How to prevent Server rebooting upon log off when a restart is pending?

windows-update wsus

Solution 1:

EDIT: Here's a case of me typing out an answer and then coming back to it years later to realize I didn't read the question properly.

The real answer is...you CAN'T.

Some updates require a reboot, and as such MS in their wisdom decided that if nobody was logged on to the "computer" then it must be OK to reboot it...including a server.

So what options do you have? Pretty simple...don't set automatic updates on a server. Set it to "Download updates but let me choose whether to install them" if you are using WSUS on a server. Use a separate GPO for servers compared to workstations.

This is ideal anyway, since you really should have your servers on a specific maintenance schedule that you control where you can be connected to the server, install the updates, reboot, and make sure all is well.

For those servers that aren't critical and you believe WSUS and Windows Update can handle things well enough, just set it to install updates automatically at something like 2am or similar and auto-reboot then.

Also worth reading: Reboot behavior - WSUS Clients

=============

OLD ANSWER

I'm not sure why you wouldn't have the proper GPO setting. Are you trying to set the GPO settings from a 2003 machine using GPMC?

The setting should definitely be available as shown here: Configure Automatic Updates by Using Group Policy

Specifically as you mention:

To inhibit auto-restart for scheduled Automatic Update installation options:

  1. In Group Policy Object Editor, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update.
  2. In the details pane, click No auto-restart for scheduled Automatic Update installation options, and set the option.
  3. Click OK.

That really is what you are looking for. If you don't see it, something is amiss.

However, I will state that if you have a fairly small number of servers, my recommendation is to use the "download but not install updates". This allows you to custom pick and choose the updates for the individual server(s) as well as do it on a custom maintenance plan that you employ and can then manually reboot the server and watch it come back online.

Granted, that means "more manual labor" and some shops simply don't want to do this, but if you have the means to do so it's not difficult to employ.

Related

System information disabled due to load higher than 1.0 amazon ec2
Environment variables are unavailable when running scripts over ssh
What is nonpaged pool?
One second delay before tcpdump returns packets
Having problems setting up SSL with Nginx
Is it possible to extend a 504 timeout in nginx on a per location basis
Jetty JMX setup for remote access
FreeTDS: Do I need to restart anything after changing the freetds.conf file?
Haproxy using 10GB Memory and 100% CPU with 50k connections
Monitoring cpu and memory usage of Docker containers on Centos 7
Automatically mount volume on EC2
Calling sync/fsync slows IO after 30 minutes uptime