Auto update, have to restart, darnit!

Discussion in 'Windows Server Systems' started by kcnychief, Jul 15, 2005.

  1. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    OK, so I have WSUS setup, blah blah blah. My problem is this, the machines are not being given the option to "restart later" (see picture)

    I can't find the GPO to adjust this, only to adjust the time between this window popping up. But, that would only really matter if you could click on "restart later" allowing the time interval to take effect. What gives?

    I dug through both user and computer configuration and didn't find it. I think I might have found a way to do it in the registry, maybe, but I'm not sure. I have it narrowed down to this key..

    HKEY_LOCAL_MACHINE \Software\Policies \Microsoft\Windows \WindowsUpdate\AU

    EDIT: These machines are on a domain, getting everything through GPO
     

    Attached Files:

    • au.bmp
      File size:
      60.2 KB
      Views:
      176
  2. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    I don't know if it will help or not, but here is a screenshot with how my AU settings are configured...
     

    Attached Files:

    • au2.bmp
      File size:
      452.2 KB
      Views:
      196
  3. madmatt

    madmatt Bow Down to the King Political User

    Messages:
    13,312
    Location:
    New York
    Standard users don't have the ability to restart later. Power Users and Administrators do.

    I have configured AU to install updates at night. However, if the user's workstation is not on it will install them one minute after system startup and force them to reboot then.
     
  4. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    Right, I understand that, not something I thought of initially though. The user that is experiencing this problem is a member of the Domain Admins group, so that doesn't apply :(

    EDIT: I considered your proposal, about group memberships. I made the user a member of the local administrator's group on the machine, I will see if this changes...
     
    Last edited: Jul 16, 2005
  5. madmatt

    madmatt Bow Down to the King Political User

    Messages:
    13,312
    Location:
    New York
    When you setup a workstation you should make the Domain Admins group apart of the local admin group. Although, I believe that is automatic in a domain setting.
     
    kcnychief likes this.
  6. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    Yeah, that is automatic, but I still gave it a shot. Will have to see how the next update cycle goes.
     
  7. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    Hmmm, not 100% sure yet, but it SEEMS to have resolved itself. Kinda silly how picky Windows is, that you have to be a member of "Administrators" or "Power Users" to decline rebooting. Who would have thunk that Windows Updates can't install under elevated global priveleges (Domain Admins). Makes sense, but picky, grr. Thanks MadMatt!
     
  8. madmatt

    madmatt Bow Down to the King Political User

    Messages:
    13,312
    Location:
    New York
    I don't know if I've said it or not. But I have my updates install nightly at 3 AM. If the user turns off their workstation and a scheduled update doesn't take place then it will install one minute after system startup.

    The nice thing about that is if the update requires a restart it does it automatically.

    I have asked all of my users to leave workstations on during the work week so updates and scheduled maintenance can run. I have also warned them if they fail to leave their workstation on and a scheduled update is missed that it will run once they start up and they will be forced to restart then.

    I wouldn't want my users to be able to decline a restart because I know they wouldn't restart if it were up to them. Forced restarts makes sense.

    I don't have many users that are classified as "Power Users" (maybe three that I can think of) and I am the only "Administrator".

    My pleasure. Glad it worked out.
     
  9. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    Yeah, I understand all that. However, in the situation I am in this client is a CPA (Certified Personal Accountant) so he works from Dawn to Dusk. He sometimes, working through Dusk, leaves like 10 windows open. So, in this case, while your logic makes sense, if he was in the middle of a bunch of programs, he needs the ability to be able to "restart later"

    I do agree, however, normal people in normal operations should not have to deal with that or have the power to do so.
     
  10. madmatt

    madmatt Bow Down to the King Political User

    Messages:
    13,312
    Location:
    New York
    That's why people need regular banker hours like us!
     
  11. johnsonlim027

    johnsonlim027 OSNN Junior Addict

    Messages:
    26
    Does it means that whenever there is an update installed to the client, it will force the client to restart, except adminstrator and power user who have right to restarter later?Is there a way to to stop the restart?:)
     
  12. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    Well, through GPO, when WSUS is used, the only way to avoid the restart besides moving the dialog box out of the way, is to make the users members of the Power Users group or Administrators.
     
    Last edited: Dec 28, 2005
  13. johnsonlim027

    johnsonlim027 OSNN Junior Addict

    Messages:
    26
    Woo..so it means that implementing WSUS must be in the very very correct time or else it will create big big problem..
     
  14. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    No, not really. As madmatt states above, just schedule them to install during off-peak hours, which will install when the machine turns on later if it is off.
     
  15. madmatt

    madmatt Bow Down to the King Political User

    Messages:
    13,312
    Location:
    New York
    Think of it this way...

    Administrators - They know better and restart the PC
    Power Users - They should know better and restart the PC (or they shouldn't be Power Users)
    Users - They don't know enough, hence the reason they are standard users

    That's some humor but a good way to look at it.
     
  16. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    That's a good way of looking at it indeed.
     
  17. digima$ter

    digima$ter OSNN Junior Addict

    Messages:
    16
    Location:
    Cali
    sry standard users don't have that.
     
  18. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    Standard users don't have what?
     
  19. johnsonlim027

    johnsonlim027 OSNN Junior Addict

    Messages:
    26
    I find out that patchLink and UpdateExpert are more better than WSUS.But it come with price..My WSUS implementation has been banned as it is so not user friendly...
     
  20. madmatt

    madmatt Bow Down to the King Political User

    Messages:
    13,312
    Location:
    New York
    I disagree with you. WSUS has won awards and it being free is even more of a reason to use it. WSUS is based on SMS (which is costly).

    WSUS SP1 (some time Q1/Q2 2006) will add several improvements.

    Your problem isn't likely the product itself, it likely has some thing to do with implementation. I've heard of others having issues when running WSUS on Windows 2000 Server. WSUS was designed for Windows Server 2003.