Unexpected Automatic Windows Server Updates Despite GPO and WSUS Configurations
Hello everyone, I am experiencing a disruptive issue across a number of our Windows servers (ranging from Server 2012 to Server 2022). Despite a carefully managed WSUS implementation and GPO enforcement for Windows Updates, we have been facing an issue where several updates are getting automatically installed on these servers. The problem is, these updates are not ones we have explicitly approved, nor are they manually triggered for download/installation. The automatic reboots following these installations are causing significant service disruptions. Furthermore, the behavior seems to be somewhat random, which makes it even more challenging to root cause. Here is a summary of the GPO and WSUS configurations, and what I have verified so far: The GPO for Windows Updates is configured to '4 - Auto download and schedule the install'. The RSOP confirmed that there are no conflicting GPOs. WSUS is functioning correctly and the automatic approval of updates has been disabled. Dual Scan is not a factor as it's not relevant to the Windows Server versions we're using. It has been confirmed that the updates in question are indeed WSUS updates, but they haven’t been approved by us. The issue does not pertain to pre-downloaded update files or Service Stack Updates (SSUs). Given the above points, I am having a hard time figuring out why these updates are being installed and causing unplanned reboots. I would really appreciate it if anyone who has encountered a similar issue or anyone with insights could shed some light on this. Thank you in advance for your assistance! Best
