Windows 11 automatically restarting after install security Update — With GPO and WSUS.
Hi everyone, I’m facing a strange behavior with Windows 11 devices that receive updates through WSUS and are fully managed via Group Policy. Here’s the scenario: We have a GPO configured as follows: -Configure Automatic Updates → 4 (Auto download and schedule the install) -Scheduled installation every day at 10:00 -Install during automatic maintenance → disabled -Active Hours configured -Turn off auto-restart for updates during active hours → Enabled -Update deadlines set to 0 (to avoid any forced restart) -No other restart-related policies set in the domain Even with this configuration, after updates are installed, Windows 11 shows the following message: “Your organization manages update settings. We will restart and install this update at X minutes.” And then the device automatically restarts, even when: -a user is logged in -it is outside Active Hours -deadlines are disabled -no-auto-restart is enabled This behavior does not happen on Windows 10 — only on Windows 11.Unexpected Automatic Windows Server Updates Despite GPO and WSUS Configurations
Hello everyone, I am experiencing a disruptive issue across a number of our Windows servers (ranging from Server 2012 to Server 2022). Despite a carefully managed WSUS implementation and GPO enforcement for Windows Updates, we have been facing an issue where several updates are getting automatically installed on these servers. The problem is, these updates are not ones we have explicitly approved, nor are they manually triggered for download/installation. The automatic reboots following these installations are causing significant service disruptions. Furthermore, the behavior seems to be somewhat random, which makes it even more challenging to root cause. Here is a summary of the GPO and WSUS configurations, and what I have verified so far: The GPO for Windows Updates is configured to '4 - Auto download and schedule the install'. The RSOP confirmed that there are no conflicting GPOs. WSUS is functioning correctly and the automatic approval of updates has been disabled. Dual Scan is not a factor as it's not relevant to the Windows Server versions we're using. It has been confirmed that the updates in question are indeed WSUS updates, but they haven’t been approved by us. The issue does not pertain to pre-downloaded update files or Service Stack Updates (SSUs). Given the above points, I am having a hard time figuring out why these updates are being installed and causing unplanned reboots. I would really appreciate it if anyone who has encountered a similar issue or anyone with insights could shed some light on this. Thank you in advance for your assistance! Best
