Windows Server - WSUS report of computers waiting to reboot

Asked By Fabio Martins on 19-Mar-09 04:18 PM

I have set up servers to download from WSUS automatically in a pre defined
time and just install the updates when it shuts down.

Is there a way to get a report from WSUS of servers that are just waiting
the reboot to install the updates that they've already downloaded?

Thankyou in advance.

Lawrence Garvin [MVP] replied on 19-Mar-09 10:59 PM
Minor point. You cannot control when the updates download. You can schedule
the *installation* time, which presupposes that the detection/download is
already complete.

If the installation time is reached before somebody actually initiates an
Install Updates and Shutdown event, you may find yourself with an unexpected
server restart.

In the Computer Detailed Status report, if you click on the hyperlinked
Update Status column (e.g. "Not Installed") and a download is complete, the
popup dialog will give you that status information.

Another way to get there is by looking at the update metadata screen, click
on the "Computers needing this update" legend hyperlink (when the value is >
0), and that will trigger an Update Details Status report, where you can
then click on the hyperlink in the Status column.

Unfortunately, though, these capabilities are only available on a per-update
basis by drilling down through the status column. There is no report that
will show this status information across all systems/updates.

To get that information, you have a few additional options:

1. If you're using a full-license copy of SQL Server (Workgroup, Standard,
Enterprise) you can use the SSRS Report Builder to customize a report
against the WSUS database to get that information.

2. You can develop a custom application programmed against the WSUS API to
extract the needed data.

3. You might be interested in a third-party add-on package for WSUS from
Eminentware (

Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)

MS WSUS Website:
My Websites:;
My MVP Profile:
Dave Mills replied on 20-Mar-09 02:26 AM
On Thu, 19 Mar 2009 17:18:03 -0300, "Fabio Martins"

Maybe I am missing something but I simply have the servers in their own group.
Then the default report lists updates needed. I then approve the updates on one
server and usually by the time I get to the 6th or 7th all those approved for
the first server are downloaded. I then RDP to that server and run
wuauclt/detectnow and repeat for the rest. By the time I have done this on the
last server the first has completed its download so I can manually install them.
Repeat for the other servers and the fist will have completed the install and be
waiting for a reboot (if required).

This uses option 3 - download and notify. Installing on shutdown leaved the
server off and if a problem for remote servers. How I wish for an "Install
updates and Reboot" option.

Dave Mills
There are 10 types of people, those that understand binary and those that don't.
Fabio Martins replied on 20-Mar-09 02:59 PM
Yes, we're using the option "Auto download and schedule to install", and
it's scheduled to install on wednesdays at 10am.

But we set the option "No auto-restart with logged on users for scheduled
automatic update installations" to enabled, so it will restart only when a
user shut's down the server, won't it?

Humm.... Our Idea were, to create 3 groups:

One group, will be the servers that will be the "test group", the group that
we'll teste the updates. We are planning to make a rule to automatically
aprove updates for this group.

Other group, will be the servers. After the updates are installed
successfully on the "test group", we aprove the updates for this groups.

The third group, will be some servers that we preffer to make windows update
So, We thought that on wednestays we could make a report from the servers
that are waiting the reboot to finishles the update, so someone could in the
next possible tima restart them manually.

We are not using the full license copy. What we want is possible with a full
licence copy of SQL server?

argh.. I am not a programmer...

I'll check that!

Thankyou very much.
Fabio Martins replied on 20-Mar-09 03:28 PM
Hi! Thankyou for answering.

Sorry... but what is "RDP"? -- my english vocabulary is not so rich!
Correct me if i misunderstood you... this way, you do all updates manually,
don't you?

I am thinking that it can be another way to do what we want, just notify and
we can check the report "needed" and then the guy goes there, install and

The problem we have is that we have 45 MS Servers, and they can't reboot any
time, and each one has specific times that we can reboot them.

Harry Johnston [MVP] replied on 20-Mar-09 08:28 PM
This almost certainly isn't what you want to do.

NO.  It will reboot immediately unless someone is logged in interactively.  File
server connections, for example, don't count.

In any case, it is important that you don't install updates until you are ready
to reboot.  The server may be in an unstable state inbetween installation and
reboot, which might cause a system crash or worse.  (It's fairly unlikely, but
in general not a risk worth taking.)

Note that if you're going to manually reboot a server anyway, it isn't that much
more effort to manually install the updates first using option 3.

RDP: Remote Desktop Protocol, aka Remote Desktop or Terminal Services.

Dave Mills replied on 21-Mar-09 04:04 AM
On Fri, 20 Mar 2009 16:28:06 -0300, "Fabio Martins"

Harry answered this.

For servers - Yes. 1) I want to control when and 2) I want "know" that is
rebooted and not find out hours later that a server has failed to restart. For
example I will reboot a DC but will not start the update on another DC un till
the first is up and has been running for 5 minutes. I also get to notice that
sometime no reboot is needed so I can do the updates more quickly. Note thought
that "No Reboot" does not mean "No service outage". Exchange update will often
stop the service but not reboot the server so the clients are still denied the

That is what almost all do for servers. "Guy goes there" using Remote Desktop.
Dave Mills
There are 10 types of people, those that understand binary and those that don't.
Fabio Martins replied on 23-Mar-09 10:29 AM
Really... this way, it is better use option 3.


Fabio Martins replied on 23-Mar-09 10:31 AM
Thankyou very much, I think it is the better way to update our servers.

Dave Mills replied on 25-Mar-09 02:58 AM
There is one thing regarding using remote desktop. If somebody is logged on to
the root console (W2003/W2000) when you connect you do not get the yellow
install update shield. This is especially troublesome if you have deployed RDP 6
as you cannot connect to the root session (console 0). I have found it works OK
providing there is no session on console 0. The solution is to remotely logoff
the console 0 user, then run wuauclt /detectnow.

On Mon, 23 Mar 2009 11:31:47 -0300, "Fabio Martins"

Dave Mills
There are 10 types of people, those that understand binary and those that don't.