1 Reply Latest reply on Aug 8, 2012 8:02 AM by Bill Robinson

    Scheduling Windows Reboot after Patch Analysis/Remediation.

    Iain Taylor

      Good morning all, has anyone any experience of how to manage system reboots within a mantainance window. I am currently working with a customer that is using WSUS to patch his environment and using a gpo to determine when the patch is to be deployed and when the server can then be rebooted within a scheduled maintenance window. The Maintance window is currently series of entries in the registry.




      • Value name: NoAutoUpdate

      Value data: 0 or 1 • 0: Automatic Updates is enabled (default).

      • 1: Automatic Updates is disabled.

      Registry Value Type: Reg_DWORD

      • Value name: AUOptions

      Value data: 1 to 4 • 1: Keep my computer up to date has been disabled in Automatic Updates.

      • 2: Notify of download and installation.

      • 3: Automatically download and notify of installation. 

      • 4: Automatically download and scheduled installation.


      Registry Value Type: Reg_DWORD

      • Value name: ScheduledInstallDay

      Value data: 0 to 7 • 0: Every day.

      • 1 through 7: The days of the week from Sunday (1) to Saturday (7).

      Registry Value Type: Reg_DWORD

      • Value name: ScheduledInstallTime

      Value data: n, where n equals the time of day in a 24-hour format (0-23).

      Registry Value Type: Reg_DWORD

      • Value name: UseWUServer

      Value data: Set this value to 1 to configure Automatic Updates to use a server that is running Software Update Services instead of Windows Update.

      Registry Value Type: Reg_DWORD

      • Value name: RescheduleWaitTime

      Value data: m, where m equals the time to wait between the time Automatic Updates starts and the time it begins installations where the scheduled times have passed. The time is set in minutes from 1 to 60, representing 1 minute to 60 minutes)

      Registry Value Type: Reg_DWORD


      Because of this all the Patch manager has to do is Authorise the patch and it will be installed and the system is rebooted automatically within the scheduled window.




      1.For servers that are currently on the Customers enviroment is there any way of using these entries to patch during the required time, using these settings?


      2. What is the best way to schedule a group of servers to be patched between say Monday to Friday the week after "Patch Tuesday" but only between 22:00 - 04:00 and if a number severs within the group were not patched because the maintance window closed, then to try again the following evening.


      Is this indeed possible or am I going to have to break it down into a number of smart groups. I am guessing that this is going to take quite a bit of design.


      3. All new servers provisioned via BSA will not have the WSUS client installed/configured and will therefore not have the registry entires configured. has anyone come provided a solution for other customers configuring maintance windows? Is it possible as a Custom Property?


      4. What would be least effort way for the user  to break the patch cycle down?

      A seperate Patch Analysis, 

      A Patch Remediate/Deploy with ignore reboot option selected.

      Then a seperate scheduled nsh script job to reboot the server during the maintenance window?