Readers respond on controlling rebootsPatching Windows is good, and rebooting right after you’ve patched is good, too. But if you’re right in the middle of something, seeing Windows reboot when you didn’t expect it can be very bad.
My top story on Mar. 2 revealed several little-known settings you can use to control how often Windows reminds you to reboot after installing patches — or whether you want any reminders at all. The problem is that, by default, Windows reminds you every 10 minutes. And, if you happen to be typing in some application and you press the N key when the reminder window pops up, you’ve launched Windows’ Restart Now option. There’s no way out of it.
I want to re-emphasize the importance of rebooting before and after installing patches. I’ve heard warnings about the way patches can leave Windows in an “unstable state” until it’s rebooted. (No one’s given me any verifiable examples of this, though.)
Having said that it’s important to reboot, it’s also true that unexpected reboots are simply unacceptable. Microsoft should never have programmed the reboot-reminder dialog box (see illustration) to grab the keyboard focus and launch instantly from an accidental key press. Clicking the Restart Now button with a mouse, or pressing Alt+N, should be the only ways the reboot process gets kicked off.
If it’s so important for a PC to be rebooted before and after patches are applied, Microsoft should make this a requirement for every such patch. Windows users should be informed that their applications must be closed before patching begins, so no work is lost.
By the same token, if a user is so deeply involved in a project that Restart Later is his or her choice, the operating system must absolutely respect that choice. Patching to defend against a Windows security hole is a great idea, but it’s not worth losing all the windows you may have had open on your busy Desktop.
This is why I revealed in the last issue several settings you can change to specify how often the reboot reminder pops up after patches are installed. As always, my readers have even more ideas about how you can take control of the reboot process. Let’s get started, shall we?
Remote Desktop causes unexpected restarts
Tony Hunt found that Windows itself isn’t the only culprit in rebooting your PC without adequate warning:
- “I recently discovered another way in which Automatic Update causes a machine to reboot. When I disconnected a Remote Desktop session on Windows Server 2003, my session was logged off the machine and Windows Update decided that it was time to reboot as there was now nobody logged in to it. That was a production server running our organization’s main SQL database!
“Needless to say, we will be very careful about even installing updates on our servers in the future.”
Symantec Ghost triggers reboots, too
Many products that automatically update themselves request (or require) a reboot to complete their installation processes. Regardless of the trigger, the end user usually does play a role in the process.
Brian Harder, who works in a health-care organization, reports that unexpected reboots affected his users’ Great Plains Dynamics billing applications built on Microsoft’s SQL Server:
- “What triggered the user’s PC to reboot in the first place? A software push from Symantec’s Ghost product for a completely unrelated third-party product. Ghost triggers reboots automatically, but only if Ghost determines that it is needed. In addition, there is typically a warning window and countdown when the software delivery is taking place. It, too, is modal and clearly warns the user to close other applications.
“The trick is, the warning window sometimes ‘freaks out’ the end users and they panic. Rather than following the Ghost message, they stop using their computer altogether until the PC reboots automatically and the messages stop.
“In addition, the Ghost warning messages are set for ‘Always on Top’ and do not contain the Minimize button most users expect. The correct action is to simply click away from the warning window and do what you need to do. However, for a naïve or inexperienced user, this is just a bit too easy to get wrong.
“This isn’t just a technology problem. Human factors wind up playing a major role. We warn our users about upcoming Ghost software pushes. However, you can’t know that they saw the messages or understood them. The Ghost warning messages can be experienced, from a user’s perspective, as a jarring and unexpected intrusion. It’s a factor out of their control and they know it.
“We ask users to contact us if they don’t understand, but they almost never do. I think many users are afraid of asking questions for fear of looking ‘dumb’. So we do the best we can, but in the end there’s a task to be done and a timeframe for it to be done in.”
How to schedule reboots on stand-alone PCs
In my Mar. 2 article, I described how to completely disable reboot reminders or, preferably, re-schedule them to occur every 12 hours, so (if you forget to reboot) you’ll see a reminder the next morning, when you’re not actively typing. I explained the procedure for users of Windows Server Update Services (WSUS), a free Microsoft program for distributing patches. But reader Charles Little offers a way XP Pro users can re-schedule the reminders without WSUS:
- “In gpedit.msc, navigate to Computer Configuration, Administrative Template, Windows Components, Windows Update. In that screen, select Re-prompt for restart with scheduled installations. Open this, click Enabled, and then set the time interval in the same dialog.”
Use Task Scheduler for planned reboots
Andy Helsby recommends a way to make patch-install reboots fairly painless — even when you can’t physically be present at a server that needs rebooting:
- “I have a couple of sites where I don’t have remote access to the server out of hours but also need to install patches and reboot out of hours.
“I install the patches as late as I can in the day, normally after most people have gone home. At this point, the reminders start appearing, but I can’t reboot the server as I still have people on it.
“I know I can reboot either tonight or the following night, so I schedule a reboot using Task Scheduler or at the command line (the latter is my personal preference). I then stop the Automatic Updates service on the server.
“The notifications stop and the ‘shield warning’ icon disappears. When the server reboots, the service is automatically restarted.
“As Microsoft only releases patches on a monthly basis, I can be reasonably certain that I am not going to miss a new automatic update between now and the scheduled reboot of the server.
“Note that I only do this for servers that I can’t immediately reboot and that I am fairly sure won’t have major problems if I install a patch and don’t immediately reboot.”
To send us more information about controlling the Windows patch-reboot process, or to send us a tip on any other subject, visit WindowsSecrets.com/contact.
Brian Livingston is editor of the Windows Secrets Newsletter and the coauthor of Windows 2000 Secrets, Windows Me Secrets, and eight other books.
I’ve spent most of the past three weeks slogging through the “February Community Technology Preview” of the next version of Windows — Vista Build 5308, to the tech-savvy.
If you’re responsible for more computers than you can personally lay hands on in a short period of time, then you probably have a patching process that includes some kind of cost/benefit analysis. This doesn’t necessarily require a spreadsheet with salaries and downtime costs. It can be as simple as answering the question, “How much trouble am I in if I crash the server in the middle of the day?”
We all know that using a computer is a dangerous business these days. Design flaws and vulnerabilities can come from anywhere, from any server, all the way down to the client accessing it — and everywhere in-between.
The bulletins came to my inbox. Two patches. One for Office, one for DACLs. (What’s a DACL?) But that isn’t all. Microsoft Update has a few more patches it wants me to install.
