Microsoft addresses new reports of forced Windows updates and reboots

Microsoft has posted a long and complex explanation to its Windows Software Update Services (WSUS) blog, explaining the latest case of why software updates are being pushed to users who believe they've turned automatic updating off.

The UK Register reported on October 25 that a number of admins were seeing Microsoft Desktop Search 3.01 pushed out to users via Microsoft's WSUS enterprise patching/update system, in spite of having opted out of this "resource-hogging search app."

Bobbie Harder, Microsoft Product Manager for WSUS, explained why some companies were seeing the updated Windows Desktop Search bits (aka, the updated package for KB917013) pushed to their users. It turns out Microsoft changed the deployment rules after the original release of Windows Desktop Search. Harder noted:

"The original update release, released February 2007 as an optional update, was only applicable on systems which had a version of Windows Desktop Search installed. The recent update Revision 105, had the applicability logic expanded to be applicable to all systems regardless if a prior version of Windows Desktop Search was installed, IF of course, approved in the WSUS Administrative UI or via Administrator-set auto-approval rules."

Harder summarized:

• "The initial February 2007 (WIndows Desktop Search 3.01) release had to be purposely checked/approved by WSUS admin s sfor distribution, because it was an Optional update.
• "All subsequent metadata-only revisions to that WSUS admin approved February 2007 release would then also be automatically approved for distribution.
• "The initial February approval is retained throughout the life of the update, regardless of revision."

Microsoft realizes this policy is creating confusion, Harder said, and will subsequently be "tightening the criteria for Revisions so that auto-approval of revision behaivors are more predictable and of similar scope as the original approved update."

Meanwhile, there's a new theory circulating as to why a number of Windows XP and Vista users are reporting that their machines are patching and forcibly rebooting themselves. It might be Windows Live OneCare's fault.

Microsoft officials said earlier this week that there were no problems with Microsoft's Automatic Update (AU) patching mechanism, nor with patches delivered on October 9 as part of Patch Tuesday that might be causing the automatic rebooting. Instead, company officials said they believed users an/or their admins -- whether they realized it or not -- were changing their preferences on Automatic Update to allow automatic updating and forced rebooting.

Microsoft officials said on October 25 they were looking into new reports of AU-related problems introduced via Windows Live Onecare and would provide more information once they determined whether or not OneCare might be the culprit behind reported rogue rebooting.

Vista marketing officials acknowledged this week that the company realizes it need to do a better job of explaining and implementing Windows Update/Automatic Update policies in order to maintain users' trust.

Update (late in the evening, EST, on October 25): Microsoft has provided some additional information pertaining to ongoing reports of rogue reboots.

On the consumer side of the house, the OneCare team is acknowledging that OneCare can and will override users' Microsoft Update settings -- opting for Automatic Updates to be installed by default -- in the name of simplicity. But the team is reevaluating the best way to make users more aware of this fact, going forward. From a posting on the OneCare Team blog:

"In the first OneCare boot experience we have gone to great lengths to disclose that OneCare may automatically effect changes to user settings in order to help best protect the user. When you first install Windows Live OneCare, setup informs you that if you choose to proceed your computer settings will be changed to automatically download and install important updates from Microsoft Update (a Microsoft service that provides software updates for Windows components and other Microsoft programs). You may still choose whether or not to install recommended and optional updates. "

On the enterprise/WSUS side, there's new information that has been added to the WSUS Team blog, as of this evening. Company officials explained a mistake the WSUS team made when rolling out an update to Windows Desktop Search this past Tuesday, and is providing information to help users uninstall any copies of WDS that were pushed erroneously to them without their approval.