Share via

Does Azure override Windows update reboot settings?

MC JUDD 1 Reputation point
2021-12-02T17:05:49.317+00:00

We have auto updates and restarts disabled for Windows updates on one of our VMs (it's a Filemaker Server, and we are working on a script to shut down Filemaker gracefully before our scheduled restarts), but it has rebooted unexpectedly on it's own, particularly when simply checking for updates (clicking "Check for Updates" in Windows Update automatically starts the download and eventually reboots the server). In "... Settings\Windows Update\Windows Update", I've disabled the option to automatically update so now it should just tell you that they are available. BUT... When I clicked Check for Updates, they started to install and then I got a message that “Your device will restart to update outside of active hours."

Is Azure controlling this and overriding the Windows Update settings? There is also a note that “Some settings are managed by your organization” in Windows Update and Advanced options, which I assume is referring to Azure?

Below are notes regarding how we have revised the auto update settings for Windows:
Logged into the FMP server. in gpedit.msc, changed the setting for Computer Configuration\Administrative Templates\Windows Components\Windows Updates\Configure Automatic Updates and set the value to 4 (notify for download and auto install) so that Windows will not install updates automatically.
Created a new new registry key at HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU called NoAutoRebootWithLoggedOnUsers and set the value to 1. Set AUOptions in the same key to 2 (Notify before downloading)

Any suggestions are welcome.
Thanks,
nikki

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,929 questions
Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,250 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,651 Reputation points
    2021-12-03T09:24:44.49+00:00

    Hello MCJUDD-9848

    The reason for this is that the manual call to Check for Updates overrides the Auto Update Disabled.

    In this case you would like to complete block the manual updates for users:

    In: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate

    Create New > DWORD Value. Name the newly created registry DWORD (REG_DWORD) as SetDisableUXWUAccess. This registry DWORD can be used to allow/prevent users to check for updates in Windows 10. Double click on this registry DWORD to modify its Value data:

    Finally, set the Value data to 1 and click OK to prevent users from checking updates (or 0 to allow them). Close Registry Editor and reboot to make changes effective.

    You can also try to use the Group Policy "Remove access to use all Windows update features." The full path to this Group Policy is:
    Computer Configuration\Administrative Templates\Windows Components\Windows update\Remove access to use all Windows update features

    --If the reply is helpful, please Upvote and Accept as answer--

  2. Maxim Sergeev 6,571 Reputation points Microsoft Employee
    2022-08-18T19:09:11.017+00:00

    @Niek Pruntel and @MC JUDD ,

    Azure Update Management v1 doesn't override any VM update settings in the operating system level. Update Management is just a triggering tool here. It uses Microsoft Monitoring Agent to trigger updates, simply.

    https://learn.microsoft.com/en-us/azure/automation/update-management/configure-wuagent

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.