Created a Windows Update TOGGLE script based on @whatever127 and @mspaintmsi 's findings... Disable Windows Update service here and enable it back again here. And using @rpo 's script to elevate as Administrator here. Code: @echo off set "params=Problem_with_elevating_UAC_for_Administrator_Privileges"&if exist "%temp%\getadmin.vbs" del "%temp%\getadmin.vbs" fsutil dirty query %systemdrive% >nul 2>&1 && goto :query :: The following test is to avoid infinite looping if elevating UAC for Administrator Privileges failed If "%1"=="%params%" (echo Elevating UAC for Administrator Privileges failed&echo Right click on the script and select 'Run as administrator'&echo Press any key to exit...&pause>nul 2>&1&exit) cmd /u /c echo Set UAC = CreateObject^("Shell.Application"^) : UAC.ShellExecute "%~0", "%params%", "", "runas", 1 > "%temp%\getadmin.vbs"&cscript //nologo "%temp%\getadmin.vbs" && exit /b || (echo Elevating UAC for Administrator Privileges failed&echo Right click on the script and select 'Run as administrator'&echo Press any key to exit...&pause>nul 2>&1&exit) :query reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress > NUL 2>&1 if %ERRORLEVEL% EQU 0 goto enable if %ERRORLEVEL% EQU 1 goto disable :enable reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress /f mshta javascript:alert("Windows Update is enabled!");close(); & exit /b :disable reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress /f wmic service wuauserv call StopService rundll32 wuaueng.dll,GeneralizeForImaging mshta javascript:alert("Windows Update is disabled!");close(); & exit /b
Good intention, but what about testing? Before sharing any scripts publicly you are obligated to do thoroughly testing on a live machine. Do not use WindowsUpdateSysprepInProgress permanently, as it will cripple functionality along the way. You should find out soon enough why it's a bad idea to run like that for a couple of days.. Instead, it or the other couple similar USO blocking keys need to be applied dynamically whenever updating starts. My months-behind-release improved WindowsUpdateToggle.bat uses such method. I guess it's time has come - a silky-smooth alternative to Sledge Hammer for controlling WU fsutil will also trigger disk trashing for a long time on some PCs. The recommended, fastest admin-rights testing is to: Code: reg query HKU\S-1-5-19>nul 2>nul||("self-elevate-stuff"&exit) The preventing loop I made was only relevant when querying S-1-5-20, the network system profile, that on some PCs it was missing from HKU. S-1-5-19 on the other hand is always present so there won't be a loop. Could also do the slower: Code: whoami /groups|findstr S-1-16-8192 >nul&&("self-elevate-stuff"&exit) vbs self-elevating might trigger one second faster, but script pauses anyway at UAC so it does not matter, plus makes the main script cumbersome, and generates temporary files. It's also blocked on many PCs (because lazy and/or incompetent sys-admins spread the all-scripts-are-evil online instead of doing their job.. filtering). Powershell is the way to go. Built-in logging to make sys-admins happy, good debugger, better handling of localized files, amazing text processing. Self-elevating without arguments is as simple as: /note2self: who's not testing stuff now, smartass? Code: reg query HKU\S-1-5-19>nul 2>nul||(set "0=%~f0"&powershell -nop -c start $env:0 -v runas&exit) Can also pass arguments: Code: reg query HKU\S-1-5-19>nul 2>nul||(set 0="%~f0" %*&powershell -nop -c start cmd -args '/x/d/q/rcall',$env:0 -v runas&exit) sorry about that brain fart, I quoted from memory without - you know - testing fixed in edit Please don't let my review discourage you! I'm a batch-addict so I welcome any new scripts and methods, it's not just my way - or the high-way
Thanks for your input. I DO test scripts first before posting them. Personally I use the script on my second OS. I don't update the OS since it's not my main OS and I only use it for odd jobs and for testing purposes, etc... I have never encountered any problems or errors yet with "WindowsUpdateSysprepInProgress". So far, it's been working in keeping my other OS from updating On the other hand, I do not control Windows Update on my main OS. Except to disable Automatic updates.
Code: reg query HKU\S-1-5-19>nul 2>nul||(set "0=%~f0"&powershell -nop -c start -verb runas cmd -args'/d/x/c',$env:0&exit) and Code: reg query HKU\S-1-5-19>nul 2>nul||(set "0=%~f0"&set 1=%*&powershell -nop -c start -verb runas cmd -args'/d/x/c',$env:0,$env:1&exit) don't work
Found this one that works though... Code: reg query HKU\S-1-5-19 >nul 2>nul || if "%?%" neq "y" (powershell -c "start cmd -ArgumentList '/c %args%' -verb runas" &exit)
Here is another script implementing @BAU 's script using reg query and powershell to elevate. The reason here. EDIT: CHANGED THE SCRIPT'S POP UP MESSAGE. Code: @echo off :: set arguments to jump to admin label and pass any other command line parameters to self-elevate via powershell set "args=set __JUMP__=admin &set ?=y&call "%~f0" %*" &call set "args=%%args:"=\""%%" :: self-elevate passing args and preventing loop reg query HKU\S-1-5-19 >nul 2>nul || if "%?%" neq "y" (powershell -c "start cmd -ArgumentList '/c %args%' -verb runas" &exit) :: should be elevated here reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress >nul 2>nul if %ERRORLEVEL% EQU 0 goto enable if %ERRORLEVEL% EQU 1 goto disable :enable reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress /f mshta javascript:alert("Windows Update is enabled!");close(); & exit /b :disable reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress /f wmic service wuauserv call StopService rundll32 wuaueng.dll,GeneralizeForImaging mshta javascript:alert("Windows Update is disabled!");close(); & exit /b
You're damn right. I am sorry for that. Fixed in edit with the actually-tested "proper"-way. Code: :: self-elevate one-liner (passing command line parameters) @reg query HKU\S-1-5-19>nul 2>nul||(set 0="%~f0" %*&powershell -nop -c start cmd -args '/x/d/q/rcall',$env:0 -v runas&exit) :: toggle reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress>nul 2>nul&&goto enable||goto disable :enable reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress /f 2>nul powershell -nop -c Add-Type -As PresentationFramework;[System.Windows.MessageBox]::Show('Windows Update is enabled!')&exit :disable reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress /f 2>nul rundll32 wuaueng.dll,GeneralizeForImaging net1 stop wuauserv 2>nul powershell -nop -c Add-Type -As PresentationFramework;[System.Windows.MessageBox]::Show('Windows Update is disabled!')&exit Using mshta js is troublesome (not that it should be, but that's how it is these days) and even gets blocked by Defender, so I took liberty to add the powershell alternative to your script. Edited with the shortest self-elevate form and runas at the end since ending a command with 0 could cause issues if ever redirected with > Removed alternative self-elevate since you always want to pass arguments - and the /q param sent to cmd makes @echo off not needed anymore
Nice tiny script, me like them like that. You should see my WUT.bat in it's state right now - it's so bloated. But also, so smart ) Hopefully I get the energy to clean it up soon, since I spend more time at home now with the corona virus & all..
Yup. We have a lot of time on our hands now. Changed Code: :: toggle reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress>null 2>nul&&goto enable||goto disable to Code: :: toggle reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress> NUL 2>&1&&goto enable||goto disable because it creates a "null" file on Administrator accounts.
oops my bad again I had put null instead of nul (freaking Microsoft had to use $null in powershell to fk with our minds), and did not notice it (was indeed creating a null file in system32) As for the 2>&1 it's pointless since you're "saving" one character at the expense of.. well more overhead for large scripts with lots of text output on both normal and error channel. edited above with >nul 2>nul
How did I not see that? Just goes to show. This is the final working script... Code: :: self-elevate one-liner (passing command line parameters) @reg query HKU\S-1-5-19>nul 2>nul||(set 0="%~f0" %*&powershell -nop -c start cmd -args '/x/d/q/rcall',$env:0 -v runas&exit) :: toggle reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress>nul 2>nul&&goto enable||goto disable :enable reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress /f 2>nul powershell -nop -c Add-Type -As PresentationFramework;[System.Windows.MessageBox]::Show('Windows Update is enabled!')&exit :disable reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress /f 2>nul rundll32 wuaueng.dll,GeneralizeForImaging net1 stop wuauserv 2>nul powershell -nop -c Add-Type -As PresentationFramework;[System.Windows.MessageBox]::Show('Windows Update is disabled!')&exit