Yes As far as I can tell so far, only the Windows Update Service (wuauserv) is required to do updates. All of this other bulls**t is not needed. Sounds like you disabled something you shouldn't have.
I must have added a blocking rule to ESET firewall for some service or .exe that prevents downloading updates; I disabled the firewall and downloads started. I will check everything next weekend because I need to find out; I want to have a perfect firewall profile before exporting settings and rules for future use
Edit: tested working on 1709 Pro and LTSB 2016. Should work for home version. Updates work fine without this useless **** running. 1709 Pro: "%systemroot%\System32\UsoClient.exe" reset its permissions to default with TrustedInstaller as owner after CU 4088776, but this could happen to any file in the future. The script will have to be run again after reboot to fix it. WUMT can be closed as soon as it opens. That will have to be the new default: run the script again after an update reboot. I submit for your review the following proposed changes to the script: The next version will disable execution of UsoClient.exe, WaaSMedic.exe, and SIHClient.exe with an uninstaller to undo the changes, like so: *(no time to check "deny everybody" vs "remove all users". Remove all users is working so it's not a pressing issue right now)* WUMT Wrapper Script: Disable UsoClient.exe, WaaSMedic.exe, and SIHClient.exe: Code: :::::::::::::::::::::::::::: takeown /f "%systemroot%\System32\UsoClient.exe" /a icacls "%systemroot%\System32\UsoClient.exe" /reset icacls "%systemroot%\System32\UsoClient.exe" /inheritance:r /remove *S-1-5-32-544 *S-1-5-11 *S-1-5-32-545 *S-1-5-18 :::::::::::::::::::::::::::: takeown /f "%systemroot%\System32\WaaSMedic.exe" /a icacls "%systemroot%\System32\WaaSMedic.exe" /reset icacls "%systemroot%\System32\WaaSMedic.exe" /inheritance:r /remove *S-1-5-32-544 *S-1-5-11 *S-1-5-32-545 *S-1-5-18 :::::::::::::::::::::::::::: takeown /f "%systemroot%\System32\SIHClient.exe" /a icacls "%systemroot%\System32\SIHClient.exe" /reset icacls "%systemroot%\System32\SIHClient.exe" /inheritance:r /remove *S-1-5-32-544 *S-1-5-11 *S-1-5-32-545 *S-1-5-18 :::::::::::::::::::::::::::: Uninstaller: Enable UsoClient.exe, WaaSMedic.exe, and SIHClient.exe and set owner back to TrustedInstaller: Code: :::::::::::::::::::::::::::::::::: takeown /f "%systemroot%\System32\UsoClient.exe" /a icacls "%systemroot%\System32\UsoClient.exe" /reset icacls "%systemroot%\System32\UsoClient.exe" /setowner *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 :::::::::::::::::::::::::::::::::: takeown /f "%systemroot%\System32\WaaSMedic.exe" /a icacls "%systemroot%\System32\WaaSMedic.exe" /reset icacls "%systemroot%\System32\WaaSMedic.exe" /setowner *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 :::::::::::::::::::::::::::::::::: takeown /f "%systemroot%\System32\SIHClient.exe" /a icacls "%systemroot%\System32\SIHClient.exe" /reset icacls "%systemroot%\System32\SIHClient.exe" /setowner *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 ::::::::::::::::::::::::::::::::::
Code: Welcome to manual updates! This script reversably disables useless files such as: UsoClient.exe, WaaSMedic.exe, and SIHClient.exe and runs the Windows Update MiniTool (WUMT). To cancel press "Ctrl-c" now and updating will stay off. Closing WUMT at any time disables updates again, but don't close it if it's actually offering updates or it will probably install them without asking next time. Re-run the script after an update reboot in case something gets re-enabled which is possible. Included uninstaller undoes script changes. Press any key to continue... That's as short as I can make it. It's still too long.
What makes it too long? If it's informative and important, I want to read as much of it as there is to be read!
I gave it a go ... tried to make it a bit less techno ... more lay-man... and ... I ended up with more words and more lines! Maybe the whole situation has moved beyond words ... it feels like the relationship with Microsoft has broken down to the point we're it's time to get a lawyer and consider divorce! Code: Welcome to manual updates! The purpose of this script is to enable your control of the update process. The stages of manually updating are: @ Temporarily enable a range of blocked files @ Run the Windows Update MiniTool (WUMT) @ Disable and block the files again To cancel, press "Ctrl-c" now and updating stays off. Closing WUMT at any time disables updates again. However, if WUMT has already offering updates, you need to reject them one-by-one or it may install them without asking next time. If an update requires a reboot, re-run the script. The included uninstaller undoes script changes. Press any key to continue...
Code: Welcome to manual updates! The purpose of this script is to automate and enable your control of the update process. - My philosophy of updating is: - Reversibly permanently automatically disable a range of annoying crap:* - (UsoClient, WaaSMedic, and SIHClient, so far). - Ability to close script menu and updating stays off. - Enable and start only the Windows Update Service. - Run the Windows Update MiniTool (WUMT). - Stop and disable the Windows Update service. Closing WUMT at any time disables updates again; however, if WUMT is already offering updates, you need to hide them and/or install them one-by-one before closing WUMT or it may install them without asking next time. If an update requires a reboot, re-run the script and just close the first screen to make sure the useless crap that forces updates stays off. *The included uninstaller undoes script changes and everything's like it was before you ever used the script. Close this screen to cancel and leave updates turned off or press a key to check for updates...
March 16, 2018 Script updated to v2.2.6 Improvements since v2.2.5 In addition to disabling remsh.exe and UsoClient.exe, the script now also disables SIHClient.exe and WaaSMedic.exe. Uninstaller updated to restore file permissions and owner to TrustedInstaller. Code improvements. Thanks to @kabutopepe, @yipika, @Meesterlijk, @Skunk1966, @lomticksoftoast, and @l33tissw00t.
Hello back my friend. No, not really. In a way, this is like chess to me. Maybe I can win eventually with a version that works for a long time. I hope the newest v2.2.6 is the one, but I'll find out soon enough.
March 19, 2018 Script updated to v2.2.7 If you were waiting for the best version, this is it. It's been well tested. I'm freezing development at this version until future updates require changes. Improvements since v2.2.6 wub_task code improvements by @rpo Other code refinements.
remsh permissions werent deleted when I ran the latest version of the script coz there's no rempl folder but rempl-backup ?
I've never changed remsh.exe permissions in any version of the script. I rename the folder instead. Tasks are looking for remsh.exe in the rempl folder and can't find it in the rempl-backup folder. From the info I've gathered, remsh.exe doesn't make itself run.
Oh yeah I thought it did when I checked the script , it's true it doesnt change the permissions. Btw I checked the sihclient tasks before aplying the script and I noticed the author + desc of them changed to something like this "$(@%SystemRoot%\System32\sihclient.exe,-102)" after using the latest version of the script , is this normal ?
Yes, it is. Just ignore that. The task settings haven't changed, just the author and description. I think it's because the task doesn't like not being able to run sihclient.exe. The same thing happens with WaaSMedic tasks. As long as these tasks say "access denied" under "last run" that's all that matters.
It disables the windows update service after a reboot for when an update forces on automatic updates, unless you use the Configurator and choose the second option the task is still there but it can't turn off updates after a reboot.
So when the other two blokers have failed me.... I set the Update to disabled and that's that? no more forced Update Assistant visits?