Categories
All Posts Remote Desktop Hosting Windows 2012 R2

How to modify timing of Windows Updates in 2012 / 2012 R2 to control timing of updates and restarts

Issue:
Windows Server 2012 or 2012 R2 reboots after installing Windows Updates during inconvenient times that don’t make sense and you would like to modify settings in a more similar way as with Windows Server 2008 R2. Windows 2012 by default restarts 3 days after the installation of Windows Updates instead of 15 minutes which was used in 2008 R2, BUT the restart counter only begins counting down when a user can see it (see Microsoft Technet link below). In addition, it appears that in some situations the restart counter is temporarily disabled when you logoff/disconnect. According to the MSDN blog post below, if after 3 days it is detected that critical applications are open or running in the background or the PC is locked, etc., Windows Update will wait to automatically restart the next time a user logs on with a warning that the machine will be rebooted within 15 minutes.

Although these changes are meant to minimize data loss by providing additional time and warnings prior to reboots, this change in logic can cause confusing timing of reboots of the server and you may wish to have more control over the timing.

Resolution:
If using Windows 2012, make sure KB2885694 (included in update rollup KB2883201 which is what you will see in installed updates) is installed on your server which should already be there since it was released in year 2013. Windows 2012 R2 already includes these new group policy settings.

Modify the group policy settings located here. Open Local Group Policy Editor by typing Gpedit.msc. Go to: Computer Configuration / Administrative Templates / Windows Components / Windows Update.

1. Enable the “Configure Automatic Updates” group policy. Use value of 4. If you want to select a schedule day & time, do NOT check the automatic maintenance box.

2. Enable the “Always automatically restart at the schedule time” group policy. This will allow reboots/restarts approximately 15 minutes after the updates are installed instead of 3 days later. The restart timer can’t be postponed once started and a restart will occur even if users are signed on.

These changes should make automatic updates act similar to the behavior experienced in Windows Server 2008.

 

Scenario Recommended configuration
Force updates and restarts at a specific time. For example:

  • Install updates on Friday nights at 11PM
  • Force a restart soon after installation
Use the Configure Automatic Updates policy:

  • Enable the policy
  • Use option #4 – Auto download and schedule the install
  • Deselect “Install during automatic maintenance”
  • Set “6 – Every Friday” for the scheduled install day
  • Set “23:00” for the scheduled install time

Use the Always automatically restart at the scheduled time policy:

  • Enable the policy
  • Configure the timer to the desired value (default is 15 minutes)

 

See links below from Microsoft for information that was used in the above post:

http://blogs.technet.com/b/wsus/archive/2013/10/08/enabling-a-more-predictable-windows-update-experience-for-windows-8-and-windows-server-2012-kb-2885694.aspx?pi47623=2#pi47623=1

https://support.microsoft.com/en-us/kb/2885694

http://blogs.msdn.com/b/b8/archive/2011/11/14/minimizing-restarts-after-automatic-updating-in-windows-update.aspx