How to Prevent Windows 10 Reboot After Installing Updates When You’re Logged In

Security updates for Windows are very important and it’s best that you configure your system to automatically install updates. On rare occasions there is a chance that an update can mess up your system, however, in my opinion the security risk of a vulnerable system is a bigger concern to me than the potential problems that an update may cause. In the past, I was a believer in installing updates manually on Windows computers because the updates, patches and service packs were not always very stable. But that was then, in the recent years I have changed my philosophy. Overall, the Windows updates are much more stable now. When was the last time you saw a blue screen of death (BSOD) on Windows? Exactly, my point. Blue screens were common in the old days, but they have been pretty much a thing of the past in the recent years.

Dealing with Automatic Updates

People are hesitant to install updates automatically because they are afraid their computer is going to reboot in the middle of the day without their permission and they will lose their data. Although, you can postpone the reboot after updates and schedule for a time of your choosing, depending on the update Windows may still reboot your computer, without your permission, after a certain time because it can’t function properly without a reboot.

This is how I deal with automatic updates. First of all, I make sure that my data is backed up in multiple places so if my system crashes I can rebuilt my computer and restore the data from my backup. I backup the data in two places on my network plus I have a backup in the cloud. The backup to the cloud runs silently in the background without interfering with my daily tasks. At times I have deleted files or overwritten data accidentally, but it took me seconds to restore from one of my local backups and sometimes I had to go to the cloud to grab the files I was looking for.

After having multiple backups, I configure my computer to automatically download and install the updates, but let me choose when to reboot my computer. To avoid Windows restarting my computer while I have several applications open and dozens of tabs open in 3 or 4 different browsers, I use the group policy to prevent Windows 10 from rebooting without my permission after installing updates. This setting only applies when I am logged in. Of course, I only care about Windows rebooting without my permission when I am logged in and have all the applications running.

Group Policy to the Rescue

There are two types of group policies that you can configure. In a domain environment, you can use the Active Directory to configure a setting that can affect multiple computers on the network, either Windows workstations, or Windows servers, or both. If you don’t have a domain environment with Active Directory, then you have a workgroup environment even if you have only one computer. In other words, all Windows computers are either part of a domain or a workgroup. If you are in a workgroup environment, such as a small network of 10 or fewer computers, or you use a desktop or laptop computer at home, you can use the Local Group Policy Editor to achieve the same result. In this article, I will first show you how to configure the group policy on the domain and then I will go over the procedure for configuring or a local group policy.

Configuring Group Policy on the Domain

Login to one of your Domain Controllers and follow this procedure.

1. Start the Group Policy Management Console (GPMC) on the Domain Controller and go to GPMC -> Forest: Contoso.com -> Domains -> Contoso.com -> Group Policy Objects -> Default Domain Policy. You may use any other group policy. If you plan to apply the policy to the Default Domain Policy, I recommend you create another policy and call it something like Contoso Default Domain Policy and then apply this policy to the Contoso.com domain. You can simply click and drag the new policy you create to the Contoso.com to link it. You can also create and apply a policy selectively to specific computers in one department, or multiple departments without applying it to the entire domain.
2. Edit the Contoso Default Domain Policy.
   
3. Go to the following location: Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update.
4. Double-click the “No auto-restart with logged on users for schedule automatic updates installation.”
   
   
5. Select the Enabled radio button and then click OK to apply the setting.
   
   
6. Verify that the state of the setting has changed from Not configured to Enabled and then close the Group Policy Management Editor.
   
   

7. You can either run gpupdate /force on each computer to implement the change right away, which is not practical in most cases; or reboot all the computers, which is also not ideal in most cases; or wait for the next automatic update of computer settings on the computers, which is the logical choice for this type of non-urgent modification. You can always run gpupdate /force at the command prompt with administrative credentials on any computer, which will refresh the Computer Policy and the User Policy on the local computer. There is no harm in running gpupdate, it’s just too much work to run it on all the computers.

Setting Description

When you have selected the Extended tab in the right-hand pane of the Group Policy Management Editor, as shown in the above screenshot, you can read the description of each policy setting. This policy specifies that to complete a scheduled installation, Automatic Updates will not restart the computer automatically. It will wait for the user who is logged on to restart the computer.

“If the status is set to Enabled, Automatic Updates will not restart a computer automatically during a scheduled installation if a user is logged in to the computer. Instead, Automatic Updates will notify the user to restart the computer.”

Keep in mind that the computer must be restarted for the updates to take effect. If the status is set to either Disabled or to the default setting of Not Configured, Automatic Updates will let the user know that the computer will automatically restart in 5 minutes to complete the installation.

Note: This policy applies only when Automatic Updates is configured to perform scheduled installations of updates. If the “Configure Automatic Updates” policy is disabled, this policy has no effect.

Configuring Group Policy on the Local Computer

If you don’t want to implement this change on multiple computers in a domain, you can configure this policy on a local computer using the Local Group Policy Editor (gpedit.msc). You can use the Local Group Policy Editor on any Windows computer at any time. However, depending on how the Domain Administrator has configured group policies in Active Directory, the local policy may be superseded by the domain policy.

1. On a Windows computer, type gpedit.msc in the Search box and press Enter.
2. Go to Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update.
   
   
3. Double-click the setting “No auto-restart with logged on users for schedule automatic updates installation.” and select Enable.
4. Click OK and close the Local Group Policy Editor.
5. Run command prompt with administrative credentials, type gpupdate /force, and press Enter. This will refresh the Computer Policy and the User Policy on the local computer. You may also logout and log back in, or reboot the computer to apply the change, but in general you only need to do that if the applied policy is not working.
   
6. When you are prompted by the system to restart your computer, you can either click Snooze to be reminded again later, pick a time when you want to restart the computer, or restart the computer if that’s okay with you.
   

NOTE: When you use the GPMC to configure the policy on the domain, it doesn’t modify the Local Group Policy Editor. It simply implements the group policy through the Active Directory on the domain controller. If you configure the policy on the local computer that conflicts with the domain policy, the domain policy will be implemented. The policies are applied in the order “LSD OU” as follows:

Local -> Site -> Domain -> Organizational Unit

The local group policy settings on the computer are applied first, then the policies configured at the Active Directory Site level take effect, then the policies configured on the domain level, and finally the policies at the Organization Unit level are applied. This gives the Domain Administrator full control on how she wants to implement corporate policies and prevent employees from bypassing the policies applied by the organization at the domain level.

For more information on Group Policies, check out my article Lighten Up the Group Policy Load. I wrote the article a while back, but most of the information is still valid today.

Copyright © 2017 SeattlePro Enterprises, LLC. All rights reserved.