Windows 11 automatically restarting after install security Update — With GPO and WSUS.
Hi everyone, I’m facing a strange behavior with Windows 11 devices that receive updates through WSUS and are fully managed via Group Policy. Here’s the scenario: We have a GPO configured as follows: -Configure Automatic Updates → 4 (Auto download and schedule the install) -Scheduled installation every day at 10:00 -Install during automatic maintenance → disabled -Active Hours configured -Turn off auto-restart for updates during active hours → Enabled -Update deadlines set to 0 (to avoid any forced restart) -No other restart-related policies set in the domain Even with this configuration, after updates are installed, Windows 11 shows the following message: “Your organization manages update settings. We will restart and install this update at X minutes.” And then the device automatically restarts, even when: -a user is logged in -it is outside Active Hours -deadlines are disabled -no-auto-restart is enabled This behavior does not happen on Windows 10 — only on Windows 11.Windows Essentials 2022 Remote Access for nonadmins
Hello everyone, This topic is already asked several times but I did not find any working answer. I am administrating a Windows Essentials 2022 server. One user need to work on the Remote Desktop temporary. I should create a seperate virtual terminal server on the Essentials server but currently I do not have time for that and it costs some money. So I want to take advantage of the grace periode that this user can work by RDP. It is the only existing server in this network and the network has only two staff and me ;-) The wellknow issue is that only administrator users can access this domain controller. I do not want to make the user an domain administrator. I have added the user by GPO to the people which are allowed to connect and I have added the user manually by system settings -> remote. After the second step at leaste RDP is opening but then I am getting a message that the user is still not allowed. Is there any option?WDAC not applying via Group Policy
Hello and greetings from Portugal! I'm trying to implement WDAC via group policy. I've used WDAC Wizard and if I copy the *.cip file to "C:\Windows\System32\CodeIntegrity\CiPolicies\Active" I see that WDAC get enabled, for example using the MSInfo32. But, I cannot enable WDAC via GPO. I've converted the *.xml to *.bin and enable the "Deploy Windows Defender Application Control". I see the event id 7010 "Device Guard successfully processed the Group Policy: Configurable Code Integrity Policy = Enabled" but the thing is MSInfo still doesn't show that WDAC is activated. Can someone please help?
WuFB GPO options missing
I'm running into a problem where the Windows Update for Business options do not appear under Windows Update in the GPME. I just installed the Windows 11 24H2 ADMX files today on our Central Store but still don't see them. But according to this MS article, it should still be an option? https://learn.microsoft.com/en-us/windows/deployment/update/waas-wufb-group-policy
Unusual Behavior using GPO PowerShell Scripts During Restart/Shutdown in Hyper-V – Need Help
I have noticed strange behavior in Hyper-V. Group Policy is configured to execute PowerShell scripts for logon, logout, startup, and shutdown. The typical sequence of script execution is: startup → logon → logout → shutdown. However, an issue arises when a restart is initiated while logged in (i.e., after startup and logon scripts have already been executed). Upon clicking the restart button from the GUI, the following occurs: after the logout and shutdown scripts run as expected, the startup script is executed and the logon script (!) is triggered. This happens despite the fact that the lock screen is displayed after the restart, and no user has logged in yet. This phenomenon consistently occurs when restarting or shutting down from the GUI while logged in. It does not occur when restarting via the command line using shutdown /r /t 0 or shutting down with shutdown /s /t 0. Why does Hyper-V behave in this inexplicable manner, executing the logon script in such cases? Is it possible to configure something within the virtual machine to address this issue? Or are there specific Group Policies for script execution that could control this behavior? Could there be certain Registry entries that influence the shutdown or restart process to prevent this issue in Hyper-V? Alternatively, could the problem be resolved by modifying the startup or logon scripts, for instance, by adding conditions to verify if an actual login has occurred? Any ideas or suggestions to explain or resolve this behavior would be greatly appreciated.Azure VMs Not Applying GPOs Correctly
Hi everyone, Quick question… if my Azure VMs are joined to my domain, they should be applying all my configured GPOs, right? For some reason, my VMs are not applying the GPOs, even after running a GPUPDATE /force. At the moment, I am testing some simple GPOs like: Creating a folder on the desktop Setting the time format to Brazilian (dd/mm/yyyy) Adjusting the timezone to Brasília When I run gpresult /r, it shows that the GPOs are being applied, but for some reason, the VM just doesn’t reflect them. Any idea what might be causing this?
Automatic installation of definition updates
Hi, we use a Windows 2022 environment with a WSUS server. I want to configure WSUS/GPOs in that way that defintion updates, which do not require a reboot will be installed automatically. The normal updates, even if they are permited by wsus, should only be installed when i start the installation at the specific computer/server. Is this/How is this possible? Greetings JensUnexpected Automatic Windows Server Updates Despite GPO and WSUS Configurations
Hello everyone, I am experiencing a disruptive issue across a number of our Windows servers (ranging from Server 2012 to Server 2022). Despite a carefully managed WSUS implementation and GPO enforcement for Windows Updates, we have been facing an issue where several updates are getting automatically installed on these servers. The problem is, these updates are not ones we have explicitly approved, nor are they manually triggered for download/installation. The automatic reboots following these installations are causing significant service disruptions. Furthermore, the behavior seems to be somewhat random, which makes it even more challenging to root cause. Here is a summary of the GPO and WSUS configurations, and what I have verified so far: The GPO for Windows Updates is configured to '4 - Auto download and schedule the install'. The RSOP confirmed that there are no conflicting GPOs. WSUS is functioning correctly and the automatic approval of updates has been disabled. Dual Scan is not a factor as it's not relevant to the Windows Server versions we're using. It has been confirmed that the updates in question are indeed WSUS updates, but they haven’t been approved by us. The issue does not pertain to pre-downloaded update files or Service Stack Updates (SSUs). Given the above points, I am having a hard time figuring out why these updates are being installed and causing unplanned reboots. I would really appreciate it if anyone who has encountered a similar issue or anyone with insights could shed some light on this. Thank you in advance for your assistance! Best
