Windows Update and Automatic Reboots
Windows Update plays an essential role in keeping your computer safe, and in order to do that, it sometimes has to reboot your computer. In this blog post, we want to help clarify how WU reboots your machine (including key differences between XP and Vista behavior), why it does it, and how you can change your WU settings to better fit your needs.
The goal of Windows Update is to always keep your computer as safe and secure as possible. Therefore, if you decided that Windows Update should Install updates automatically, an automatic system reboot may be a part of the process. Choosing any other option will disable automatic reboots, but we do recommend that you keep automatic updates enabled!
Why does Windows Update sometime require a reboot? Well, some updates require access to files currently in use by your system. Windows Update does not know if or when those files will be available to use, so your system requires a reboot to avoid any conflicts. For security-related updates, your computer is unsafe before that reboot occurs: it is vulnerable to attacks which exploit the issue(s) fixed by the update requiring a reboot.
For that reason, when Windows Update automatically installs an update that needs a reboot, it proceeds with an automatic reboot. In order to make the updating process more convenient for you by preventing disruptions to your work, WU defaults to installing updates (and subsequently rebooting your computer) at 3:00AM. Additionally, if updates are installed while you happen to be using the computer, and a reboot is required, Windows Update notifies you with this dialog:
The center countdown timer starts at 5 minutes. You can Restart now, or Postpone the reminder by 10 minutes, 1 hour, or 4 hours (In Windows XP, you can postpone for 10 minutes).
There is one exception – a system administrator can deny your rebooting privileges. For user accounts without rebooting privileges, Windows Update disables the Restart now button. You can still Postpone, or your system will automatically reboot after 5 minutes.
A system administrator can configure some computers behind a Windows Server Update Services (WSUS) server with update deadlines. When reaching a deadline, Windows Update begins an automatic install of those updates based on settings determined by the system administrator.
This deadline-based automatic install behaves identically to a Windows Update automatic install. Therefore, if one or more of the deadline updates requires a reboot, Windows Update presents the same dialog box to you with the same options and conditions. However, if a deadline update requires a reboot, then the reboot cannot be postponed – the Postpone button in the dialog will be disabled.
Policies to Change Automatic Rebooting Behavior
Two group policies allow you to configure how Windows Update handles automatic reboots. In order to edit these policies, you must own Windows XP Professional, Windows Vista Business, or Windows Vista Ultimate. The Group Policy Editor is not available in Home Windows versions.
To use the Group Policy Editor, follow these directions for both Windows XP and Windows Vista: http://support.microsoft.com/kb/307882
In Windows Vista, there is another way to access the Group Policy Editor:
· Click Start
· Select Control Panel
· Type Group Policy into the search box
· Click Edit Group Policy, the only result that appears
Once inside the Group Policy Editor:
· Expand Local Computer Policy
· Expand Computer Configuration
· Expand Administrative Templates
· Expand Windows Components
· Finally, select Windows Update.
The Group Policy Editor with related Windows Update policies looks like this:
With Automatic Updates enabled, the two following policies help you configure automatic reboot behavior.
No auto-restart with logged on users for scheduled automatic updates installations
If you set this policy to Enabled, then your system will never automatically reboot when a user is logged on to it. After Windows Update automatically installs updates that require a reboot, it presents all logged-on users with the following dialog box:
With this policy Enabled, Windows Update never automatically reboots your system, so there is no 5 minute timer. You can Restart now, or Postpone the reminder by 10 minutes, 1 hour, or 4 hours (In Windows XP, you can postpone for 10 minutes).
Not Configured is the default policy setting and uses the 5 minute timer. Disabled works identically to the Not Configured setting.
Delay Restart for scheduled installations
This policy allows you to change the initial timer for automatic reboots. If you set this policy to Disabled or Not Configured, the default setting, then Windows Update uses the default wait time of 5 minutes. However, if you set the policy to Enabled, it asks you to enter a number which sets the initial wait time.
For example, if you set the number to 15, Windows Update presents the following dialog after it finishes automatically installing an update that requires a reboot:
Notice how the text following “Restarting in: ”began with a 15 minute timer instead of a 5 minute timer. Other behavior remains the same.
There are a lot of tools available to help you set up Windows Update to act how you want it to. We hope that this blog post will help you to do so! If you want some more in-depth detail about how Windows Update works, the Microsoft Update team just posted a white paper on TechNet.
We’ll be paying attention to your comments, so please give us your feedback!
-WU Client Team