Windows - Configuration - Restart Device If Required

What the restart enforcement Worklet does

This Automox Worklet™ detects whether a Windows endpoint requires a restart due to pending patches or system updates, then automatically initiates an immediate restart if one is needed.

The Worklet checks multiple indicators of pending restart states, including the Windows Update system info component, Component Based Servicing registry keys, and the Windows Update Auto Update registry hive. This comprehensive approach ensures no pending reboot conditions go undetected.

The Worklet examines registry keys including HKLM:\SYSTEM\CurrentControlSet\Control\Session, HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Component.

If the endpoint is compliant and no restart is required, the Worklet completes silently without any action.

Why enforce immediate endpoint restarts

Delaying system restarts after critical patches creates extended vulnerability windows on your endpoints. Attackers exploit unpatched systems, especially when security updates are installed but not yet active.

By automating restart enforcement, you reduce the time between patch installation and patch activation. This minimizes exposure to known vulnerabilities and ensures your security infrastructure remains current.

IT operations teams benefit from predictable restart timing when this Worklet is scheduled or triggered manually, eliminating uncertainty about whether patches are actually protecting your endpoints.

How restart enforcement works

1. Evaluation phase: The Worklet queries Microsoft.Update.SystemInfo for pending restart status, checks the Component Based Servicing registry key (HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending), inspects the Session Manager PendingFileRenameOperations key (HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations), and examines the Windows Update Auto Update registry hive (HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired) while filtering out known non-critical updates.

2. Remediation phase: If any reboot condition is detected, the Worklet issues the Restart-Computer PowerShell cmdlet with the Force parameter to immediately restart the endpoint without waiting for user confirmation. If a restart is not required, the endpoint remains online and no action is taken.

Restart enforcement requirements

• Windows 7 or later (PowerShell 3.0 or higher)

• Local administrator privileges on the endpoint to execute the Restart-Computer cmdlet

• Compatible with both workstations and servers

• RunNow (FixNow) compatible for immediate execution

• Supports both scheduled deployments and manual trigger scenarios

Expected endpoint behavior after restart

After remediation runs, the endpoint immediately initiates a system restart if a reboot condition is detected. The Worklet does not wait for user confirmation or defer the restart.

Once the restart completes, all pending patches and updates become active. To verify success, you can confirm the endpoint has rebooted and returns to a compliant state in the Automox console.

How to validate restart endpoint if required changes

1. Run this Worklet on a pilot Windows endpoint and review evaluation output for restart endpoint if required.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as Restart-Computer, New-Object, Test-Path.

4. Validate remediation effects from script operations such as Restart-Computer, New-Object, Test-Path, then rerun evaluation for compliance.

For technical validation, compare endpoint state to the Worklet evaluation logic and remediation flow for restart endpoint if required. This supports repeatable system preferences workflows, faster change control review, and auditable compliance evidence.

Useful script references for this Worklet include evaluation operations such as Restart-Computer, New-Object, Test-Path and remediation operations such as Restart-Computer, New-Object, Test-Path. Use these indicators to verify that endpoint changes match intended policy outcomes.