Prevent Server Restart after Windows Updates

windows-server-2003 windows-update automatic-updates
26,494

Solution 1

In group policy for the server, navigate to:

Computer Configuration->Administrative Templates->Windows Components->Windows Update->No auto-restart for scheduled Automatic Update installation

You can get to this by running gpedit.msc.

Reboot to apply changes.

Don't forget that your server won't be updated until you reboot and will be vulnerable to the threats!

Solution 2

You can accomplish this, and leaving updates installed waiting for a reboot does not leave the server in an inconsistent state. Updates that require a reboot are not applied until the reboot occurs. The settings to manage automatic updates are too numerous to list here, but you can manage them in a domain via Group Policy, or on stand-alone machines using Local Policy. Go to Computer Configuration>Administrative Templates>Windows Components>Windows Update.

Solution 3

The best solution that I am aware of is to turn off automatic updates. Then you schedule maintenance windows with your customers and apply the updates manually and do the reboot then make sure everything that you need is running after the reboot.

Just stopping the reboots is a bad idea because that gives the impression that you are fully updated when you really aren't since updates that need reboots to complete...well...you know...need reboots to complete.

Solution 4

If you can't (or don't want to) reboot a server, you should postpone update installation to when you can safely reboot it.

You should never install updates that require reboots without actually rebooting the machine; this leaves the system in an inconsistent state, and you can have any kind of troubles until a reboot is finally done.

Solution 5

I would suggest to keep the auto updates running, BUT have the servers only download the updates and not install them.

Have you thought about a WSUS server for easier patch maintenance?

Share:
26,494

Related videos on Youtube

eidylon
Author by

eidylon

Software developer working primarily in VB.NET, C# and Sql Server. Occasionally working in ORACLE. I love RegEx and jQuery, and have just started playing around with WebAPI. Hobbyist prop maker. Have created several Mass Effect replica weapons as well as a number of custom-designed commission pieces. Projects and pictures on my Facebook page... https://www.facebook.com/darkchannelprops

Updated on September 17, 2022

Comments

  • eidylon
    eidylon almost 2 years

    we have a number of servers in our office, as a small hosting company, and these servers are critical to business, ... web server, mail server, db server, etc.

    On a semi-regular basis, when the machines get automatic updates, they just automagically reboot themselves in the middle of the night. A number of them have software which must be running on the console session (bad practice, I know, but out of my control). When they reboot themselves, these programs obviously shut down, leaving customers upset and services interrupted.

    How do you set a Windows Server 2003 R2 machine to NEVER automagically reboot itself after updates? And perhaps, if possible, to instead email someone so that they are aware it needs a pending reboot and can schedule it for the best time?

    Thanks in advance!

  • eidylon
    eidylon almost 15 years
    Well, for that same reason I'd rather not turn them off, just to keep things updated for sure, but get a notification to an email address that would notify several people so we are sure to be aware. Something like the operator notifications in Sql Server.
  • Dave Drager
    Dave Drager almost 15 years
    But - lets be realistic. For most situations any kind of automatic update is not going to impact an installed program. If you do have software that ties in so closely with the Windows files, then you should turn it off. But for 90% of the situations out there, users will receive more security benefit from the automatic updates than the risk it will impact running software.
  • eidylon
    eidylon almost 15 years
    Does running GPEDIT on the PDC actually edit the domain group policy? Because it says in the gpedit.msc console "Local Computer Policy".
  • Dave Drager
    Dave Drager almost 15 years
    To deploy this to all of your servers, you will need to edit on PDC (or a PC on the domain) and apply that group policy to your servers. The directions I mentioned only edit local group policy - but I am not group policy expert!
  • Srinivasan MK
    Srinivasan MK almost 15 years
    Don't forget though that you will remain vulnerable to whatever the patch fixed until you do the reboot.
  • Matthias
    Matthias over 10 years
    "Reboot to apply changes." - sigh ;-)
  • Alexander.Iljushkin
    Alexander.Iljushkin about 8 years
    why the heck do I need to always reboot my server? this is server, and it's purpose is to be always running

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Can I delete the contents of WINNT\SoftwareDistribution\Download\ on Server 2003?
How can I get rid of the annoying windows' automatic update needs reboot popup as non-admin?
Undoing the Last Installed Windows Updates via Command Line
How to manually run Windows Update for Windows 2003?
Windows Server 2012 r2 Automatic Updates Registry Values
Check windows updates on windows 2003 server with a server operator account
Does the event log get an entry when automatic updates are turned off on Windows Server 2003
Is it possible to detect the Windows Update status via registry, to see if the system is "fully updated"?
windows update fails with error code 0x8024200E on Windows 2003 server
Does a Required Restart for Windows Update log an event? If so what is the source/id?