0

I have a windows 2016 datacenter server.

Using Sconfig, Windows Update Settings were set to Manual (some time ago)

If I check the registry HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate, the only entry in there is in \Au, which is NoAutoUpdate = 1

So from my understanding, the server is correctly configured to manual, and it should not be downloading or installing Windows Updates, unless triggered by a user.

Checking the Event Log Applications and Services > Microsoft > Windows > Windows UpdateClient > Operational, I can see that Windows Updates has successfully found updates, which have been downloading, even though this was not triggered by a user.

If I go into Control Panel > Security and Maintenance > Reliability Monitor, for the 6th Feb, it tells me that it has successfully installed 4 updates

I've also looked over the log produced, by running powershell command Get-WindowsUpdateLog, and have found the log entry where Windows Update Agent is initialised, but I cannot find anything indicating what initialized it... 2020/02/06 03:10:30.0626515 928 4336 Agent Initializing Windows Update Agent

Since this server is set to Manual only, I need to find and understand what has triggered the Orchestra to scan and download updates, and then install them.

Has anyone got any tips on where I should next check?

Additional Information from questions asked in this post

The server did not reboot after installing the update, but has been marked as PendingReboot. This has been confirmed by checking registry: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired Which now contains 2 entries:

70f66ef9-c066-4ef6-aa4e-8945086be6a4 = 1

f9f38f3b-acbb-47ae-bdcb-858d1c9ade4e = 1

Jeffrey
  • 171
  • 6
  • Hi, does a reboot was done after the registry key NoAutoUpdate was set ? – yagmoth555 Feb 07 '20 at 14:11
  • It did not reboot, but it has been marked as pending reboot, which I confirmed by checking if there was entries in the registry HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired – Jeffrey Feb 07 '20 at 14:17
  • Ok, I asked, as the registry settings is read when the windows update service start, so I assume the settings wasnt respected as the process was already started – yagmoth555 Feb 07 '20 at 14:45
  • As mentioned, this server has been set to manual for some time (im talking over half a year), so yes I agree that something is not respecting this setting, but I dont know how to identify what it is not respecting it, or why. Any ideas? – Jeffrey Feb 07 '20 at 15:26
  • I would have a look in gpedit at *Comp Configuration > Admin Templates > Windows Components > Windows Updates > Configure Automatic Updates* to see what's configured there. (Mine is set to 2 and doesn't seem to do anything until I go in to do it) – Smock Feb 07 '20 at 16:34
  • In GPEdit, all the settings show as not configured, because it was configured via Sconfig, not group policys. It should be noted this Server is not domain joined – Jeffrey Feb 10 '20 at 08:34

0 Answers0