Windows Server 2008R2 – Troubleshooting Unexpected Server Reboots

A Windows 2008 R2 machine reboots automatically every now and then, typically on Fridays afternoons.
The reboots are "announced" in the event log as follows:

Event ID: 1074
process:  svchost.exe,  
user:     NT-AUTHORITY/System, 
reason:   OS:restore(planned), 
code:     0x80020002

I guess this is precisely the event one can expect if a Windows update from our WSUS server requires a reboot.
However, as far as I can see, such reboots should happen at most at about 3 a.m.
This has happened repeatedly this year, namely

1. 2013-01-10 03:15:12 – Probably due to an update
2. 2013-01-20 03:04:37 – Probably due to an update
3. 2013-02-14 16:35:27 – What's that??
4. 2013-03-06 16:23:07 – What's that??
5. 2013-03-15 13:49:12 – What's that??
6. 2013-04-14 21:18:36 – What's that??
7. 2013-04-26 14:58:54 – What's that??
8. 2013-05-17 15:51:41 – What's that??

If I check updates after today's reboot, it says

Last time checked for updates: Today, 15:47
Updates installed: Yesterday, 20:57

So, while the last check is suspiciuously short before the reboot, the last actual update took place yesterday (Forefront virus definition update, no reboot required).

What can be the cause? What can be done to prevent?

Please feel free to ask for more details.

Update:
The nearest event log entries around the shutdown with source WindowsUpdateClient were:

• immediately after the event#1074 above: Event#27 "Automatic Updates" has been stopped
• at 13:00 (almost 3 hours before shutdown): Event#19: Installation successful (Forefront definition update)
• at 15:55 (quite shortly after reboot): Several events #19: Installation successful (several OS updates, security updates and cumulative security updates)

It is plausible tha the updates in the last point were waiting for a reboot.
In fact, I found an event #22 ("Reboot necessary, computer will reboot in 15 minutes) on 2013-05-16 03:14:28 mentioning precisely the updates mentioned in the post-reboot events.
However, why didn't it reboot at 3:30 a.m. yesterday as the event mmessage suggests instead of 4 p.m today?

By popular demand, the relevant policy settings under Computer configuration\Administratove templates\Windows components\Windows update according to the GPO modeling wizard:

• Configure automatic updates: Enabled with "4 – Download and install by schedule", "daily", "at 03:00 a.m."
• Automatic updates immeditae installation: Enabled
• Enable client-dide targeting: Enabled with "MyGroup"
• Specify intranet Microsoft update location: Enabled with updates and stats = "http://my-wsus-server"
• No auto-restart for scheduled updates with logged on users: Enabled
• Allow signed updates from an intranet Microsoft update service: Enabled
• Automatic Updates detection frequency: 22 hours

I don't have a bad feeling with these settings.
The only suspect is No auto-restart for scheduled updates with logged on users. However, for the observed behaviour, a user must have been logged on at yestreday 3 a.m. until today 4 p.m. (or possibly several overlapping sessions).
Sifting through the ocean of Security Event Log, I did indeed find: Three events #4634 (logoff), two for Administrator RDP sessions (type 10), one for Administrator console session (type 2), all in the very same second as the event #1074 above! But what is cause and what is effect? Or how come three sessions got killed simultanuously?