July 17, 2018 WUMT Wrapper Script 2.4.4 Changelog from version 2.4.3 Fixed bug in Defender Update code. If you use Defender, update to this version. (I discovered the error just after submitting 2.4.3.)
Thanks so much for this tool. It's an absolute necessity for Windows 10 at this point, in my opinion. Especially for Home edition.
I today, as a test, I updated a 1709 VM image to Build 16299.550 (using KB434520 7/16/2018) with one result that might be of interest, in this forum. My apologies if this has already been covered. The 'UpdateOrchestrator' scheduled task xml files that are in the directory 'C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator' were not accessible or even visible. That is, the directory is now hidden from Admin and system users. The tasks are visible in the Task Scheduler and even could be exported but, not deleted. Since the UpdateOrchestrator directory is now invisible to Admin and system users, I as unable read its ownership or permissions. (Of course, no hope of changing any of these.) I expect we will shortly see a lot more files/directories associated with facilitating Win 10 forced upgrades, locked down like this. Would appreciate any ideas on how to gain at least 'read' access. Thanks.
This is the first I've heard of this. With the wrapper script the UpdateOrchestrator tasks simply fail, but since you want access to the files, this should work. The first three commands must be run in sequence in an administrator command prompt with the last two of the five optional. The first three commands allow you to give ownership and read/write access to administrators to the "System32\Tasks" folder and all subfolders and files. Run the fourth line if you want to disable every UpdateOrchestrator task in the UpdateOrchestrator folder. Run the fifth line to prevent the system from re-enabling any UpdateOrchestrator tasks you disabled. (you have to run the first three lines to get access to the files again) Code: :: Take ownership and give read/write access to administrators to System32\Tasks folder and all subfolders and files. takeown /F "%systemroot%\System32\Tasks" /a /r /d y icacls "%systemroot%\System32\Tasks" /t /c /q /reset icacls "%systemroot%\System32\Tasks" /setowner "*S-1-5-32-544" /t /c :: only run the next line if you want to disable every update orchestrator task at once. powershell -command "& {Get-ScheduledTask -TaskPath '\Microsoft\Windows\UpdateOrchestrator\' | Disable-ScheduledTask}" :: only run the next line if you want to disable access to the UpdateOrchestrator task xml files so they can't be re-enabled by the system (or modified by you) until you run the first three lines again. icacls "%systemroot%\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\*" /inheritance:r /remove *S-1-5-32-544 *S-1-5-11 *S-1-5-32-545 *S-1-5-18 Let me know if you have any problems.
Thank you for the quick and thoughtful response. The problem is this that the object of interest, the 'UpdateOrchestrator' directory (and its contents) in this example, is "invisible" to Admin and System users so any operation: listing, modifying, deleting or changing ownership or permissions will fail. In fact, that is the whole point of hiding these objects in the first place. I understand this 'protection' is provided by the TrustedInstaller Service. It occurred to me after I posted that the key to regaining access might be by running as a TrustedInstaller and today, that proved to be the case. I was able to regain access running as a TrustedInstaller and changing the object permissions appropriately. (This would normally be a dangerous thing to do.)
July 24, 2018 WUMT Wrapper Script 2.4.5 Changelog from version 2.4.4 This update is well tested on 1803 and LTSB. Windows Defender now updates every 4 hours and whenever you run the script, and as always it doesn't do anything if defender isn't running. (I can change the update frequency easily, 2 or 1 or 12 hours, just let me know if I need to change it). This version is greatly improved in many ways. Details here. I spent a lot of time monitoring what starts the windows update service for people who want to leave the update service running all the time so the store will always work, and through this research disabled many new unnecessary services, files, and tasks: Previously disabled items up to wrapper script v2.4.4 remsh.exe EOSNotify.exe osrss.dll UsoClient.exe WaaSMedic.exe WaasMedicSvc.dll WaaSMedicPS.dll WaaSAssessment.dll MusNotification.exe MusNotificationUx.exe SIHClient.exe Added disabled items in v2.4.5 * The following cause the windows update service to start if enabled in script and so are disabled: "InstallServiceTasks.dll" "InstallService.dll" "compattelrunner.exe" Task - "\Microsoft\Windows\WindowsUpdate\Scheduled Start" (runs "sc start wuauserv"). "pushtoinstall.dll" (pushtoinstall.dll being disabled makes it not possible to push apps to other pc's. If this, or any other issue is a problem, please report it here in this thread. This is a pesky item and causes lots up update starts. I put a lot of thought into disabling this. I didn't want to disable it, but if needed I can easily re-enable it. Leave feedback So, with v2.4.5 I got lucky and a Cumulative Update became available so I could test the script with the new added disabled stuff. I did have to run the Settings > Update app with updates turned on in the configurator for the CU to be detected and available but that happens anyway sometimes. Then I installed the CU with the wrapper script. In other words, all this crap I'm disabling isn't needed for updates to work. Also, the uninstaller undoes everything and puts everything back like it was originally. The chances of damage to the system are zero.
2.4.5 broke windows store updating and also cause windows store to crash when trying to go into store settings. Uninstalled 2.4.5 and re-installed 2.4.4 and it's all working again. Edit: sorry, forgot to add, this on a Win10 Home 1803 17134.167, and also a Win10 Pro with latest CU 17134.191
Ok i gave the 2.4.6 RC1 a shot on the Win10 Home 1803, but still the same 2 issues with store. Back to 2.4.4 once again fixes it.
Dont know if this helps or not, just sharing my findings. On windows 7 SP1 64bit(with kb3125574) Windows Update service has 3 registry locations, [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv] "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\wuauserv] "Start"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv] "Start"=dword:00000004 ====================================================== Windows Registry Editor Version 5.00 ;Windows Update Service disabled. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv] "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\wuauserv] "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv] "Start"=dword:00000004 ====================================================== As you can see the service is Disabled in 2 locations and Default in one. I have noticed the service re enables to default sometimes. Possibly because the service has 2 differing values the os goes back to its Default value. I have created a batch file to stop the service from the desktop and the reg file to set the 3 locations to Disabled. After a reboot it stays disabled.
That'll be 2.4.6 then. Thanks again. Well, that's not good. I'll have to check it out. Thanks. Random statement: Also update error I keep getting on LTSB today "Downloading "2018-07 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4338822)"... Failed (0x80070002)" "Downloading updates: Failed (0x80240022)" I think MSFT screwed this one up, so I hid the update and will wait for a fixed one.
Your tool is overkill for LTSB versions. Setting Ethernet to metered, disabling all Windows Update related Tasks in Scheduler and setting WU to disabled is quite sufficient. No problems with these settings on two machines. It's LTSB which doesn't support any Feature Updates hence most of the start ramps introduced on other SKUs are present here . The new CU KB4338822 (14393.2395) installed flawlessly on both.
The script is definitely overkill for ltsb, I just use it for a guinea pig. I think I borked this system when I was playing with office activation methods. I can only run office 2007 on it. No other version will install. And I can't fix it. It has other problems too. Probably time to do a reinstall on it.