Stop WSUS from rebooting a server

If you really do not have control over containers and GPO settings, then you're out of luck. The system is designed to prevent local admins from changing that kind of thing.

I have users in the exact situation you are, so we've had to create processes to allow exceptions to the everyone-must-apply-updates-at-$DateTime rules. We have a group of OU's for machines that need hand-holding through the update process, and people move machines in there if they need it. The machines in there get audited once in a while to verify that they NEED to be in there, we don't want end-user workstations in there because they hate having to log out of Outlook once a month.

After your production is horribly disrupted because of this weekend's patches, you can take that (and possibly the irate managers it'll cause) and press for some kind of exceptions policy.

In the Group Policy editor go to Computer Configuration > Administrative Templates > Windows Components > Windows Update and choose No auto-restart for scheduled Automatic Updates installation.

You can also completely disable Windows Update at the Group Policy level.

Temporarily setup a group policy that changes the windows update auto install settings from "Download and schedule the installation" to "Download only". Then strip the group policy after this weekend.