Sharing IT knowledge ...and a little more

Disable Windows Update Notification on Terminal Server

by · Published · Updated

Terminal Server users logging on to terminal server continually receive the Windows Update popup ” Restart your computer to finish installing important updates” every 10 minutes. They’re only option is to select “Postpone” to make it go away but it comes back every 10 minutes. This can be an annoying problem for your terminal server users. This issue can be resolved via Group Policy but it is a little tricky. The reason it is tricky is because the policy that controls the Windows Update Popup is a User Policy. Normally you want your users to receive this popup when they receive Windows Updates. However, you do NOT want this policy to carry over when those same users log onto a Terminal Server. It’s a Catch22. Fortunately there is a solution to disable windows update notification on terminal server by enabling the “Loopback Processing Mode” group policy setting. The resolution in this article assumes that you are running Windows Server 208 R2 Terminal Services which is referred to as Remote Desktop Services now.

TSLoopback1

Make the following changes to the group policy that you are applying to your Terminal Servers.

Computer Configuration | Policies | Administrative Templates | System | Group Policy
User Group Policy loopback processing mode Enabled
Mode = Merge

User Configuration | Policies | Administrative Templates | Windows Components | Windows Update
Remove access to use all Windows Update features Enabled
Configure notifications: 0 – Do not show any notifications

Setting the loopback processing mode GPO allows you to replace or merge User group policies settings for any user who logs onto the Terminal Server. Basically, we want the same exact User settings to apply to any user who logs on to the Terminal Server. In this particular example, we WANT the user to receive the “Windows Update” popups on their own desktops but NOT on any terminal server/s. The Merge mode gathers up all the GPOs for the user during the logon process and merges them with the GPO’s for the computer policy of the Terminal Server GPO and is added to the end of the GPO for the user. As a result, the computer’s GPOs have higher precedence than the user’s GPOs. In other words, the Terminal Server GPO must have both the Computer Configuration and the User Configuration policy enabled and any User Settings in the Terminal Server group policy object will override the normal User GPO settings if there is a conflict.

** Warning **
It seems that enabling the User Group Policy loopback processing mode causes an inadvertent side-effect. It ignores Group Policy Block Inheritance! If the user account exists in an OU that is blocking group policy inheritance then BE CAREFUL! The loopback processing setting apparently ignores this and applies ALL GPO policies from the top level on down. It does understand WMI filters and GPO delegation permissions BUT completely ignores OU Block Inheritance.

References
http://technet.microsoft.com/en-us/library/cc757470(v=WS.10).aspx

Tags:

George Almeida

Welcome to my little corner of the blogosphere. I'm an Information Technology Director. I specialize in Windows operating systems, applications, servers, storage, networks and also have a technical background on the IBM iSeries platform. My only purpose for this blog is the hope that it helps someone, someday, somewhere. Any meager proceeds derived from our sponsors will be donated to charity.

You may also like...

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x