Hi all

Configuring automatic updates and forced reboot behavior after updates via Group Policy for Windows 8 was so far a problem, at least for me. When editing the relevant "pre-Windows 8" setting (Computer\Administrative Templates\Windows Components\Windows Update, Configure Automatic Updates), the description clearly stated this setting not to be useable for Windows 8:

On Windows 8 and Windows RT: The option for specifying schedule in the Group Policy Setting has no effect. The scheduling option can be specified in Computer Configuration->Administrative Templates->Windows Components->Maintenance Scheduler->Maintenance Activation Boundary

Unfortunately, documentation on the meaning of the Maintenance Activation Boundary value is very scarse, and I found no way to force a reboot at a given time (independently if the user is logged on or not). This may make sense for Windows RT devices, but not for enterprise workstations. Again, the pre-Windows 8 setting (Computer\Windows Components\Windows Update\No auto-restart with logged on users for scheduled automatic updates installations) did not have any effect, somewhat expected since general update configuration has changed.

While reading thru some documentation on recent cumulative updates, I found a pointer to KB2835627 which enables forced "automatic restarts after important updates in Windows 8 and Windows Server 2012". I have been unable to test this yet, but it looks close enought to what I was looking for.

Community - is my understanding correct that before KB2835627 there was no way to achive forced reboots at a given time on Windows 8/Server 2012 without resorting to custom tools?

Thanks for reading
/Maurice

Hi,

Yep, I think your understanding is correct.

Important addition: the situation is more complex for Windows Server 2012 than I knew last week.

• Microsoft explains the new update/reboot behavior for Windows 6.2 (Windows 8 / Windows Server 2012) here
• This TechNet article explains how reboot should work, with focus on clients
• The main problem is the default behavior of the "Maintenance Scheduler" which runs at 3 AM every day - if no user is logged in (happens quite often on a server!), the server WILL restart when the Maintenance Scheduler runs, and an update has been detected. This WILL lead to servers rebooting outside the reboot cycle defined in Group Policy. According to this forum post there is a DCR(Design Change Request) pending with Microsoft.

In short - broken for now, and KB2835627 only solves the problem for computers where somebody is logged on, preventing automatic reboot.

/Maurice

Here is my workaround - disabling the maintenance services. The "Regular Maintenance" is the one starting at 3AM, but also the "Maintenance Configurator" (both in the \Microsoft\Windows\TaskScheduler\ subfolder) needs to be disabled since the configurator will re-enable the Regular Maintenance.

Gotachas:

• Disabling these tasks does not seem to be possible via Group Policy Preferences since the tasks are in the a subfolder.
• The tasks cannot be deleted/modified via GUI (taskschd.msc), I only got "Access denied".

BUT via command line and psexec it seems to work:

• Disable Maintenance Configurator:
  psexec \\server1,server2 -s schtasks /change /tn "\Microsoft\Windows\TaskScheduler\Maintenance Configurator" /DISABLE
• Disable Regular Maintenance:
  psexec \\server1,server2 -s schtasks /change /tn "\Microsoft\Windows\TaskScheduler\Regular Maintenance" /DISABLE

Hope this helps anyone trying to fix too early reboots...
/Maurice