Restart automatically while no-restart is enabled

Discussion in 'Update Services' started by Larry Lau, Jul 27, 2006.

  1. Larry Lau

    Larry Lau Guest

    Hi all,

    There's a WSUS server and another computer points to it. A few security
    patches were approved to install to the client at 2:55pm and the installaiton
    was scheduled at 3pm. The deadline of the patches was expired. The client
    computer was set to NO RESTART in the group policy.

    At around 3:20pm, I logged on the client computer. A prompt to restart
    machine was found. However, only "Restart Now" button is available, while
    "Restart Later" was dimmed. The prompt was counting down to reboot PC. I
    have no way to stop the restart.

    Here're my questions:
    1. Why the computer was restarted while "No restart" was enabled in the
    group policy?
    2. Is the expired deadline caused the update to install immediately instead
    of doing the installation in the scheduled time?

    Thanks,
    Larry
     
    Larry Lau, Jul 27, 2006
    #1
    1. Advertisements

  2. You got hit by a combination of events, Larry.

    First, because the patches were approved with an expired deadline, you
    created the scenario where the patches would be installed immediately upon
    download. Furthemore, when a deadline has expired, there are no options
    presented to "Reboot Later" -- even for administrative users.

    You say you logged onto the machine at 3:20pm. Did you power this machine
    on? If so, then the detection occuring at power up triggered the download
    and immediate installation of the update, and you got trapped in the forced
    reboot following the installation of an update with an expired deadline. The
    "No auto-reboot with logged on user" policy is overridden when an update has
    an expired deadline.

    This is a common scenario with installing patches at power on -- sometimes
    the user gets logged on before the reboot, sometimes the machine gets to
    reboot before the user logs on. Had there been no deadline, and the user
    actually got logged on before the restart sequence initiated, then the user
    (assuming admin privileges) would have been presented with the "Reboot
    Later" prompt and no countdown.

    Also note, if the user does not have admin privileges, then even with the
    "No auto-reboot..." policy enabled, the non-admin user will still get a
    countdown and a forced restart. The policy does not prevent a restart, it
    merely prevent a restart /without notification/. If you were to disable the
    policy, you would get no countdown dialog, nor a "Reboot Now" prompt - the
    system would simply restart - much to the user's great surprise (and,
    probably, annoyance).

    --
    Lawrence Garvin, M.S., MVP-Software Distribution
    Everything you need for WSUS is at
    http://technet2.microsoft.com/windowsserver/en/technologies/featured/wsus/default.mspx
    And, everything else is at
    http://wsusinfo.onsitechsolutions.com
    .....
     
    Lawrence Garvin \(MVP\), Jul 27, 2006
    #2
    1. Advertisements

  3. Larry Lau

    Larry Lau Guest

    Thanks, again, Lawrence.

    I approved to install 2 patches with expired deadline, 2 patches with no
    deadline, 2 patches with non-expired deadline. The patches with expired
    deadline were installed before scheduled time while the remaining patches
    were installed at the scheduled time.
    No, the computer was already on when I logged on it at 3:20pm. It showed me
    the prompt to reboot with the "Reboot Later" button dimmed.
    Do you mean that even the non-admin user has logged on the computer, he/she
    will still get a forced restart, even "No auto restart" enabled?
     
    Larry Lau, Jul 28, 2006
    #3
  4. This is expected behavior. Only the deadlined patches will be installed
    ahead of the scheduled installation, and only if the deadline predates the
    scheduled installation time.
    I'd venture a guess that the detection was coincidentally simultanous with
    your logon; however, you can confirm this by inspecting the
    %windir%\WindowsUpdate.log for that time period. The WUA logs the next
    'scheduled' detection, and will log the start of the detection event.
    A non-admin user will always be forced to restart with a countdown
    displayed.

    An admin user will be presented with the "Reboot Later" option, only if
    there is no deadline configured. If a deadline is configured, the reboot
    will not be optional, even if the deadline has not yet expired.

    And ANY user on a system with the policy "Allow non-admins to receive update
    notifications" enabled, will have the same features as an admin user.

    --
    Lawrence Garvin, M.S., MVP-Software Distribution
    Everything you need for WSUS is at
    http://technet2.microsoft.com/windowsserver/en/technologies/featured/wsus/default.mspx
    And, everything else is at
    http://wsusinfo.onsitechsolutions.com
    .....
     
    Lawrence Garvin \(MVP\), Jul 28, 2006
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.