PowerShell Cookbook

Search

Categories

 

On this page

Archive

March, 2010 (3)
February, 2010 (2)
January, 2010 (3)
December, 2009 (1)
November, 2009 (2)
October, 2009 (6)
September, 2009 (4)
July, 2009 (2)
June, 2009 (1)
April, 2009 (2)
March, 2009 (2)
February, 2009 (4)
January, 2009 (4)
December, 2008 (1)
November, 2008 (1)
October, 2008 (2)
September, 2008 (3)
August, 2008 (2)
July, 2008 (2)
June, 2008 (3)
May, 2008 (3)
March, 2008 (2)
February, 2008 (1)
December, 2007 (2)
November, 2007 (6)
October, 2007 (6)
August, 2007 (1)
July, 2007 (2)
June, 2007 (2)
May, 2007 (4)
April, 2007 (4)
March, 2007 (3)
February, 2007 (6)
January, 2007 (8)
December, 2006 (4)
November, 2006 (5)
October, 2006 (8)
September, 2006 (8)
August, 2006 (7)
July, 2006 (6)
June, 2006 (4)
May, 2006 (8)
April, 2006 (9)
March, 2006 (8)
February, 2006 (8)
January, 2006 (10)
December, 2005 (8)
November, 2005 (11)
October, 2005 (10)
September, 2005 (6)
August, 2005 (13)
July, 2005 (11)
June, 2005 (11)

Blogroll

 Eric Gunnerson's C# Compendium
 Larry Osterman's WebLog
 PowerShell Team Blog
 Proudly Serving My Corporate Masters
 Quote of the Day
 Schneier on Security
 shahine.com/omar/
 Simply Ted
 Slashdot
 The Old New Thing

Disclaimer
I work for Microsoft.

The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

RSS 2.0 | Atom 1.0 | CDF

Send mail to the author(s) E-mail

Total Posts: 257
This Year: 8
This Month: 2
This Week: 0
Comments: 785

Sign In

 Friday, July 10, 2009
Auto-Updating With No Reboot
Saturday, July 11, 2009 6:18:00 AM (Pacific Daylight Time, UTC-07:00) ( )

Despite being a fan of security, I’ve always run Windows Update in “Download and Notify” mode for all of my machines. Having Windows Update reboot my machine without warning at 3:00 AM is just too destructive.

This has two negative effects:

- Security patches that don’t require a reboot are needlessly postponed.
- Programs that auto-update frequently via Microsoft Update turn into a permanent task-bar nag that you have updates to install.

After doing some research, it turns out that it’s possible to have the best of both worlds with just a little configuration. Set Microsoft Update to install updates automatically, and then set a Group Policy flag that prevents auto-reboot. Problem solved!

http://blogs.technet.com/mu/archive/2008/10/02/windows-update-and-automatic-reboots.aspx

Comments [3] | | # 
Monday, July 13, 2009 3:04:54 PM (Pacific Daylight Time, UTC-07:00)
Where's your ObPowershell to manipulate the group policy setting from PowerShell? :-)
Jay Bazuzi
Wednesday, October 14, 2009 10:54:01 PM (Pacific Daylight Time, UTC-07:00)
Here's a reference that maps group policy settings to registry settings:

Group Policy Settings References for Windows and Windows Server
http://www.microsoft.com/downloads/details.aspx?FamilyID=18c90c80-8b0a-4906-a4f5-ff24cc2030fb&displaylang=en

Here's a PowerShell script that will create the registry value for 'No auto-restart with logged on users for scheduled automatic updates installations':

# Enable-WUNoAutoRebootWithLoggedOnUsers.ps1
# Sets Group Policy to prevent Windows Update from rebooting if a user is logged on.
New-Item -Path HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU -Force
Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU -Name NoAutoRebootWithLoggedOnUsers -Value 1

I've confirmed that it creates the same registry value as the Local Group Policy Editor, but for some reason the editor doesn't show it as enabled. I haven't received an update yet that requests a reboot, so the jury is still out on whether it is truly enabled... but it should work according to the reference I linked to above.
totorocat
Thursday, October 15, 2009 8:36:47 PM (Pacific Daylight Time, UTC-07:00)
Correction to my last comment. The Set-ItemProperty line should actually use New-ItemProperty and set the value type to DWORD, as in the following:

New-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU -Name NoAutoRebootWithLoggedOnUsers -Value 1 -PropertyType DWORD
totorocat
Name
E-mail
Home page

Comment (Some html is allowed: b, blockquote@cite, em, i, strike, strong, sub, super, u)  

Enter the code shown (prevents robots):