windows 7 so far and install updates during shutdown, almost all 3rd party software can be updated easily. That's also the case for JRE - we're patching it since three years shortly after each Oracle Patchday and it is working just fine.

    Support of Secunia (actually they're Flexera now) is good as well. It however is true that it is quite expensive and since it is cloud-based, from a security perspective it might not be fitting for everyone. There's an alternative from SolarWinds called PatchManager which is much cheaper and also allows update distribution using WSUS. I however haven't tested it yet and think we're going to just renew or Secunia contract this year.


    • Edited by sam.bell Wednesday, March 16, 2016 9:10 AM
    Wednesday, March 16, 2016 9:10 AM
  • We are having exactly the same problems now. It's just unbelievable that Microsoft always has to make our lives unnecessarily burdensome!!!

    Btw, thx guys for this thread, great work! I would expect Microsoft would provide us with such informations, but almost 1 year after Win10 we still have to fight with such basic things.

    Does anyone know if MS classified this as a bug and we can soon count with a solution as we had it for Win7 and install patches during shutdown?

    Thursday, April 14, 2016 3:25 PM
  • Since the option to install updates during shutdown has already been removed in Windows 8 I don't think it will be available anymore.

    BTW the April cumulative Update 3147458 is said to include reliability updates for Windows Update. Maybe this will fix the notificatons even though I'm not that optimistic...

    All would be fine if we could install updates automatically, the computer is not rebooted automatically (in case a user is logged on) and Windows notifies automatically that updates have been installed and a reboot is needed. So far, this is not the case (no notification). We'll see if this changes with the current cumulative update.

    Friday, April 15, 2016 7:57 AM
  • Are there any news regarding this?

    I'm just starting to migrate some test PC's to W10 and now found that it does see the updates that I approved on WSUS and lists the updates but does just nothing. It does not install, not immediately and not on shutdown.

    Is there some GPO I need to change for the W10 clients to have these install the updates automatically?
    What are the recommended GPO settings?

    Thanks, McL

    Wednesday, May 4, 2016 12:53 PM
  • Hi all,

    it seems there is some good news regarding the automatic restart that sometimes was forced even though a user was logged on. In the recent insider builds of Windows 10 there is a new function that's called "Active Hours" that let you change when the PC can be rebooted or not:

    http://www.ghacks.net/2016/04/08/windows-10-active-hours/

    What I am missing is the ability to see when Windows Updates have been installed - while I can see the date in Windows Update GUI, the time is not displayed anymore (like it was in Windows 7). However, having info on the time when updates were installed or have failed is very helpful when debugging Windows Update.

    BR
    Michael

    Friday, June 3, 2016 1:35 PM
  • By the way:

    In Version 1511 I still get no notifications when Windows Updates have been installed and the computer needs to be rebooted. I have the GPO set to install automatically at 02:00am. While the updates are installed and windows plans a reboot, it never takes place since I am logged on. The GPO "No auto reboot for logged on users" is also enabled. It however would be good if Windows would inform the user that Updates have been installed and the PC needs a reboot (instead of just shifting the reboot timer forward from day to day).

    If Updates have been installed when a user is logged on and the PC cannot be rebooted automatically, Windows should show a message in the Notification pane or in the lock screen.

    BR
    Michael

    Monday, June 6, 2016 2:56 PM
  • Is this issue fixed yet?

    What's new with managing updating and and enforcing scheduled reboot times with Windows 10 Anniversary Update?

    I would like to schedule all of our Windows 10 systems to install Windows Updates and enforce reboots to complete installation every Friday morning at specific time we control unless the user chooses to manually reboot earlier.  

    What settings do we configure to make this work reliably?

    Friday, September 9, 2016 10:35 PM
  • Hey Michael,

    I am having the same problem. Were you able to find a solution that didn't require shift + shut down? All research that I have done has not worked. I tried the disabling of "fast startup" and that didn't seem to work.

    Thanks,


    TRhoades5

    Friday, September 29, 2017 1:03 PM