My favorite is the windows automatic restart when left unattended after certain updates. Back in College, I had this program that allowed me to snag released tickets to our basketball team (it was first come first served after release) for lots of friends. I went out and windows updated -- on the biggest game of the year.
Updates are particularly difficult to get right. For something that requires a restart, you have two main options: restart the computer for the user, or wait for the user to restart on its own. You run into two problems if you wait for the user: Many never actually restart, and if you let it trigger on Shutdown also, then you'll have the problem of users turning on their computer and having to wait 20 minutes for all 200 updates they haven't been bothering with to install.
As far as automated updates go, they should be requiring the user to acknowledge the "Restart now?" box, and nag the hell out of users until they acknowledge it somehow.
I like the "Ask me again in 20 minutes" option. Sometimes I'm in the middle of something and would like it to go away for a little while. My preference would be two options: "Restart Now" and "Nag me in 10 minutes".
I would rather have the critical system files locked while Windows is loaded. If it was a server, I would understand allowing those files to be changed, but on my workstation I run lots of code that other, not necessarily trustworthy people have written. Keeping the files that Windows relies on most safe from editing (while the computer is on) seems worth having to restart every couple weeks or so for updates.
I would put this forward: If you run on a system where it gets slower the longer it is left on (which is almost universally from programs running on top of the OS), you should have to restart for any update which changes any critical part of the OS (which I would roughly define as any piece of the OS required to get to a desktop/terminal window).
The automatic restart caused us no end of difficulties at my work. We were running long running data loading integration test scripts on windows boxes. Nothing worse then finding out that the script that was supposed to run over the weekend made it 8 hours then the machine rebooted to install updates.
There's a regedit/GPO that should be applied on any system like this. The key is in Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Windows Update (under GPO), and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate (Some place in there, I'm on 7 right now and can't find what it would be on XP).
It is particularly strange that it would happen over the weekend. Updates should be downloaded and installed only on Tuesdays, unless you set it otherwise. If your scripts are running every weekend, why not set the machines to update on Mondays?
Yes, this. I'm a happy windows user (probably a minority here) except for this bloody feature. And the fact that every time windows updates are downloaded I have to review them to make sure they don't contain some kind of genuine validation checker that won't benefit me in any way except probably make my windows copy illegal by mistake.
