prevent user from using the computer while UWF servicing updates

Question

I'm checking the UWF feature in VM (hyper-V specifically) and I'm testing the update process.

it runs the updates, but instead of blocking user input - it's showing the lock screen, on the UWF-Servicing account. The users can just log into their accounts and do what they want. I assume it'll save their changes, but even if not - it might just restart the computer without warning, or it'll prevent the update from finishing.

That way or another - I want users to not be able to use the computer while updating.

Preferably still having access to the admin accounts for troubleshooting.

I thought about changing the script here, but I don't like the idea of changing it without an expert to say it's okay.

another option I thought of would be scheduling a script that will check if the user UWF-Servicing exists and enable/disable access to any non-admin account accordingly, but it feels convoluted, so I check if there's a better way to do so before confronting with how I do that (if it's even possible)

something that probably makes both solutions harder: It's domain users. I assume preventing access to specific local users will be easy enough, but blocking an unknown number of accounts from accessing will probably be harder (even more so if it turns out I'll need domain credentials for that).

Any ideas?

the instructions I followed:

https://learn.microsoft.com/en-us/windows/iot/iot-enterprise/customize/uwf-apply-windows-updates?source=docs

the script:

https://learn.microsoft.com/en-us/windows/iot/iot-enterprise/customize/uwf-master-servicing-script

Answer 1

well, apparently it's built-in. you can't log-in to non-admin account while updating. my bad 😅