How to disable updates forever? Windows 10 Pro

Discussion in 'Windows 10' started by alexmira232, May 21, 2018.

  1. Carlos Detweiller

    Carlos Detweiller MDL Spinning Tortoise

    Dec 21, 2012
    3,737
    3,482
    120
  2. freddie-o

    freddie-o MDL Addicted

    Jul 29, 2009
    600
    646
    30
    #102 freddie-o, Mar 17, 2020
    Last edited: Mar 18, 2020
    Created a Windows Update TOGGLE script based on @whatever127 and @mspaintmsi 's findings... Disable Windows Update service here and enable it back again here. And using @rpo 's script to elevate as Administrator here.

    Code:
    @echo off
    set "params=Problem_with_elevating_UAC_for_Administrator_Privileges"&if exist "%temp%\getadmin.vbs" del "%temp%\getadmin.vbs"
    fsutil dirty query %systemdrive%  >nul 2>&1 && goto :query
    :: The following test is to avoid infinite looping if elevating UAC for Administrator Privileges failed
    If "%1"=="%params%" (echo Elevating UAC for Administrator Privileges failed&echo Right click on the script and select 'Run as administrator'&echo Press any key to exit...&pause>nul 2>&1&exit)
    cmd /u /c echo Set UAC = CreateObject^("Shell.Application"^) : UAC.ShellExecute "%~0", "%params%", "", "runas", 1 > "%temp%\getadmin.vbs"&cscript //nologo "%temp%\getadmin.vbs" && exit /b || (echo Elevating UAC for Administrator Privileges failed&echo Right click on the script and select 'Run as administrator'&echo Press any key to exit...&pause>nul 2>&1&exit)
    
    :query
    reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress > NUL 2>&1
    if %ERRORLEVEL% EQU 0 goto enable
    if %ERRORLEVEL% EQU 1 goto disable
    
    :enable
    reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress /f
    mshta javascript:alert("Windows Update is enabled!");close(); & exit /b
    
    :disable
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress /f
    wmic service wuauserv call StopService
    rundll32 wuaueng.dll,GeneralizeForImaging
    mshta javascript:alert("Windows Update is disabled!");close(); & exit /b
    
    
     
  3. BAU

    BAU MDL Addicted

    Feb 10, 2009
    626
    1,101
    30
    #103 BAU, Mar 17, 2020
    Last edited: Mar 18, 2020
    Good intention, but what about testing?
    Before sharing any scripts publicly you are obligated to do thoroughly testing on a live machine.

    Do not use WindowsUpdateSysprepInProgress permanently, as it will cripple functionality along the way.
    You should find out soon enough why it's a bad idea to run like that for a couple of days..

    Instead, it or the other couple similar USO blocking keys need to be applied dynamically whenever updating starts. My months-behind-release improved WindowsUpdateToggle.bat uses such method.
    I guess it's time has come - a silky-smooth alternative to Sledge Hammer for controlling WU :)

    fsutil will also trigger disk trashing for a long time on some PCs.
    The recommended, fastest admin-rights testing is to:
    Code:
    reg query HKU\S-1-5-19>nul 2>nul||("self-elevate-stuff"&exit)
    The preventing loop I made was only relevant when querying S-1-5-20, the network system profile, that on some PCs it was missing from HKU. S-1-5-19 on the other hand is always present so there won't be a loop.
    Could also do the slower:
    Code:
    whoami /groups|findstr S-1-16-8192 >nul&&("self-elevate-stuff"&exit)
    vbs self-elevating might trigger one second faster, but script pauses anyway at UAC so it does not matter, plus makes the main script cumbersome, and generates temporary files. It's also blocked on many PCs (because lazy and/or incompetent sys-admins spread the all-scripts-are-evil online instead of doing their job.. filtering).
    Powershell is the way to go. Built-in logging to make sys-admins happy, good debugger, better handling of localized files, amazing text processing.
    Self-elevating without arguments is as simple as: /note2self: who's not testing stuff now, smartass?
    Code:
    reg query HKU\S-1-5-19>nul 2>nul||(set "0=%~f0"&powershell -nop -c start $env:0 -v runas&exit)
    Can also pass arguments:
    Code:
    reg query HKU\S-1-5-19>nul 2>nul||(set 0="%~f0" %*&powershell -nop -c start cmd -args '/x/d/q/rcall',$env:0 -v runas&exit)
    sorry about that brain fart, I quoted from memory without - you know - testing :rolleyes: fixed in edit

    Please don't let my review discourage you!
    I'm a batch-addict so I welcome any new scripts and methods, it's not just my way - or the high-way :rolleyes:
     
  4. freddie-o

    freddie-o MDL Addicted

    Jul 29, 2009
    600
    646
    30
    Thanks for your input. I DO test scripts first before posting them.

    Personally I use the script on my second OS. I don't update the OS since it's not my main OS and I only use it for odd jobs and for testing purposes, etc...

    I have never encountered any problems or errors yet with "WindowsUpdateSysprepInProgress". So far, it's been working in keeping my other OS from updating

    On the other hand, I do not control Windows Update on my main OS. Except to disable Automatic updates.
     
  5. freddie-o

    freddie-o MDL Addicted

    Jul 29, 2009
    600
    646
    30
    #105 freddie-o, Mar 17, 2020
    Last edited: Mar 17, 2020
    Code:
    reg query HKU\S-1-5-19>nul 2>nul||(set "0=%~f0"&powershell -nop -c start -verb runas cmd -args'/d/x/c',$env:0&exit)
    and

    Code:
    reg query HKU\S-1-5-19>nul 2>nul||(set "0=%~f0"&set 1=%*&powershell -nop -c start -verb runas cmd -args'/d/x/c',$env:0,$env:1&exit)

    don't work
     
  6. freddie-o

    freddie-o MDL Addicted

    Jul 29, 2009
    600
    646
    30
    #106 freddie-o, Mar 17, 2020
    Last edited: Mar 17, 2020
    Found this one that works though...

    Code:
    reg query HKU\S-1-5-19 >nul 2>nul || if "%?%" neq "y" (powershell -c "start cmd -ArgumentList '/c %args%' -verb runas" &exit)
    
    
     
  7. freddie-o

    freddie-o MDL Addicted

    Jul 29, 2009
    600
    646
    30
    In the scenario you mentioned, that would be "choosing" already to update (upgrade) the system.
     
  8. freddie-o

    freddie-o MDL Addicted

    Jul 29, 2009
    600
    646
    30
    #109 freddie-o, Mar 18, 2020
    Last edited: Mar 18, 2020
    Here is another script implementing @BAU 's script using reg query and powershell to elevate. The reason here.

    EDIT: CHANGED THE SCRIPT'S POP UP MESSAGE.

    Code:
    @echo off
    :: set arguments to jump to admin label and pass any other command line parameters to self-elevate via powershell
    set "args=set __JUMP__=admin &set ?=y&call "%~f0" %*" &call set "args=%%args:"=\""%%"
    :: self-elevate passing args and preventing loop
    reg query HKU\S-1-5-19 >nul 2>nul || if "%?%" neq "y" (powershell -c "start cmd -ArgumentList '/c %args%' -verb runas" &exit)
    :: should be elevated here
    
    reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress >nul 2>nul
    if %ERRORLEVEL% EQU 0 goto enable
    if %ERRORLEVEL% EQU 1 goto disable
    
    :enable
    reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress /f
    mshta javascript:alert("Windows Update is enabled!");close(); & exit /b
    
    :disable
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress /f
    wmic service wuauserv call StopService
    rundll32 wuaueng.dll,GeneralizeForImaging
    mshta javascript:alert("Windows Update is disabled!");close(); & exit /b
    
    
     
  9. BAU

    BAU MDL Addicted

    Feb 10, 2009
    626
    1,101
    30
    #110 BAU, Mar 18, 2020
    Last edited: Mar 18, 2020
    You're damn right. I am sorry for that.
    Fixed in edit with the actually-tested "proper"-way.
    Code:
    :: self-elevate one-liner (passing command line parameters)
    @reg query HKU\S-1-5-19>nul 2>nul||(set 0="%~f0" %*&powershell -nop -c start cmd -args '/x/d/q/rcall',$env:0 -v runas&exit)
    
    :: toggle
    reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress>nul 2>nul&&goto enable||goto disable
    
    :enable
    reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress /f 2>nul
    powershell -nop -c Add-Type -As PresentationFramework;[System.Windows.MessageBox]::Show('Windows Update is enabled!')&exit
    
    :disable
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress /f 2>nul
    rundll32 wuaueng.dll,GeneralizeForImaging
    net1 stop wuauserv 2>nul
    powershell -nop -c Add-Type -As PresentationFramework;[System.Windows.MessageBox]::Show('Windows Update is disabled!')&exit
    
    Using mshta js is troublesome (not that it should be, but that's how it is these days) and even gets blocked by Defender, so I took liberty to add the powershell alternative to your script.
    Edited with the shortest self-elevate form and runas at the end since ending a command with 0 could cause issues if ever redirected with >
    Removed alternative self-elevate since you always want to pass arguments - and the /q param sent to cmd makes @echo off not needed anymore :p
     
  10. BAU

    BAU MDL Addicted

    Feb 10, 2009
    626
    1,101
    30
    Nice tiny script, me like them like that. You should see my WUT.bat in it's state right now - it's so bloated. But also, so smart :)) Hopefully I get the energy to clean it up soon, since I spend more time at home now with the corona virus & all..
     
  11. freddie-o

    freddie-o MDL Addicted

    Jul 29, 2009
    600
    646
    30
    #113 freddie-o, Mar 18, 2020
    Last edited: Mar 18, 2020
    Yup. We have a lot of time on our hands now. :D

    Changed
    Code:
    :: toggle
    reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress>null 2>nul&&goto enable||goto disable
    to
    Code:
    :: toggle
    reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress> NUL 2>&1&&goto enable||goto disable


    because it creates a "null" file on Administrator accounts.
     
  12. BAU

    BAU MDL Addicted

    Feb 10, 2009
    626
    1,101
    30
    oops my bad again I had put null instead of nul (freaking Microsoft had to use $null in powershell to fk with our minds), and did not notice it (was indeed creating a null file in system32)
    As for the 2>&1 it's pointless since you're "saving" one character at the expense of.. well more overhead for large scripts with lots of text output on both normal and error channel.
    edited above with >nul 2>nul
     
  13. freddie-o

    freddie-o MDL Addicted

    Jul 29, 2009
    600
    646
    30
    #115 freddie-o, Mar 18, 2020
    Last edited: Mar 27, 2020
    How did I not see that? Just goes to show.

    This is the final working script...

    Code:
    :: self-elevate one-liner (passing command line parameters)
    @reg query HKU\S-1-5-19>nul 2>nul||(set 0="%~f0" %*&powershell -nop -c start cmd -args '/x/d/q/rcall',$env:0 -v runas&exit)
    
    :: toggle
    reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress>nul 2>nul&&goto enable||goto disable
    
    :enable
    reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress /f 2>nul
    powershell -nop -c Add-Type -As PresentationFramework;[System.Windows.MessageBox]::Show('Windows Update is enabled!')&exit
    
    :disable
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdateSysprepInProgress /f 2>nul
    rundll32 wuaueng.dll,GeneralizeForImaging
    net1 stop wuauserv 2>nul
    powershell -nop -c Add-Type -As PresentationFramework;[System.Windows.MessageBox]::Show('Windows Update is disabled!')&exit