Force automatic restart even with users logged in after installation of updates on Windows 8.1 Professional

I want a Windows 8.1 Professional installation which is always running and accessed by users via RDP to install updates automatically and also reboot automatically if the updates require it, but this should only happen saturday night (at any other time the system needs to be running and available for users).

I changed the following registry settings:

In HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU:

AUOptions = 4 (Automatically download and scheduled installation)
ScheduledInstallDay = 7 (saturday)
ScheduledInstallTime = 0 (0 o'clock)
NoAutoRebootWithLoggedOnUsers = 0 (also reboot with logged in users)
AlwaysAutoRebootAtScheduledTime = 1 (force restart)

Unfortunately, this does not always work. It worked once when I set the ScheduledInstallDay to thursday because I read in the documentation for AlwaysAutoRebootAtScheduledTime:

When this registry value is set to 1, you are still notified of the upcoming automatic restart on the sign-in screen. However, at the end of the three-day period, the 15-minute counter begins even if the computer is locked. The restart also occurs even if the computer is locked.

Source: How to force automatic restarts after important updates in Windows 8 and Windows Server 2012

So I thought if I want the system to restart on saturday, I have to set the scheduled day three days before that, because the restart is delayed 3 days. But the system restarted on thursday. Therefor I set the scheduled day to saturday again, but now the restart did not happen at all (I always have to wait for the next update which requires a restart to test the new settings).

How do I have to configure the system so that it always reboots on saturday night if an installed update requires it, even when a user is logged in at that time?

Update: As there is still no answer, I'm starting to believe that I'm on a completely wrong path here. I would also be happy for pointers how such a thing should be done, e.g. how do you keep a remotely accessed Windows machine always up to date when there is a fixed time window for updates?

Best Answer

Updated version of Drifter104s answer.

This will do what you want with a Powershell script, as it still seems very hard (impossible?) to get this configured correctly through group policy / registry.

Install the Test-PendingReboot Powershell module:

Install-Module -Name PendingReboot

Then create a scheduled task to run the following powershell commands

$RebootStatus = $null
$RebootStatus = Test-PendingReboot | Select IsRebootPending | Where-Object {$_.IsRebootPending -like "True"}
if ($RebootStatus -ne $null) {shutdown -r -f -t 60}

The changes I made compared to the previous answer are:

The Powershell script provided previously is no longer being developed and has been replaced with the one I linked.
Installing the script as a PowerShell module should automatically make it available for all users, meaning that you don't need to make it load automatically (the link to those instructions is now broken any way)
The results from the new PS Module are slightly different and so the query to find out 'RebootStatus' needed changing.
I also initialised 'RebootStatus' to $null to avoid false positives in case the second line of the script is broken, commented out, wrapped in a conditional etc.

Best Answer

Related Solutions

Windows Update: can’t apply updates even as domain admin on Server 2008 R2

WSUS & GPOS – Force restart and disable choosing updates W12R2

Related Topic