Share via

Windows 11 25H2 forces automatic reboot during active hours when user is away – GPOs correctly set but ignored

PHL 0 Reputation points
2026-06-10T14:59:52.84+00:00

Environment:

OS: Windows 11 25H2 (all clients)

Update management: On-premises WSUS

GPOs: Configured via on-premises Active Directory

Number of clients: ~400

Problem Description: We migrated from Windows 10 to Windows 11 25H2. Under Windows 10, our update behavior worked flawlessly for years. Since the migration, we are experiencing a critical issue with automatic reboots after monthly quality updates.

Observed behavior:

  • Updates are downloaded and installed during the day (scheduled installation)
  • A notification appears informing the user about a pending reboot with a ~15-minute timer
  • The user can dismiss/ postpone the reboot (works fine)
  • The problem: If the user is away from their desk (e.g., lunch break, short meeting) when the notification appears, the system reboots automatically after the timer expires
  • This results in loss of unsaved work (open documents, unsaved changes in LOB applications)

What we already configured (GPOs):

  • Configure Automatic Updates: 4 – Auto download and schedule the install
  • No auto-restart with logged on users for scheduled automatic updates installations: Enabled
  • Specify active hours: Enabled (05:00 – 22:00)
  • Turn off auto-restart for updates during active hours: Enabled

All GPOs are correctly applied. Other GPOs not directly related to reboot behavior are also configured but omitted here for clarity.

How can we prevent Windows 11 25H2 from automatically rebooting when a user is not physically present at the workstation but still logged in with open applications?

Thank you.

Windows for business | Windows Client for IT Pros | Devices and deployment | Install Windows updates, features, or roles
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Harry Phan 21,830 Reputation points Independent Advisor
    2026-06-10T15:48:02.2866667+00:00

    Hi PHL,

    Right now Windows 11 handles updates a bit differently than Windows 10. Even though you set the policy to stop auto‑restarts when someone is logged in, the system still forces a reboot if the user doesn’t respond to the 15‑minute warning. The way to stop this is by changing the timeout for that warning so it waits much longer before restarting. In Group Policy, under Windows Update → Legacy Policies, you can set “Reboot warning timeout” and “Reboot warning timeout for scheduled installations” to a higher value, like 1440 minutes (a full day). That way, if someone steps away from their desk, the machine won’t restart on its own after just 15 minutes. This adjustment is currently the only reliable way to prevent surprise reboots in Windows 11 until Microsoft issues a fix.

    Harry.

    Was this answer helpful?

    0 comments

  2. AI answer

    2026-06-10T15:00:13.2833333+00:00

    Windows 11 25H2 is treating several of the classic Windows Update restart GPOs as legacy and effectively ignoring them in favor of the newer deadline-based behavior. To stop unexpected reboots during active hours when users are away but logged on, the configuration needs to be shifted from legacy restart policies to the newer deadline/compliance model and the recommended active-hours behavior.

    Key points from the current configuration:

    • Configure Automatic Updates = 4 (scheduled install) is still valid.
    • No auto-restart with logged on users for scheduled automatic updates installations and Always automatically restart at the scheduled time and similar are legacy restart policies and are called out as not recommended for newer Windows versions.
    • Turn off auto-restart for updates during active hours is valid, but on its own it does not override deadline/compliance behavior once deadlines/grace periods are reached.

    On Windows 10/11, Microsoft recommends avoiding the legacy restart-delay policies and instead using the deadline policies, combined with active hours, to prevent restarts while users are working and still guarantee compliance.

    Recommended configuration to prevent reboots while the user is away but logged on:

    1. Stop using legacy restart-delay policies
      • Do not rely on:
        • Specify deadline before auto-restart for update installation
        • Delay Restart for scheduled installations
        • Other legacy restart GPOs listed as “policies not to set”.
      • These are explicitly documented as legacy and not applicable for Windows 11; they can have no effect or conflicting behavior.
    2. Use the new deadline policy instead of legacy restart control
      • Configure the policy:
        • Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify deadlines for automatic updates and restarts
      • Set (for example, per Microsoft recommendation):
        • Quality update deadline (days): 7
        • Feature update deadline (days): 2
        • Grace period for quality updates (days): 2
        • Grace period for feature updates (days): 7
      • In the same policy, select:
        • Don’t auto-restart until end of grace period
      • This combination ensures:
        • Windows will look for a minimally disruptive time to restart.
        • Automatic restarts outside active hours are prevented until the deadline + grace period is reached.
        • Users get notifications and can choose when to restart, but the system will not force a restart during active hours until the deadline/grace period has passed.
    3. Keep active hours configured, but let Windows manage restarts within that framework
      • Either:
        • Allow users to set their own active hours (recommended), or
        • Configure Turn off auto-restart for updates during active hours with an appropriate window (for example, 05:00–22:00 as currently used).
      • With the deadline policy and “Don’t auto-restart until end of grace period” enabled, Windows will:
        • Avoid automatic restarts during active hours until the deadline/grace period is exceeded.
        • After deadline+grace, restart can occur even during active hours to guarantee compliance.
    4. Let Windows choose the least disruptive restart time
      • Ensure the MDM/registry equivalent of ConfigureDeadlineNoAutoReboot is not used to block Windows’ ability to pick a low-impact restart time.
      • Documentation explicitly recommends leaving ConfigureDeadlineNoAutoReboot disabled so Windows can use user activity signals to find a minimally disruptive restart time.
    5. Keep Configure Automatic Updates = 4 if scheduled install is required
      • With AUOptions = 4 and the deadline policy in place, installation still happens on the scheduled basis, but restart behavior is governed by the deadline + grace period + active hours logic instead of the legacy restart timers.

    Effect on the described scenario:

    • During the day, updates install as before.
    • A restart notification appears with options to restart or postpone.
    • If the user is away when the notification appears, Windows will not immediately force a restart during active hours as long as the deadline and grace period have not expired and “Don’t auto-restart until end of grace period” is set.
    • Restarts will be pushed to non-active hours or to a later time within the grace period, significantly reducing the risk of data loss from short absences.

    If strict prevention of any forced restart during active hours is required even after deadlines, the only supported way is to adjust deadlines and grace periods so that forced restarts are likely to occur outside working hours (for example, shorter deadlines but with maintenance windows outside active hours), while accepting that once deadline+grace is passed, Windows may restart regardless of active hours.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.