We have a Windows Server 2003 terminal server, and our IT department does not want to disable Automatic Updates. The problem is, when an update gets applied that requires a reboot, users get a popup about it and can hit Restart Now to reboot the server.
Is there a way to keep Automatic Updates on, but not give regular users the Restart popup after an update?
Disable the group policy allowing the notification to non-admins:
Computer Configuration > Administrative Templates > Windows Components > Windows Update > Allow non-administrators to receive update notifications
But, this behavior is the default - so either someone's specifically enabled this policy in the past, or the users are admins?
That's pretty irritating for a number of reasons. You should never just automatically apply every update that comes to you, but if you ARE going to do it, you should set up a scheduled time to apply them and reboot...Leaving that to the user is absurd in a production environment.
To set up a time, go to Control Panel->System->Automatic Updates(tab) and do "Automatic" and put in a time (defaults to 3:00am).
To do it properly, set up WSUS, so you can deploy all updates more efficiently across the domain.