Automatic Updates occurring unintentionally

windows-server-2008 windows-update automatic-updates

My boss and I were sitting in our server room today when we all of a sudden heard one of our servers go into hyper-speed, indicating that it was restarting. You can imagine the immediate "oh crap" expressions on our faces.

We dug into the logs, and it appears that there were some updates automatically installed that required a restart. AU, seeing that there was no one logged in, automatically did the restart. This is a production server, so we have automatic updates turned off (not even downloading then waiting.. It should wait for us to tell it before it does anything).

I ran both rsop.msc and gpedit.msc to check if there was a rogue group policy that forced the automatic updating. Nothing.

Our windowsupdate.log shows this:

2011-12-16  09:00:12:092     964    17f4    AU  Setting AU scheduled install time to 2011-12-16 20:00:00

(there were many more lines like that, and one pointing to a scheduled install just minutes before we heard the restart)

So, somewhere, AU is getting the bright idea that it should schedule automatic installs. Any ideas on why that might be happening?

A bit of pertinent information:

We recently (one month ago) installed a WSUS server, and two weeks ago pointed all of our servers at it. With WSUS came forefront client security, with a policy set up to do automatic definition updates every 6 hours. This could possibly be the problem, but it seems like a major flaw that by checking for definition updates it would automatically install other updates.

I also rolled out (I believe last Thursday) a new GPO for our workstations that forces automatic updating at 2:00 PM. This was applied to a select few workstations in the company and NONE OF THE SERVERS. I confirmed that that group policy wasn't applied through rsop.msc

As far as I can tell, this has only happened on or 2003 servers, but I can't make any promises that it isn't happening on the 2008 servers and I just haven't noticed.

Ideas?


Solution 1:

On the server itself, from a command prompt, I'd recommend running gpresult (with a /v for Verbose output or a /z for the uber-detailed version) and see of you can locate a policy that is incorrectly applied (or alternative, not applied as it should be for some reason). Also, I'd recommend the >result.txt (or whatever you want to name it) with the /v and /z options - they can get rather wordy and exceed you command prompt screen buffer. Having the results in a text file also makes them searchable, which is nice...

Related

Is there a record checker for tinydns
Null MX records
date +%s glitches
.htaccess rewrite http to https results in loop
Unable to modify schema in OpenLDAP using run-time configuration cn=config
IIS7 Web Farm Framework 2.0 Basic Setup Questions On Load Balancing [duplicate]
Where is my AD-Integrated stub zone data being stored?
Exim speed up mails send/recieve mechanism
Installing TortoiseSVN for specific users on Citrix XenApp
Threat Management Gateway 2010 is killing SQL Connections
How do I set up a basic IPv6 video stream using VLC
nginx redirects back to remote_addr IP