I'm in an enterprise AD (univ) environment where I control our main OU and sub-OUs, where I apply GPOs. I have a standard WSUS GPOs to push auto installs and restarts at night, and then a "no auto restart WSUS GPO I want to apply to one PC in a particular sub OU.
I have a standard WSUS GPO that I apply to all sub GPOs that has "4-Auto download and schedule install" -> for "4-Every Wed" at 22:00, and "Every week" enabled. Also the "allow auto update immediate install" is enabled (description states its for certain updates that neither interrupt windows services nor restart windows), and "No auto-restart with logged on users" disabled. I apply this to all sub OUs (different groups of PCs).
For the one PC, in a particular sub OU, that I don't want to "auto install\restart" with updates, I created another GPO with "allow auto updates immediate install" disabled and "3-Auto download and notify for install" with "No auto-restart with logged on users" enabled and the Scope set via Security Filtering to the particular PCs Name and the Username who will be logged in overnight (is using both PC name and user incorrect?).
I have this latter "no auto restart" GPO as #3 link order and the former "standard WSUS GPO" as #4 link order for the other PCs in this sub OU.
As I understand it, GPOs with a smaller precedence number are processed last and take precedence over GPOs with higher numbers, so the no auto restart GPO should take precedence, correct?
The problem is that the PC in question still keeps auto installing and restarting updates, and it is on Wed mornings at approx 6:30. I don't understand why the precedence is of the two GPOs is not applying, and even so why the seemingly applied standard WSUS GPO installs on Wed morning when it is set as "4-Auto download and schedule install" -> for "4-Every Wed" at 22:00.