This came up last week on Twitter, and I wanted to write a quick note here for future reference.
As you probably already know, Windows 10 and 11 (even the Pro version of the OS) default to automatically restarting computers following Windows Updates to keep them up to date. This often does not work well in the digital forensics context as we frequently have long-running acquisition, processing, and examination tasks. You can control this behavior by configuring the following Group Policy:
Computer Configuration > Administrative Templates > All Settings > Configure Automatic Updates
An important consideration is that not every setting there is available for Windows 10 & 11. For instance, the description states that Option 5, which allows local admins to choose the configuration mode, was not carried over to Win 10 and 11. Similarly, Option 7 is available for Windows Server only.
I configure this setting to reflect 2 - Notify for download and auto install. This way, I get a notification before updates are even downloaded, and my work does not get interrupted with unexpected reboots.
Needless to say, if you choose this option, you would want to stay on top of Windows Updates yourself and make sure your devices do not fall behind.