Deactivate update notifications on Windows Server

Microsoft urges users to install Windows updates so that vulnerabilities can be removed quickly. This is probably a good idea for workstations, but forcing updates on the server can lead to undesirable results. Update notifications play an unfavorable role here as they can unintentionally trigger a reboot.

Depending on the configuration, even standard users can install updates and thus prompt the server to restart. This is especially true for RD Session Hosts, where an unplanned reboot may affect several users with data loss.

Update notification on Windows Server 2019

Update notification on Windows Server 2019

The notifications are intrusive and cannot be closed by clicking on the X in the upper right corner. Therefore, the remaining options are to hit the ESC key or to click on the corresponding button to view the updates. This will open the Windows Update section in the Settings app. If the current user is authorized to initiate the installation of the updates, then this process will take its usual course and will usually result in a restart.

Clicking the notification leads to the Settings app, where users can start the update installation

Clicking the notification leads to the Settings app, where users can start the update installation

To prevent this, there is a Group Policy setting under Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update > Allow non-administrators to receive update notifications. However, it only applies up to Windows 8.1 and Server 2012 R2. The following sections explain what to do with higher versions.

The GPO setting to hide the update notification doesn't affect newer versions of Windows Server

The GPO setting to hide the update notification doesn't affect newer versions of Windows Server

Turning off notifications with the task scheduler ^

Notifications of available updates are triggered by scheduled tasks. If you disable or delete these tasks, you will also get rid of the notifications.

Scheduled tasks that are responsible for displaying the update notification

Scheduled tasks that are responsible for displaying the update notification

You can find them in the task scheduler under Microsoft > Windows > UpdateOrchestrator. These are:

  • MusUx_UpdateInterval
  • USO_UxBroker_Display
  • USO_UxBroker_ReadyToReboot

Disable notifications using a batch script ^

Instead of scheduling the tasks interactively, you can deactivate them with a batch file. To do this, execute the following commands in an administrative command prompt:

The problem with this solution is that even within the same version of Windows Server, Microsoft uses different names for the tasks. If not all the scheduled tasks are on a system, the above script will display an error message. On the other hand, it ignores tasks with a different name.

Disabling notifications via PowerShell ^

Another approach is to identify the tasks in question regardless of their name. Their common feature seems to be that they execute MusNotification.exe with different parameters. This can be used in PowerShell to delete the tasks.

Removing scheduled tasks for update notification using PowerShell

Removing scheduled tasks for update notification using PowerShell

If you want to safeguard yourself against this relatively radical measure, you can save the tasks as an administrator in a file beforehand with Export-ScheduledTask:

If necessary, the tasks could then be restored using Register-ScheduledTask and the parameter XML.

Another alternative would be to delete the scheduled tasks via Group Policy Preferences. However, this requires that you know the exact names of the tasks.

Conclusion ^

Basically, you should make use of the possibilities offered by Group Policies to implement your own concept of update distribution and the timing of the restart. This can be a classic regular maintenance window, which the administrator supervises.

The server can also update itself and restart outside office hours. However, this is not recommended for critical systems. Microsoft offers further information in this article.

3+
avataravatar

Poll: Does your organization plan to introduce Artifical Intelligence?

Read 4sysops without ads and for free by becoming a member!

1 Comment
  1. Ellavina Chan 2 months ago

    Thanks for the help! I was getting annoyed with Windows 10 and decided to swap my host machine to Windows Server and have been liking it much better. This helped me get rid of the annoying pop ups.

    0

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2020

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account