How can I prevent Terminal Server Users from restarting the server after an Automatic Update?

We have a Windows Server 2003 terminal server, and our IT department does not want to disable Automatic Updates. The problem is, when an update gets applied that requires a reboot, users get a popup about it and can hit Restart Now to reboot the server.

Is there a way to keep Automatic Updates on, but not give regular users the Restart popup after an update?

Solution 1:

Disable the group policy allowing the notification to non-admins:

Computer Configuration > Administrative Templates > Windows Components > Windows Update > Allow non-administrators to receive update notifications

But, this behavior is the default - so either someone's specifically enabled this policy in the past, or the users are admins?

Solution 2:

That's pretty irritating for a number of reasons. You should never just automatically apply every update that comes to you, but if you ARE going to do it, you should set up a scheduled time to apply them and reboot...Leaving that to the user is absurd in a production environment.

To set up a time, go to Control Panel->System->Automatic Updates(tab) and do "Automatic" and put in a time (defaults to 3:00am).

To do it properly, set up WSUS, so you can deploy all updates more efficiently across the domain.