This policy setting specifies that Automatic Updates will wait for computers to be restarted by the users who are logged on to them to complete a scheduled installation. If you enable the No auto-restart for scheduled Automatic Updates installations setting, Automatic Updates does not restart computers automatically during scheduled installations. Instead, Automatic Updates notifies users to restart their computers to complete the installations. You should note: that Automatic Updates will not be able to detect future updates until restarts occur on the affected computers. If you disable or do not configure this setting, Automatic Updates will notify users that their computers will automatically restart in 5 minutes to complete the installations. The possible values for the No auto-restart for scheduled Automatic Updates installations setting are: - Enabled - Disabled - Not Configured Note: This setting applies only when you configure Automatic Updates to perform scheduled update installations. If you configure the Configure Automatic Updates setting to Disabled, this setting has no effect. Countermeasure: Configure the No auto-restart for scheduled Automatic Updates installations setting to Disabled. Potential Impact: If you enable this policy setting, the operating systems on the servers in your environment will restart themselves automatically. For critical servers this could lead to a temporary denial of service (DoS) condition. Fix: (1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows UpdateNo auto-restart with logged on users for scheduled automatic updates installations (2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsWindowsUpdateAU!NoAutoRebootWithLoggedOnUsers

[enabled/disabled]

(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Update\No auto-restart with logged on users for scheduled automatic updates installations (2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoRebootWithLoggedOnUsers