Reboot Policy for Windows Computers

Definitions
Pending reboot state/status: Necessary software changes that can only occur during the operation system startup are queued.
Shutdown: The operating system safely closes applications and halts processes followed by a state of no power.
Reboot: A process of automatically reloading the operating system into memory following a momentary shutdown state.

Policy
Users of Windows computers in the College of Arts and Sciences will be reminded to reboot their computers when security patches for the operating system or other applications require a reboot to complete the installation process. A window will appear notifying the user of the need to reboot. This policy supports the University’s Policy: Standards for Connecting Devices to the University Network, https://wiki.albany.edu/x/qxz-AQ.

Reason for Policy
The goal of this policy is to maintain a secure network environment for the University and to prevent the spread of malware and other security breaches. A fully patched operating system on all computers is necessary to accomplish this goal. A fully patched operating system means that all security patches have been downloaded, initiated and the computer rebooted. The University has had a system that automatically downloads and initiates operating system patches for Windows computers, but rebooting has been left to the user to complete the install process. The result has been that a significant percentage of computers do not complete the install for a month or longer. By reminding users of the need to reboot, the likelihood of patches being installed in a timely manner greatly increases.

Application of Policy
Periodically, college computers will automatically check for a pending reboot. If a pending reboot exists, a window will appear alerting the user. If the user clicks a button on the window, the computer is set to automatically reboot. If the user makes a selection on the window and then shuts down or reboots the computer manually any time before the automatic reboot, the computer will not automatically reboot as long as no additional pending reboots occur thereby restarting the entire process.

Please note:

  • A computer will only automatically reboot if the user clicks on any of the buttons in the initial notification window. This will close the window but the window may reappear depending on what selection was made (see below).
  • The user will be given at least 54 hours’ notice before the computer reboots. The reboots will occur Friday at 5 PM. This means that if the first notice is given on a Thursday, the computer will not reboot the next day but the following Friday at 5PM.
  • The only way to close the window is to click on one of the buttons which will schedule an automatic reboot to occur. How and when the reboot occurs depends on the selection made (see below).
  • If the user does not click on any of the buttons, the computer will not reboot and the window will remain open.

The window gives the user the following choices:

  • Remind me in 4 hours: The window will close and then reappear in 4 hours. If no additional selections are made once the window reappears, the computer will automatically reboot as scheduled.
  • I’ve saved my work. Reboot now: This will bring up a window asking the user if all work has been saved.  If the user responds yes, the computer will reboot immediately.

If the user did not select I’ve saved my work. Reboot now a second window will appear in 4 hours. This window has the following:

  • A timer notifying the user of the time left until the computer automatically reboots.
  • Shutdown instead of reboot. This allows the user to choose to shut down the computer instead of rebooting.
  • Ok. I will shutdown later. If this is selected, the window will close and then reappear 4 hours before the automatic reboot.
  • I’ve saved my work. Reboot now: This will bring up a window asking the user if all work has been saved. If the user responds yes, the computer will reboot immediately.

CAS Computing does recognize that specialized systems such as data collection computers or computers that run analyses for long periods of time may be adversely affected by an automatic reboot. Users are strongly encouraged to comply with this policy because one compromised computer inside the network affects everything else on the University network. If you have any questions or concerns, please contact CAS Computing at cascomp@albany.edu. We will be happy to discuss your issues and will do our best to meet your needs while maintaining a secure computing environment for all.

Best Practices
At a minimum, users are encouraged to shutdown or reboot their computer(s) at the end of business on Friday. Weekly shutdowns or reboots will install security patches and allow the reboot/shutdown to occur at the convenience of the user. Shutting down computers for the weekend is preferable since this will add to energy savings for the university.