9

I want a Windows 8.1 Professional installation which is always running and accessed by users via RDP to install updates automatically and also reboot automatically if the updates require it, but this should only happen saturday night (at any other time the system needs to be running and available for users).

I changed the following registry settings:

In HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU:

  • AUOptions = 4 (Automatically download and scheduled installation)
  • ScheduledInstallDay = 7 (saturday)
  • ScheduledInstallTime = 0 (0 o'clock)
  • NoAutoRebootWithLoggedOnUsers = 0 (also reboot with logged in users)
  • AlwaysAutoRebootAtScheduledTime = 1 (force restart)

Unfortunately, this does not always work. It worked once when I set the ScheduledInstallDay to thursday because I read in the documentation for AlwaysAutoRebootAtScheduledTime:

When this registry value is set to 1, you are still notified of the upcoming automatic restart on the sign-in screen. However, at the end of the three-day period, the 15-minute counter begins even if the computer is locked. The restart also occurs even if the computer is locked.

Source: How to force automatic restarts after important updates in Windows 8 and Windows Server 2012

So I thought if I want the system to restart on saturday, I have to set the scheduled day three days before that, because the restart is delayed 3 days. But the system restarted on thursday. Therefor I set the scheduled day to saturday again, but now the restart did not happen at all (I always have to wait for the next update which requires a restart to test the new settings).

How do I have to configure the system so that it always reboots on saturday night if an installed update requires it, even when a user is logged in at that time?

Update: As there is still no answer, I'm starting to believe that I'm on a completely wrong path here. I would also be happy for pointers how such a thing should be done, e.g. how do you keep a remotely accessed Windows machine always up to date when there is a fixed time window for updates?

Community
  • 1
Sven Koschnicke
  • 151
  • 1
  • 8
  • If you downvote please explain what I can improve on this question. – Sven Koschnicke Jul 29 '15 at 06:20
  • As you can see the windows update settings don't always run to the same logic you might expect. Why not just reboot the machine every Saturday? – Drifter104 Aug 12 '15 at 08:35
  • 1
    Periodically rebooting would mean that users need to reconnect and reopen their applications, even when there was no need for a reboot (I think there was no update requiring a reboot for the last month or so). This is a solution, but not an optimal one. I would rather try to write a script which checks if the reboot is needed, but I thought there is a build in mechanism, especially as the settings suggest that there is one. – Sven Koschnicke Aug 12 '15 at 09:04

2 Answers2

4

This will do what you want with a powershell script.

download the powershell function/module from here https://gallery.technet.microsoft.com/scriptcenter/Get-PendingReboot-Query-bdb79542

Then edit the powershell profile for all users so that function gets loaded automatically. This link explains how to do that http://www.gsx.com/blog/bid/81096/Enhance-your-PowerShell-experience-by-automatically-loading-scripts

Then create a scheduled task to run the following powershell commands

$RebootStatus = "NotSet"

$RebootStatus = Get-PendingReboot | Select WindowsUpdate | Where-Object {$_.WindowsUpdate -like "True"}

if ($RebootStatus -ne $null) {shutdown -r -f -t 60}

Basically if the return value is false it sets $RebootStatus to empty, otherwise it populates it with a value. It checks that and reboots if $RebootStatus has any value other then $null.

Sorry if this goes over things you already know.

Drifter104
  • 3,773
  • 2
  • 25
  • 39
  • I suggested this as a script because as you have already found out, the update settings simply don't work as expected – Drifter104 Aug 12 '15 at 09:28
  • Looks good! I will try that. Why are you setting `$RebootStatus` to `"NotSet"` initially? – Sven Koschnicke Aug 12 '15 at 11:52
  • @SvenKoschnicke habbit (bad habbit?) of setting and declaring them. It could be set to anything I suppose. I can get by with scripting but I've no idea on some of the best ways of doing things – Drifter104 Aug 12 '15 at 12:20
  • All installed. Unfortunately, I can't know if this works until the next windows update which needs a restart. So I will not accept the answer for now, but you get the bounty because it would expire too early. – Sven Koschnicke Aug 12 '15 at 12:53
  • Thank you, let me know if it doesn't work and I'll make changes – Drifter104 Aug 12 '15 at 12:56
1

Updated version of Drifter104s answer.

This will do what you want with a Powershell script, as it still seems very hard (impossible?) to get this configured correctly through group policy / registry.

  1. Install the Test-PendingReboot Powershell module:

    Install-Module -Name PendingReboot

  2. Then create a scheduled task to run the following powershell commands

    $RebootStatus = $null
$RebootStatus = Test-PendingReboot | Select IsRebootPending | Where-Object {$_.IsRebootPending -like "True"}
if ($RebootStatus -ne $null) {shutdown -r -f -t 60}

The changes I made compared to the previous answer are:

  • The Powershell script provided previously is no longer being developed and has been replaced with the one I linked.
  • Installing the script as a PowerShell module should automatically make it available for all users, meaning that you don't need to make it load automatically (the link to those instructions is now broken any way)
  • The results from the new PS Module are slightly different and so the query to find out 'RebootStatus' needed changing.
  • I also initialised 'RebootStatus' to $null to avoid false positives in case the second line of the script is broken, commented out, wrapped in a conditional etc.
steeveeet
  • 126
  • 3
  • Thank you for taking the time to post an updated version! Could you explain what you improved? I see you are using a differnt script for testing the pending reboot. Is that working better? Are there other improvements? – Sven Koschnicke Oct 23 '19 at 06:02
  • Comments added above :) – steeveeet Oct 23 '19 at 09:57