For some reason 4 out of the 5 Windows Server x64 SKU's we have running in our office decided to reboot last night.  I checked the one that did not, and it had issues downloading the updates (thats a seperate issue).  Of the 4 that did reboot, I checked Automatic Updates and it appears that *somehow* they are all now set to download and install updates automatically.  Now, as most of us know you should set this to never install updates blindy on production machines.  Its always good to stage/test any new software installed into production, including service packs and Windows updates.  I double checked with my IT guy and he defintely remembers changing that setting during intial install (its part of our standard checklist).   

 This happened at 3am:

 Restart Required: To complete the installation of the following updates, the computer will be restarted within 5 minutes:
- Security Update for Windows Server 2003 x64 Edition (KB944653)
- Update for Windows Server 2003 x64 Edition (KB942763)
- Security Update for Windows Server 2003 x64 Edition (KB941569)
- Update for Outlook Junk Email Filter 2007 (KB943597)
- Windows Malicious Software Removal Tool x64 - December 2007 (KB890830)
- Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB942615)
- Security Update for Windows Server 2003 x64 Edition (KB941568)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Restart required?  And it actually forced it?  Wow....   Anyone else notice this?

This just feels dirty to me...

4 Comments

• ary said Wednesday, December 12, 2007 5:30:24 PM

  we use WSUS and different local policies which block auto install of unchecked updates. Updates can be installed only manually by admin or from WSUS panel.

• Christophe Lauer [MS] said Thursday, December 13, 2007 6:54:36 AM

  Hi Robert, The same happened to the WS 2003 Enterprise Server x64 sitting below my desk. No big deal in my case, but that's just weird, indeed...

• Christopher Estep said Thursday, December 13, 2007 9:25:04 AM

  For me, it's not that it restarted the computer. Yeah, that's annoying, but the fact that it somehow installed an update when you told it not to automatically install updates is very disturbing to me. I see this as a huge security flaw and could potentially reflect very badly on Microsoft for doing this. Think for a moment. There was a means to install an update regardless of how you set it. Microsoft not only knew about this capability, but actually planned for it and then used it, without any consent from a person beforehand. So if there's a method to force automatic updates, who's to say that it won't be exploited by someone with ill will? And all of this is in addition to the gross ethical violation that MS makes when it does something to our computers without permission. They make think that they own the software and we license it so they can do what they want, but what's not in dispute is that I own the hardware and nobody should be able to do anything to my hardware without my knowledge or permission. Period.

• Thomas Goddard said Monday, December 17, 2007 11:31:24 PM

  Hey Rob, that does seem a little funky and I noticed it on my servers too. I've worked on some pretty huge deployments of Windows while working at HP and I can honestly say, it was a serious pain in the ass. Time to switch to Mac OS X ;)