How to Disable Windows Update Notification Popup on Windows Server 2012 R2 Without Stopping WU Service


2 views

Windows Server 2012 R2 displays update notifications through a blue banner at the top of the screen when logged in interactively. While this might be acceptable for client operating systems like Windows 8, it poses an operational risk in server environments where accidental clicking could trigger unwanted updates during production hours.

The notification system in Windows Server 2012 R2 is managed through Group Policy and Registry settings. Unlike client Windows versions, server administrators typically want complete control over when updates are installed, making the popup notifications particularly undesirable.

The most effective method is to modify the registry to suppress these notifications:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"ElevateNonAdmins"=dword:00000000
"AUOptions"=dword:00000001
"IncludeRecommendedUpdates"=dword:00000000
"NoAutoUpdate"=dword:00000000
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000000

For domain environments, you can implement this setting through Group Policy:

  1. Open Group Policy Management Console
  2. Navigate to: Computer Configuration > Administrative Templates > Windows Components > Windows Update
  3. Enable "Configure Automatic Updates" and set it to "2 - Notify for download and notify for install"
  4. Enable "Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box"

After making these changes, verify they're effective by:

# PowerShell verification command
Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" | 
Select-Object AUOptions, ElevateNonAdmins, IncludeRecommendedUpdates

For large-scale deployments, consider using these methods:

  • SCCM Compliance Baselines to enforce the setting
  • DSC Configuration for configuration-as-code approach
  • Ansible/Puppet/Chef modules for cross-platform configuration management

For maximum control, combine this with:

# Disable Windows Update Medic Service (if applicable)
sc.exe config wuauserv start= disabled
reg add "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /v Start /t REG_DWORD /d 4 /f

Many sysadmins managing Windows Server 2012 R2 environments encounter an annoying UI element - the blue Windows Update notification banner that appears when logging into servers. While this feature makes sense for client OS versions like Windows 8, it's problematic for servers where updates should be carefully scheduled and tested.

Completely stopping Windows Update service (wuauserv) isn't the solution here. We need to:

  • Maintain manual control over update installation
  • Keep the Windows Update service running for compliance
  • Only suppress the intrusive UI notifications

The cleanest method is through Group Policy:

# Navigate to:
Computer Configuration > Administrative Templates > Windows Components > Windows Update

# Set these policies:
1. "Configure Automatic Updates" - Enabled (Set to option 2 - Notify for download and notify for install)
2. "Do not display 'Install Updates and Shut Down' option" - Enabled
3. "Do not adjust default option to 'Install Updates and Shut Down'" - Enabled
4. "Turn off all Windows Update features" - Disabled

For standalone servers not in a domain, modify these registry keys:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000002
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDevMgrUpdate"=dword:00000001

After applying either method, check the effective settings with:

# PowerShell command:
Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU"

Expected output should show AUOptions=2 and NoAutoUpdate=0.

For extra protection against accidental updates:

# Create scheduled task to monitor for update attempts
$action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-Command "Write-EventLog -LogName Application -Source 'Windows Update' -EventId 999 -EntryType Information -Message 'Update attempt detected'""
$trigger = New-ScheduledTaskTrigger -AtLogOn
Register-ScheduledTask -TaskName "Update Monitor" -Action $action -Trigger $trigger -User "SYSTEM"