Win10 and WSUS

Sign in to vote

Hello,

It seems like that your computer is point to WSUS server for updates. Please check below explanation about registry keys for windows update.

AUOptions

Reg_DWORD

Range = 2|3|4|5

- 2 = Notify before download.
- 3 = Automatically download and notify of installation.
- 4 = Automatically download and schedule installation. Only valid if values exist for ScheduledInstallDay and ScheduledInstallTime.
- 5 = Automatic Updates is required and users can configure it.

ScheduledInstallDay

Reg_DWORD

Range = 0|1|2|3|4|5|6|7

- 0 = Every day.
- 1 through 7 = the days of the week from Sunday (1) to Saturday (7).
(Only valid if AUOptions = 4.)

ScheduledInstallTime	Reg_DWORD	Range = n, where n = the time of day in 24-hour format (0–23).
UseWUServer	Reg_DWORD	Range = 0\|1 - 1 = The computer gets its updates from a WSUS server. - 0 = The computer gets its updates from Microsoft Update. - The WUServer value is not respected unless this key is set.

So the restart time is controlled by your system admin, everyday 11 AM, it will need to restart for update installation.

Regards,

Yan

Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Thursday, September 14, 2017 5:21 AM

0

Sign in to vote

So why are we not seeing the forcefull reboot on win 7/ win8.1 machines?

We are only seeing this behavior on window 10.

Is the NoAutoRebootWithLoggedOnUser being overridden?

If I removed the "ShcheduledInstallTime" key, would the machine's then follow the default active hrs and/ or the 7 day deadline we have set on our automatic approvals in WSUS?

Please advise.

Thank you!

Edited by vs2017sv Thursday, September 14, 2017 12:19 PM

Thursday, September 14, 2017 11:55 AM

0

Sign in to vote

Post a screenshot of your GPOs and/or the result page from gpresult /h gpo.htm

Something is conflicting. Mine works as advertised - Install every day at 4pm and reboot outside of active hours if needed. Mind you if they are still logged in it forces the reboot outside of active hours, which is what I want as people keep failing to sign out or reboot every day.

Adam Marshall, MCSE: Security
http://www.adamj.org

Edited by AJTek.caMVP Thursday, September 14, 2017 5:37 PM
Proposed as answer by Yan Li_ Monday, September 18, 2017 9:28 AM

Thursday, September 14, 2017 5:33 PM

0

Sign in to vote

Hello,

The following table shows the resulting behaviors when NoAutoRebootWithLoggedOnUsers is enabled (set to 1), or disabled or not configured (not set to 1).

Scenario following a scheduled installation	With NoAutoRebootWithLoggedOnUsers enabled	With NoAutoRebootWithLoggedOnUsersdisabled or not configured
No users logged on	Automatic restart immediately after installation.	Automatic restart immediately after installation.
Single user with administrative privileges	Restart notification allows user to initiate the restart or postpone restart. This notification does not have a countdown timer. The user must initiate the system restart.	Restart notification allows user to initiate the restart or postpone restart. This notification has a five-minute countdown timer. When the timer expires, the automatic restart begins.
Single user with restart privileges but no other administrative privileges	Restart notification allows user to initiate, but not postpone, the restart. This notification does not have a countdown timer. The user must initiate the system restart.	Restart notification allows user to initiate, but not postpone, the restart. This notification has a five-minute countdown timer. When the timer expires, the automatic restart begins.
Single non-administrator without restart privilege	Restart notification does not allow the user to initiate or postpone the restart. This notification does not have a countdown timer. The user must wait for an authorized user to initiate the system restart.	Restart notification does not allow the user to initiate or postpone the restart. This notification has a five-minute countdown timer. When the timer expires, the automatic restart begins.
Administrator while other users are logged on	Restart notification does not allow the user to initiate the restart, but it allows the user to postpone the restart. This notification does not have a countdown timer. The user must initiate the system restart.	Restart notification allows the user to initiate or postpone the restart. This notification has a five-minute countdown timer. When the timer expires, the automatic restart begins.
Non-administrator with restart privilege while other users are logged on	Restart notification does not allow the user to initiate or postpone the restart. This notification does not have a countdown timer. The user must initiate the system restart.	Restart notification does not allow the user to initiate or postpone the restart. This notification has a five-minute countdown timer. When the timer expires, the automatic restart begins.
Non-administrator without restart privilege while other users are logged on	Restart notification does not allow the user to initiate or postpone the restart. This notification does not have a countdown timer. The user must wait for an authorized user to initiate the system restart.	Restart notification does not allow the user to initiate or postpone the restart. This notification has a five-minute countdown timer. When the timer expires, the automatic restart begins.

Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Monday, September 18, 2017 9:33 AM

0

Sign in to vote

Post a screenshot of your GPOs and/or the result page from gpresult /h gpo.htm

Something is conflicting. Mine works as advertised - Install every day at 4pm and reboot outside of active hours if needed. Mind you if they are still logged in it forces the reboot outside of active hours, which is what I want as people keep failing to sign out or reboot every day.

Adam Marshall, MCSE: Security
http://www.adamj.org

We are not on a domain, so we set the keys via a script on all machines, which sets the reg keys as seen above.

Monday, September 18, 2017 2:49 PM

0

Sign in to vote

Whether the logged on user belong to administrators group?

Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Tuesday, September 19, 2017 8:29 AM

0

Sign in to vote

Whether the logged on user belong to administrators group?

Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Logged on user is a non-administrator account.

Tuesday, September 19, 2017 8:04 PM

0

Sign in to vote

Hello,

With NoAutoRebootWithLoggedOnUsers enabled

When the logged on user is a Single user with restart privileges but no other administrative privileges

Restart notification allows user to initiate, but not postpone, the restart. This notification does not have a countdown timer. The user must initiate the system restart.

When logged on user is a Single non-administrator user without restart privilege:

Restart notification does not allow the user to initiate or postpone the restart. This notification does not have a countdown timer. The user must wait for an authorized user to initiate the system restart.

Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Wednesday, September 20, 2017 2:12 AM

0

Sign in to vote

Hello,

With NoAutoRebootWithLoggedOnUsers enabled

When the logged on user is a Single user with restart privileges but no other administrative privileges

Restart notification allows user to initiate, but not postpone, the restart. This notification does not have a countdown timer. The user must initiate the system restart.

When logged on user is a Single non-administrator user without restart privilege:

Restart notification does not allow the user to initiate or postpone the restart. This notification does not have a countdown timer. The user must wait for an authorized user to initiate the system restart.

Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Would changing the "AUOPTION" to 3 prevent the machines from rebooting during active hours?

Overall, the machine's get rebooted manually every night.

I am confused as to why this worked fine in all other OS's excluding Windows 10.

We have our WSUS server set to auto approve updates with a 7 day/ 7am deadline.

Overall, I am trying to accomplish having updated download and install without any user interaction and follow the 7 day deadline (No reboots when user is logged on or inside of active hours) unless the user initiates the reboot.

Please advise and thanks for the help!

Wednesday, September 20, 2017 7:03 PM

0

Sign in to vote

Hello,

With NoAutoRebootWithLoggedOnUsers enabled

When the logged on user is a Single user with restart privileges but no other administrative privileges

Restart notification allows user to initiate, but not postpone, the restart. This notification does not have a countdown timer. The user must initiate the system restart.

When logged on user is a Single non-administrator user without restart privilege:

Restart notification does not allow the user to initiate or postpone the restart. This notification does not have a countdown timer. The user must wait for an authorized user to initiate the system restart.

Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Would changing the "AUOPTION" to 3 prevent the machines from rebooting during active hours?

Overall, the machine's get rebooted manually every night.

I am confused as to why this worked fine in all other OS's excluding Windows 10.

We have our WSUS server set to auto approve updates with a 7 day/ 7am deadline.

Overall, I am trying to accomplish having updated download and install without any user interaction and follow the 7 day deadline (No reboots when user is logged on or inside of active hours) unless the user initiates the reboot.

Please advise and thanks for the help!

Well that did not do the trick.

Today the update applied and my PC randomly went down for a reboot again!

Tuesday, September 26, 2017 1:33 PM

0

Sign in to vote

Post a screenshot of your GPOs and/or the result page from gpresult /h gpo.htm

Something is conflicting. Mine works as advertised - Install every day at 4pm and reboot outside of active hours if needed. Mind you if they are still logged in it forces the reboot outside of active hours, which is what I want as people keep failing to sign out or reboot every day.

Adam Marshall, MCSE: Security
http://www.adamj.org

AdamJ,

Can you please provide me with a screenshot of your computer's AU reg keys?

Also GPO?

Tuesday, October 17, 2017 7:45 PM

0

Sign in to vote

Post a screenshot of your GPOs and/or the result page from gpresult /h gpo.htm

Something is conflicting. Mine works as advertised - Install every day at 4pm and reboot outside of active hours if needed. Mind you if they are still logged in it forces the reboot outside of active hours, which is what I want as people keep failing to sign out or reboot every day.

Adam Marshall, MCSE: Security
http://www.adamj.org

AdamJ,

Can you please provide me with a screenshot of your computer's AU reg keys?

Also GPO?

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
Class Name:        <NO CLASS>
Last Write Time:   2017-10-17 - 9:00 AM
Value 0
  Name:            WUServer
  Type:            REG_SZ
  Data:            https://server.domain.local:8531

Value 1
  Name:            WUStatusServer
  Type:            REG_SZ
  Data:            https://server.domain.local:8531

Value 2
  Name:            UpdateServiceUrlAlternate
  Type:            REG_SZ
  Data:            https://server.domain.local:8531

Value 3
  Name:            TargetGroupEnabled
  Type:            REG_DWORD
  Data:            0x1

Value 4
  Name:            TargetGroup
  Type:            REG_SZ
  Data:            Workstations; Test - Workstations

Value 5
  Name:            SetActiveHours
  Type:            REG_DWORD
  Data:            0x1

Value 6
  Name:            ActiveHoursStart
  Type:            REG_DWORD
  Data:            0x8

Value 7
  Name:            ActiveHoursEnd
  Type:            REG_DWORD
  Data:            0x12

Value 8
  Name:            SetAutoRestartDeadline
  Type:            REG_DWORD
  Data:            0x1

Value 9
  Name:            AutoRestartDeadlinePeriodInDays
  Type:            REG_DWORD
  Data:            0x7

Value 10
  Name:            SetAutoRestartNotificationConfig
  Type:            REG_DWORD
  Data:            0x1

Value 11
  Name:            AutoRestartNotificationSchedule
  Type:            REG_DWORD
  Data:            0x3c


Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
Class Name:        <NO CLASS>
Last Write Time:   2017-10-17 - 9:00 AM
Value 0
  Name:            UseWUServer
  Type:            REG_DWORD
  Data:            0x1

Value 1
  Name:            DetectionFrequencyEnabled
  Type:            REG_DWORD
  Data:            0x1

Value 2
  Name:            DetectionFrequency
  Type:            REG_DWORD
  Data:            0x14

Value 3
  Name:            NoAutoUpdate
  Type:            REG_DWORD
  Data:            0

Value 4
  Name:            AUOptions
  Type:            REG_DWORD
  Data:            0x4

Value 5
  Name:            AutomaticMaintenanceEnabled
  Type:            REG_DWORD
  Data:            0x1

Value 6
  Name:            ScheduledInstallDay
  Type:            REG_DWORD
  Data:            0

Value 7
  Name:            ScheduledInstallTime
  Type:            REG_DWORD
  Data:            0x10

Value 8
  Name:            NoAutoRebootWithLoggedOnUsers
  Type:            REG_DWORD
  Data:            0

There's the Registry info.

Adam Marshall, MCSE: Security
http://www.adamj.org

Thursday, October 19, 2017 4:56 PM

0

Sign in to vote

Post a screenshot of your GPOs and/or the result page from gpresult /h gpo.htm

Something is conflicting. Mine works as advertised - Install every day at 4pm and reboot outside of active hours if needed. Mind you if they are still logged in it forces the reboot outside of active hours, which is what I want as people keep failing to sign out or reboot every day.

Adam Marshall, MCSE: Security
http://www.adamj.org

AdamJ,

Can you please provide me with a screenshot of your computer's AU reg keys?

Also GPO?

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
Class Name:        <NO CLASS>
Last Write Time:   2017-10-17 - 9:00 AM
Value 0
  Name:            WUServer
  Type:            REG_SZ
  Data:            https://server.domain.local:8531

Value 1
  Name:            WUStatusServer
  Type:            REG_SZ
  Data:            https://server.domain.local:8531

Value 2
  Name:            UpdateServiceUrlAlternate
  Type:            REG_SZ
  Data:            https://server.domain.local:8531

Value 3
  Name:            TargetGroupEnabled
  Type:            REG_DWORD
  Data:            0x1

Value 4
  Name:            TargetGroup
  Type:            REG_SZ
  Data:            Workstations; Test - Workstations

Value 5
  Name:            SetActiveHours
  Type:            REG_DWORD
  Data:            0x1

Value 6
  Name:            ActiveHoursStart
  Type:            REG_DWORD
  Data:            0x8

Value 7
  Name:            ActiveHoursEnd
  Type:            REG_DWORD
  Data:            0x12

Value 8
  Name:            SetAutoRestartDeadline
  Type:            REG_DWORD
  Data:            0x1

Value 9
  Name:            AutoRestartDeadlinePeriodInDays
  Type:            REG_DWORD
  Data:            0x7

Value 10
  Name:            SetAutoRestartNotificationConfig
  Type:            REG_DWORD
  Data:            0x1

Value 11
  Name:            AutoRestartNotificationSchedule
  Type:            REG_DWORD
  Data:            0x3c


Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
Class Name:        <NO CLASS>
Last Write Time:   2017-10-17 - 9:00 AM
Value 0
  Name:            UseWUServer
  Type:            REG_DWORD
  Data:            0x1

Value 1
  Name:            DetectionFrequencyEnabled
  Type:            REG_DWORD
  Data:            0x1

Value 2
  Name:            DetectionFrequency
  Type:            REG_DWORD
  Data:            0x14

Value 3
  Name:            NoAutoUpdate
  Type:            REG_DWORD
  Data:            0

Value 4
  Name:            AUOptions
  Type:            REG_DWORD
  Data:            0x4

Value 5
  Name:            AutomaticMaintenanceEnabled
  Type:            REG_DWORD
  Data:            0x1

Value 6
  Name:            ScheduledInstallDay
  Type:            REG_DWORD
  Data:            0

Value 7
  Name:            ScheduledInstallTime
  Type:            REG_DWORD
  Data:            0x10

Value 8
  Name:            NoAutoRebootWithLoggedOnUsers
  Type:            REG_DWORD
  Data:            0

There's the Registry info.

Adam Marshall, MCSE: Security
http://www.adamj.org

AdamJ,

Do you set a dealine on your windows 10 updates?

For example, today I approved the win10 1709 update for a PC.

The update did have a deadline on it (7 days after update was approved). My co-worker was working on his PC (He was in the middle of typing) and the PC went down for a reboot.

My thoughts are....

1) The deadline forced the reboot

2) He was typing and must have hit a key that told the win10 notification to reboot now?

I am not 100% sure.

The following reg key is set to "RestartNotificationsAllowed" (0).

I am thinking that I should possibly create a "win10 upgrade" group and just move machines into that group when we are ready to go to a new build. Also do not set a deadline as that will not force the reboot... (if the deadline is what caused this behavior).

Please advise. Thanks

Thursday, November 2, 2017 8:42 PM

0

Sign in to vote

Post a screenshot of your GPOs and/or the result page from gpresult /h gpo.htm

Something is conflicting. Mine works as advertised - Install every day at 4pm and reboot outside of active hours if needed. Mind you if they are still logged in it forces the reboot outside of active hours, which is what I want as people keep failing to sign out or reboot every day.

Adam Marshall, MCSE: Security
http://www.adamj.org

AdamJ,

Can you please provide me with a screenshot of your computer's AU reg keys?

Also GPO?
Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
Class Name:        <NO CLASS>
Last Write Time:   2017-10-17 - 9:00 AM
Value 0
  Name:            WUServer
  Type:            REG_SZ
  Data:            https://server.domain.local:8531

Value 1
  Name:            WUStatusServer
  Type:            REG_SZ
  Data:            https://server.domain.local:8531

Value 2
  Name:            UpdateServiceUrlAlternate
  Type:            REG_SZ
  Data:            https://server.domain.local:8531

Value 3
  Name:            TargetGroupEnabled
  Type:            REG_DWORD
  Data:            0x1

Value 4
  Name:            TargetGroup
  Type:            REG_SZ
  Data:            Workstations; Test - Workstations

Value 5
  Name:            SetActiveHours
  Type:            REG_DWORD
  Data:            0x1

Value 6
  Name:            ActiveHoursStart
  Type:            REG_DWORD
  Data:            0x8

Value 7
  Name:            ActiveHoursEnd
  Type:            REG_DWORD
  Data:            0x12

Value 8
  Name:            SetAutoRestartDeadline
  Type:            REG_DWORD
  Data:            0x1

Value 9
  Name:            AutoRestartDeadlinePeriodInDays
  Type:            REG_DWORD
  Data:            0x7

Value 10
  Name:            SetAutoRestartNotificationConfig
  Type:            REG_DWORD
  Data:            0x1

Value 11
  Name:            AutoRestartNotificationSchedule
  Type:            REG_DWORD
  Data:            0x3c


Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
Class Name:        <NO CLASS>
Last Write Time:   2017-10-17 - 9:00 AM
Value 0
  Name:            UseWUServer
  Type:            REG_DWORD
  Data:            0x1

Value 1
  Name:            DetectionFrequencyEnabled
  Type:            REG_DWORD
  Data:            0x1

Value 2
  Name:            DetectionFrequency
  Type:            REG_DWORD
  Data:            0x14

Value 3
  Name:            NoAutoUpdate
  Type:            REG_DWORD
  Data:            0

Value 4
  Name:            AUOptions
  Type:            REG_DWORD
  Data:            0x4

Value 5
  Name:            AutomaticMaintenanceEnabled
  Type:            REG_DWORD
  Data:            0x1

Value 6
  Name:            ScheduledInstallDay
  Type:            REG_DWORD
  Data:            0

Value 7
  Name:            ScheduledInstallTime
  Type:            REG_DWORD
  Data:            0x10

Value 8
  Name:            NoAutoRebootWithLoggedOnUsers
  Type:            REG_DWORD
  Data:            0
There's the Registry info.

Adam Marshall, MCSE: Security
http://www.adamj.org

AdamJ,

Do you set a dealine on your windows 10 updates?

For example, today I approved the win10 1709 update for a PC.

The update did have a deadline on it (7 days after update was approved). My co-worker was working on his PC (He was in the middle of typing) and the PC went down for a reboot.

My thoughts are....

1) The deadline forced the reboot

2) He was typing and must have hit a key that told the win10 notification to reboot now?

I am not 100% sure.

The following reg key is set to "RestartNotificationsAllowed" (0).

I am thinking that I should possibly create a "win10 upgrade" group and just move machines into that group when we are ready to go to a new build. Also do not set a deadline as that will not force the reboot... (if the deadline is what caused this behavior).

Please advise. Thanks

Deadlines are your issue.

I do not set deadlines. All my systems check for updates daily and will install daily too.

When I did set deadlines, I had random reboots in the middle of the day.

Adam Marshall, MCSE: Security
http://www.adamj.org

Thursday, November 2, 2017 11:45 PM

0

Sign in to vote

So I removed my win10 deadlines, now my computer's show they will reboot outside of active hours.

I have waited several days and the machine never reboots on it's own.

Monday, November 13, 2017 6:52 PM

0

Sign in to vote

  Name:            NoAutoRebootWithLoggedOnUsers
  Type:            REG_DWORD
  Data:            0

Is yours set this way? Was a user logged on?

Adam Marshall, MCSE: Security
http://www.adamj.org

Monday, November 13, 2017 7:03 PM

0

Sign in to vote

  Name:            NoAutoRebootWithLoggedOnUsers
  Type:            REG_DWORD
  Data:            0
Is yours set this way? Was a user logged on?

Adam Marshall, MCSE: Security
http://www.adamj.org

"NoAutoRebootWithLoggedOnUsers"=dword:00000001

A user was logged on and the screen was locked.

Tuesday, November 14, 2017 1:38 PM

0

Sign in to vote

  Name:            NoAutoRebootWithLoggedOnUsers
  Type:            REG_DWORD
  Data:            0
Is yours set this way? Was a user logged on?

Adam Marshall, MCSE: Security
http://www.adamj.org

"NoAutoRebootWithLoggedOnUsers"=dword:00000001

A user was logged on and the screen was locked.

Well that's your reason. A user was logged in, and your policy is setup to not reboot with logged on users.

Adam Marshall, MCSE: Security
http://www.adamj.org

Tuesday, November 14, 2017 2:22 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Asked by:

Win10 and WSUS

Question

All replies