locked
Servers are installing Updates although Policy denies it RRS feed

  • Question

  • Hello,

    I have a weird problem. I created a "VIP" group for our important servers.. Everything works finde but I found one problem and I dont know how to solve it.. I used an old Server to test this group and it seems like it automaticly installed Security Updates and rebooted although my policy should deny it. If servers like our fileserver would reboot randomly it would be fatal..

    I also noticed, that only Security Updates were installed.

    Here are my policies:

    The testserver (first picture the udpates that were installed, then the restart):

    Wednesday, May 3, 2017 8:44 AM

All replies

  • Hi SGseiwertIT,

    Please check if the update installed by the test server accidently is configured with a deadline, and if the deadline time is before the date the test server detect the update?

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, May 5, 2017 2:24 AM
  • Hi Anne,

    thank you for your reply. Just after I created this thread, I noticed that there were several updates with a deadline. I manually set them on "Not Approved" and approved them again without a deadline, but still a new testserver just rebooted this night and installed some updates..

    As you can see here for the update KB4015549, it has no Deadline but it still got installed.

    Thank you for your help.

    Best regards,

    Robin

    Friday, May 5, 2017 7:13 AM
  • Hi SGseiwertIT,

    Please enable policy "No-auto restart when logon users" in GPO, check if after enabling this policy, the machine will still restart accidently:

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, May 29, 2017 3:28 AM