Stop WSUS from rebooting a server

Our IT department is rolling out a set of patches via WSUS this weekend and will reboot all of our Win2k3 servers on Sunday. Due to production work which must continue uninhibited, we cannot allow this reboot to occur. The exact line we have been given is:

The command to download the patches and reboot on Sunday has been sent by WSUS already and cannot be taken back. The servers will reboot on Sunday automatically.

How can we go about stopping this from happening? It set some flag saying it should reboot, so what flag do we unset? One strategy proposed was to roll back the system clock, however, this will likely cause some processes to fail.

If you really do not have control over containers and GPO settings, then you're out of luck. The system is designed to prevent local admins from changing that kind of thing.

I have users in the exact situation you are, so we've had to create processes to allow exceptions to the everyone-must-apply-updates-at-$DateTime rules. We have a group of OU's for machines that need hand-holding through the update process, and people move machines in there if they need it. The machines in there get audited once in a while to verify that they NEED to be in there, we don't want end-user workstations in there because they hate having to log out of Outlook once a month.

After your production is horribly disrupted because of this weekend's patches, you can take that (and possibly the irate managers it'll cause) and press for some kind of exceptions policy.

In the Group Policy editor go to Computer Configuration > Administrative Templates > Windows Components > Windows Update and choose No auto-restart for scheduled Automatic Updates installation.

You can also completely disable Windows Update at the Group Policy level.