This might be an "oldie/goldie" that you think that most admins know of today, but i'd thought i would write it down anyway, to get it bumped.
To avoid PC's not being patched because a user think that they are shutting down their PC when they go home, and patches should install when it's asking for a reboot, but they are not, why?
The Fast Startup feature in Windows 10 allows your computer start up faster after a shutdown. When you shut down your computer, Fast Startup will put your computer into a hibernation state instead of a full shutdown. Fast Startup is enabled by default if your computer is capable of hibernation.
Because "Fast Start Up" only hibernates the PC on shutdowns, the only way to apply patches is by using "Restart". But, if you disable this function, patches will be applied even with a shutdown/power on.
You can read more about this here:
If you want to disable this (and you should) you can use a Configuration Item / Baseline to have the RegValue created, changed and controlled.
I have it setup like this:
|Name||Setting Type||Data Type|
|HiberbootEnable Value||Registry value||Integer|
Registry value to assess
|Hive Name||Key Name||Value Name|
|HiberbootEnabled -eq 0||Equals 0||Information||Yes|
|HiberbootEnabled Exist||Must Exist||Information||Yes|
|Registry - Disable - FastStartup||Changes RegValue to disable "Fast Startup funcionallity"|
|Always Apply this baseline||Evaluate as part of compliance pol assessment|
Add the ConfigurationItem created earlier
Configuration Baseline Deployment
- Remediate noncompliant rules when supported - CHECKED
- Allow remediation outside the maintenance window - CHECKED
Otherwise setup the deployment as you prefer.