Unwanted automatic restarts 15 minutes after installation of Windows updates under Windows 10

Question

We have the following problem on our Windows 10 clients:

What we want:

Clients should get their Windows updates primarily from SCCM/MECM, users should get an information by SCCM/MECM that a restart is necessary/recommended to successfully finish the installation, but no automatic restart should happen.

If SCCM/MECM is not available for the user (maybe because the mobile client is outside our network), it would be no problem for us if the clients gets the updates from the official Windows update routine.

The clients should not restart automatically after the update installation.

What we get:

Every Microsoft patch day (2nd Tuesday/month) the clients restart automatically after the installation of the monthly Windows updates with no possibility to stop/avoid this for the users, no matter if they are logged on or not. Logged on users get a message in a blue box directly after the update installation took place in the background:
“Automatic restart scheduled. Your device will restart at hh:mm to finish installing updates. Select Close to save your work, or Restart now to restart right away”.
Offered are only the buttons “close” and “restart now”, the restart itself will take place 15 minutes after the message appears. We already did the following after checking the available information in forums/knowledge bases:

Checked our SCCM/MECM settings: Not the reason for the restart, SCCM/MECM is configured just to show a message that updates have been installed and a restart is recommended. The user can click away this message, no auto-restart is configured/initiated via SCCM/MECM. The SCCM/MECM message has a different layout than the blue box with the 15min auto restart message, which comes from Windows itself, not from SCCM/MECM, therefor, this support question is placed in the Windows section instead of the System Center section, in our opinion it is a Windows problem.

Deactivation of Dual Scans via GPO to avoid getting updates from Windows Update instead SCCM/MECM: “Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Windows Update -> Do not allow update deferral policies to cause scans against Windows Update" set to “enabled”.

Deactivation for Registry policy processing: “Computer Configuration -> Administrative Templates -> System -> Group Policy -> Configure registry policy processing" set to “disabled”.

GPO “No auto-restart with logged on users for scheduled automatic updates installation” set to “enabled”. No success, even with logged on users we get automatic unwanted restarts.

Testing the different settings for “Configure automatic updates” in GPOs -> Nothing helped, not even configuring the updates just to notify before download – updates will be installed and an auto-restart will happen

Any idea why this happens even if all settings are so configured, that the client should definitely not do an automatic restart?

Kind regads,
Matthias

Answer 1

Ensure that you do use a policy to disable automatic updates, i.e., Configure automatic update should be set to "disabled".

Answer 2

Completely disabling the automatic updates via GPO solved the problem.

Answer 3

I don't have CM anymore infront of me, but in the past I've been dealing with such problems. There are few things;

1. Try set availability to 2 days but deadline for 7 days
2. CM client policy has its Restart Behavior in client settings, see how you have configured that. It also affects updates.
3. Don't use GPOs if you are relying on CM update deployment. Only configure update behavior with CM.
4. Update Deployment objects also has rules for deadline and restart enforcement, look into that.
5. During this summer there was a bug affecting multiple organizations that updates were restarting computers without control.