Access to this post is restricted! You're trying to open the post, written by @shewolf, but unfortunately it was marked as a draft (by the user himself or the UFO)
Don't delete the script you wrote. It could be highly useful. That includes all the info shewolf posted. I don't like that a reboot is required although that may become necessary at some future date. I just haven't had a chance to test it. I don't ignore any code presented in this thread. I want to incorporate some or all of the script written by @rpo based on shewolf's firewall blocking rule too after I test it. Two problems with that is 1) It may be redundant with what I'm doing already or maybe not. 2) The biggest problem with it is it won't work with third party firewalls, and accurately checking for one, and adding the blocking rule might be too complicated. I've only had time so far to test and refine the current script. No you're not. This is a learning experience for everyone since there are so many methods being presented to disable updates. That's the idea. Windows Update and it's related services and scheduled tasks running in the background eats cpu cycles. I've seen laptops and desktop pc's slow to a crawl because they're checking for updates. It's a real thing.
When your solution stops working I would think about including that other part of the script. As of right now it's perfect , no need to change anything.
Hi guys... I found a problem with our Windows Update MiniTool settings (thanks to Skunk1966 who told me) ever since we are using wub.exe Windows Update MiniTool always opens in Automatic mode. Otherwise when manually starting Windows Update MiniTool it remembers your previous settings, but when wub.exe takes over it always starts in mode Automatically! Why this happens: When wub.exe starts and when it's enabled ("%~dp0wub.exe" /e) it always removes the value "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate". When disabling and protecting ("%~dp0wub.exe" /d /p) it doesn't remove the value "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate". Removing the value NoAutoUpdate is the same as the setting Automatically. Automatically Deletes the whole regkey: "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" so that is why Windows Update MiniTool always starts in mode Automatically. Fix: Backup (if exists) your regkey value "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate" and import after wub.exe ("%~dp0wub.exe" /e) has started. How this is done i leave to the people here i'm not that good with cmd... I recorded the registry when Windows Update MiniTool starts and see my findings below: Automatically - Deletes regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU Disabled - Creates regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU Disabled - Creates value: NoAutoUpdate - REG_DWORD - 1 Notification mode - Creates regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU Notification mode - Creates value: AUOptions - REG_DWORD - 2 Notification mode - Creates value: NoAutoUpdate - REG_DWORD - 0 Download only - Creates regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU Download only - Creates value: AUOptions - REG_DWORD - 3 Download only - Creates value: NoAutoUpdate - REG_DWORD - 0 Scheduled - Creates regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU Scheduled - Creates value: AUOptions - REG_DWORD - 4 Scheduled - Creates value: NoAutoUpdate - REG_DWORD - 0 Scheduled - Creates value: ScheduledInstallDay - REG_DWORD - 0 (0=daily, 1=sunday, 2=monday, 3=tuesday, 4=wednesday, 5=thursday, 6=friday, 7=saturday) Scheduled - Creates value: ScheduledInstallTime - REG_DWORD - 0 (refers to scheduled hours and is a decimal value 0-23 (0-23 hours)) Managed by Administrator - Creates regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU Managed by Administrator - Creates value: AUOptions - REG_DWORD - 5 Managed by Administrator - Creates value: NoAutoUpdate - REG_DWORD - 0 hope we can solve this
Thanks for the info. When I first started this script for myself (when Windows 10 was released) it just started the windows update service (wuauserv), ran wumt, then stopped wuauserv. Things were a lot easier then. It went something like this: Code: **Start windows update service (there's only auto or disabled)** sc config wuauserv start= auto (change the windows update service to automatic) net start wuauserv (makes the service run) **start wumt** **after wumt closes stop and disable the windows update service** So as you might have guessed wumt showed "automatically" under update service the whole time I've been using this script since right after Windows 10 was released (the script started it as automatic because manual wasn't an option). I never had a problem other than regular wumt problems (sometimes it won't show an update when updates in settings will. There are ways to handle that that I won't get into here but remind me and I will). The problem isn't the windows update service or wub.exe at this point. You have to run the windows update service and it doesn't matter whether it's on manual or automatic while you're running an update check. The service itself runs either way, and wumt shows the updates to you after the update check and nothing installs until you let it install. The problem are the updates that install more programs and tasks that update without the windows update service. Microsoft is on to us about disabling the windows update service and they're doing something about it. There may be more updates that create more tasks and obscure files that force updates. We'll see next patch tuesday and in the months to come. This whole thing is getting nasty.
This is why im hiding any updates I see until I confirm 100 % they dont do s**t like that. as of now I only have gotten 1 update since last month that is not the ones we know are bad ( 23814 and 23057 ) , and it was a cumulative update. I read what it was about and I didnt think it was something relevant to me so I hide it. Besides that one rest have been window defender updates , so I have to think that microsoft is starting to give up ( as it should , if support ends in april I should stop getting updates , not get updates that try to update me to the latest one ) on that issue. Whatever they put on patch tuesday im hiding it and if it's a cumulative update im probably not installing it either , if I only have 3 updates to install and 2 are confirmed bad ,w hy should I install a cumulative update ?
Huh, with that logic in mind why even bother to check WU at all ??? The Cumulative Updates always bundle the security updates (i.e. first and mandatory fixes agains Meltdown/Spectre) besides others and never caused any additional upgrade related issues. With my system being always online i would never dare to skip those updates for a longer period .
For the defender updates , and if any other updates that I confirm wont s**t me up I will install them too. But if cumulative updates install every other update im missing , this means they are going to install the bad ones (23814 and 23057)
Nope, they will not install those, they are independent from the CU. They show it by having their own uninstall entry. You'll need to install the 'bad' ones on purpose.
Yeah I am . I checked that cumulative update which is the only update I havent installed without counting 23814 and 23057 ( which are useless anyways cuz this script disables the programs they enable ) and it wasnt anything important from the info I read on the KB , so its not like im not updated on the build Im on. As for going to 1709 Im going to hold out for some time because I have read way too many wrong than right things with that update.
March 10, 2018 Script updated to v2.2.5 Improvements since v2.2.4 Fixed logic of rempl folder renaming in case of re-creation of rempl folder by subsequent updates. Changed order: now usoclient is disabled first, then remsh.exe
Just hide 23057 and rempl folder shouldnt be created ever again. I just check from time to time the programdata folder to see if it did anyways
An update could possibly reset everything back too. Running the script again after first reboot after installing updates might be be a good idea, or at least check everything.
Yeah it's good to have it added to the script anyways. Just hide the update to kill one source of trouble
[edit - added a shorter, less wordy suggested code explanation] @pf100 You do a great job explaining how your script works, but some people may not read all your notes. Maybe you could add a note to the part of your script that pops up in the terminal? Suggested additions: Short and sweet! Code: ECHO **** This script ****************************** ECHO Starts the Regular Windows Update Service (RWUS) and runs WUMT. ECHO WUMT takes over blocking the RWUS and performs an update check. ECHO Ending WUPT reapplies the RWUS block. ECHO *********************************************** CHOICE /C YN /N /M "Do you want to run WUPT now? [y/n]: " IF ERRORLEVEL 2 exit Long and wordy Code: ECHO *********************************************** ECHO Welcome to the WUMT portion of pf100's script! ECHO You are about to run the Windows Update MiniTool (WUMT). ECHO After you are finished, automatic Windows update remains blocked. ECHO: ECHO Running an update check, runs the Windows update service. ECHO After completing the update check, WUMT waits for you to decide ECHO on what items you want to install. ECHO NOTE: ECHO While checking and waiting, WUMT blocks Windows from updating ECHO until you decide on what you want to do! ECHO *********************************************** ... or something like that ...