How to Disable Automatic Reboot After Windows Updates on Windows Server 2003 R2 and Implement Email Notifications


2 views

For hosting environments running Windows Server 2003 R2, automatic reboots after updates can be particularly disruptive. Many legacy applications require console session persistence, and unexpected reboots can lead to service interruptions that impact customers.

The most reliable method is through registry edits. Create a backup before proceeding:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"AUOptions"=dword:00000003

Save this as disable_auto_reboot.reg and merge it into the registry. The AUOptions value of 3 configures the system to notify for download and installation.

For monitoring pending reboots, we can create a PowerShell script (even on Server 2003 with proper configuration):

# Check for pending reboot status
$rebootPending = Test-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired"

if ($rebootPending) {
    $smtpServer = "mail.yourdomain.com"
    $smtpFrom = "server@yourdomain.com"
    $smtpTo = "admin@yourdomain.com"
    $messageSubject = "Server requires reboot - " + $env:COMPUTERNAME
    $messageBody = "Server " + $env:COMPUTERNAME + " has updates installed and requires a reboot."
    
    $smtp = New-Object Net.Mail.SmtpClient($smtpServer)
    $smtp.Send($smtpFrom, $smtpTo, $messageSubject, $messageBody)
}

Create a scheduled task to run this script daily using schtasks:

schtasks /create /tn "CheckForPendingReboot" /tr "powershell.exe -File C:\scripts\check_reboot.ps1" /sc daily /st 23:00 /ru SYSTEM

If you're managing multiple servers, consider these Group Policy settings:

  • Computer Configuration → Administrative Templates → Windows Components → Windows Update
  • Configure Automatic Updates: Set to "Notify for download and notify for install"
  • No auto-restart for logged on users: Enabled

For applications that must run in console sessions, create a startup script:

@echo off
REM Add application startup commands here
start "" "C:\path\to\your\application.exe"

Save as start_apps.cmd and place it in the Startup folder (%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup).

For comprehensive monitoring, consider implementing a simple HTTP endpoint that returns the reboot status:

using System;
using System.Web.Services;

public class RebootStatus : WebService
{
    [WebMethod]
    public string CheckRebootStatus()
    {
        return Microsoft.Win32.Registry.LocalMachine
            .OpenSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired") != null 
            ? "RebootRequired" 
            : "NoRebootNeeded";
    }
}

Running critical servers like web, mail, or database servers on Windows Server 2003 R2 comes with challenges when Microsoft pushes automatic updates. The default behavior forces an automatic reboot, which can disrupt services that rely on console session applications. This is particularly problematic for hosting environments where uptime is crucial.

The most reliable way to prevent automatic reboots is by modifying the Windows Registry. Create a .reg file with the following content:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"AUOptions"=dword:00000003

This does two things:

  • Prevents automatic reboots when users are logged on
  • Configures updates to download but require manual installation

To get notified when updates require a reboot, we can create a PowerShell script (yes, it works on Server 2003 R2 with some tweaks):

# PowerShell script to check for pending reboots and send email
$pendingReboot = Test-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired"

if ($pendingReboot) {
    $smtpServer = "your.smtp.server"
    $from = "server@yourdomain.com"
    $to = "admin@yourdomain.com"
    $subject = "Server Needs Reboot After Updates"
    $body = "The server $env:COMPUTERNAME has pending updates that require a reboot."
    
    Send-MailMessage -SmtpServer $smtpServer -From $from -To $to -Subject $subject -Body $body
}

Create a scheduled task to run this script daily using the Windows Task Scheduler:

schtasks /create /tn "Check for Pending Reboot" /tr "powershell.exe -File C:\scripts\check_reboot.ps1" /sc daily /st 23:00 /ru SYSTEM

If you're managing multiple servers, consider creating a Group Policy Object (GPO) with these settings:

  1. Computer Configuration > Administrative Templates > Windows Components > Windows Update
  2. Enable "Configure Automatic Updates" and set to option 3 (Download and notify)
  3. Enable "No auto-restart for logged on users"

While preventing automatic reboots solves immediate problems, remember:

  • Security updates still need to be applied regularly
  • Consider migrating critical services to more modern Windows Server versions
  • Document your change management process for updates