none
Windows Auto Update is turning itself back on. RRS feed

  • Question

  • We have multiple Windows servers and sometimes after we have ran Windows updates on them we find that some of them change there update settings from Turn Off Automatic Updates to Automatic.  What is the recommended method for making sure that the Auto updates are turned off.
    Friday, June 14, 2013 1:39 AM

Answers

  • We have multiple Windows servers and sometimes after we have ran Windows updates on them we find that some of them change there update settings from Turn Off Automatic Updates to Automatic.  What is the recommended method for making sure that the Auto updates are turned off.

    This doesn't happen automatically ... something is causing it. The key is to find out what that "something is. In my observations, most commonly the culprit is a startup or logon script that's been configured to make those changes. However, in this case, I think the cause is much more obvious.

    If the Automatic Updates service (Windows Update on Vista and newer systems) is DISABLED, then you cannot scan Windows Update. If the AU/WU service is set to MANUAL and STOPPED, browsing to Windows Update on WinXP/2003 (or launching the Control Panel WUApp on Vista & later) will START the AU/WU service. The AU/WU service must be running in order to scan for updates or install updates.

    But let me ask a more signfiicant question... Why do you want these systems configured with Automatic Updates *OFF* in the first place? And why are you using Windows Update to patch servers instead of WSUS (particularly notable since you've chosen to post in the *WSUS* forum!)

    If you're trying to keep servers from automatically installing updates (by use of Automatic Updates), there are many more appropriate configuration methodologies to be used than disabling the AU/WU service. Even though you're not actually using WSUS (you should be), this chapter of the WSUS Deployment Guide: Update and Configure the Automatic Updates Client Computer will provide you information on the proper way to achieve your objectives.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2013)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Friday, June 14, 2013 3:06 PM
    Moderator

All replies

  • We have multiple Windows servers and sometimes after we have ran Windows updates on them we find that some of them change there update settings from Turn Off Automatic Updates to Automatic.  What is the recommended method for making sure that the Auto updates are turned off.

    This doesn't happen automatically ... something is causing it. The key is to find out what that "something is. In my observations, most commonly the culprit is a startup or logon script that's been configured to make those changes. However, in this case, I think the cause is much more obvious.

    If the Automatic Updates service (Windows Update on Vista and newer systems) is DISABLED, then you cannot scan Windows Update. If the AU/WU service is set to MANUAL and STOPPED, browsing to Windows Update on WinXP/2003 (or launching the Control Panel WUApp on Vista & later) will START the AU/WU service. The AU/WU service must be running in order to scan for updates or install updates.

    But let me ask a more signfiicant question... Why do you want these systems configured with Automatic Updates *OFF* in the first place? And why are you using Windows Update to patch servers instead of WSUS (particularly notable since you've chosen to post in the *WSUS* forum!)

    If you're trying to keep servers from automatically installing updates (by use of Automatic Updates), there are many more appropriate configuration methodologies to be used than disabling the AU/WU service. Even though you're not actually using WSUS (you should be), this chapter of the WSUS Deployment Guide: Update and Configure the Automatic Updates Client Computer will provide you information on the proper way to achieve your objectives.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2013)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Friday, June 14, 2013 3:06 PM
    Moderator
  • 1: Yes this does happen "by itself". Perhaps the setting-file does not, but unless you wish to claim that ESET Protection has gone rouge and like a child, try to shift the blame - YES THIS DOES HAPPEN!

    2: I take offence that you would even ask why someone would turn off automatic updates. Not only has it been proven time and time again that errors are often introduced with updates which can cause some programs to become unusable, (or even stop some programs from running at all), but critical data may be lost when windows brutally shuts down all running programs in total disregard of what the user has running. (I have lost _countless days_ worth of work due to windows-update and your nonchalant question truly does offend me.)


    • Edited by Yammamoto Tuesday, November 26, 2013 4:06 AM formulation
    Tuesday, November 26, 2013 3:59 AM
  • 1: Yes this does happen "by itself". Perhaps the setting-file does not, but unless you wish to claim that ESET Protection has gone rouge and like a child, try to shift the blame - YES THIS DOES HAPPEN!

    If you're griping that ESET Protection is doing this, then my original point stands... it's not happening "by itself", something external to the Automatic Updates service is manipulating it. In this case, apparently ESET. If not ESET, then I promise you something else is. There is no provision in the Automatic Updates service (or any other service, for that matter) to self-configure.

    2: I take offence that you would even ask why someone would turn off automatic updates.

    Your offence is noted, but rather irrelevant inasmuch as this is the *WSUS* forum and here we talk about a product that requires this service to be enabled and running. If you don't like the service, and aren't using WSUS, then you're posting/monitoring the wrong forum.

    Not only has it been proven time and time again that errors are often introduced with updates which can cause some programs to become unusable, (or even stop some programs from running at all), but critical data may be lost when windows brutally shuts down all running programs in total disregard of what the user has running. (I have lost _countless days_ worth of work due to windows-update and your nonchalant question truly does offend me.)

    Or, perhaps, you've lost "_countless days_" of work because of your fundamental misunderstanding of how Automatic Updates works, or perhaps even, Windows itself.

    Yes, there have been updates, from time-to-time, that have been problematic with respect to the stability of systems. This is why you need to have a functional TESTING program in place.

    No, Windows does not "brutally shut down all running programs in total disregard of what the user has running", and has not for a very many versions!


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2013)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence R Garvin
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Sunday, December 1, 2013 7:50 PM
    Moderator
  • I understand you believe you know how windows updates are supposed to work, but I will be the second person to "confirm" that I have witnessed windows updates automatically rebooting the machine.  I set automatic updates to "download but let me choose when to update"  always. on all machines.  However I have many times come in to find a machine somehow decided that it needed to reboot itself due to pending updates.  I am completely disabling windows update and will manually search and update from here on out.  I just had a machine with no ESET or extra auto login programs do this twice.  Unless Office 2013 is doing this, only thing running on that machine, then this is a reality.  I thought I was crazy, but have experienced this over a dozen times on different boxes of the years.

    Perhaps we should continue to be open to accept things that may not working "as they were designed"...

    Friday, October 17, 2014 1:52 PM
  • I understand you believe you know how windows updates are supposed to work, but I will be the second person to "confirm" that I have witnessed windows updates automatically rebooting the machine.

    Whereever did you get the impression that Windows Update would not automatically reboot a system? Windows Update has been automatically rebooting systems for almost 20 years!

    I set automatic updates to "download but let me choose when to update" always. on all machines. However I have many times come in to find a machine somehow decided that it needed to reboot itself due to pending updates.

    Those two statements are fundamentally contradictory. But I'll make you a deal. The next time you have a system set to "choose when to update" and "WU rebooted the machine", we can look at the WindowsUpdate.log and I'll show you exactly where either [a] the machine was not configured the way you think, or [b] a *HUMAN* helped the process.

    Perhaps we should continue to be open to accept things that may not working "as they were designed"...

    Or.. perhaps we should be open to accept that things do not work as we THINK they do!


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Saturday, October 18, 2014 5:11 AM
    Moderator
  • We have multiple Windows servers and sometimes after we have ran Windows updates on them we find that some of them change there update settings from Turn Off Automatic Updates to Automatic.  What is the recommended method for making sure that the Auto updates are turned off.

    disabling updates is extremely risky in this time of pervasive malware

    Saturday, October 18, 2014 11:52 AM
  • What is the recommended method for making sure that the Auto updates are turned off.

    If the intent of this question is to ask how to disable the SCHEDULED INSTALLTION of updates, the answer is to configure the client the way you want it to. http://technet.microsoft.com/en-s/library/dd939900(v=ws.10).aspx


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Sunday, October 19, 2014 1:57 PM
    Moderator
  • I completely agree with the original poster's comments along with Yammamotos ...  

    This is an ongoing problem I have been facing over the past several months.  I personally have lost hours of work in Visio due to Windows Updates automatically deciding that I'm done with my WORK and REBOOTING my PC.

    This is my HOME PC that I'm talking about.  I'm not running ANY logon scripts, no Group Policies, and my PC is not a member of a domain.  I run AVAST antivirus only.  I have Windows Update set to "Never check for updates (not recommended)" and even have "Recommended updates" unchecked.

    I've lost countless hours of work because of Microsoft's "Auto-Restart after updates" even though I have completely opted out and turned them off.

    I also have COUNTLESS users who are experiencing the same thing.  I have many Windows 8.1 clients whose computers get stuck in limbo after an update saying "configuring updates 100%" for over an hour tying up their computer -- forcing them to have to reboot and do a system restore to a date BEFORE the Windows Update package was downloaded -- and THEN, TURN WINDOWS UPDATES OFF YET AGAIN!!!!  Only to have it automatically turned BACK ON once again, and start again with the system restore.

    I agree that it's a bad time to turn off Windows Updates in the midst of all of the horrible malware -- especially with CryptoLocker running wild ..   I just wish Microsoft would put a SIMPLE CHECKBOX in the Windows Update configuration page that would NEVER ALLOW AUTO-REBOOT, or REQUIRE USER INTERVENTION FOR REBOOT AFTER UPDATES.  But, then again, how could we be sure this setting would stick, when Windows Updates continuously turns itself back on "mysteriously".

    Michael

    Friday, October 24, 2014 2:15 PM
  • Lawrence Gavin really doesn't know what he's talking about.

    Any longtime Windows user, knows that automatic updates is a problem.

    Thursday, April 9, 2015 10:06 PM
  • Today I just discovered 2 of my 4 production Citrix servers just had MS Windows Update change from "Download and let me choose when to install them" to "Install Updates Automatically".  

    One of the servers finished the installs last night, and now I have issues with that server.   The second server did not download the updates yet, Thank God.

    We have a DEV server for testing updates, and a process for this.

    Is there a way to check the exact date and time this change was made? 

    Tuesday, June 2, 2015 2:59 PM
  • due to tampering I refer you for help with  Ben Herila [MSFT]



    M5A99FX

    Hardcore Games Legendary is the Only Way to Play!
    Vegan Advocate How can you be an environmentalist and still eat meat?

    Tuesday, June 2, 2015 5:52 PM
  • I have been experiencing this issue.

    We are in the process of expanding into a new region. For corporate legal reasons we are required to deploy an entirely new Forest with Trusts back into our existing environment.

    So currently there is a completely new and clean environment with no WSUS server, no other security based software or Group Policies which relate to Windows Updates. There are currently 12 Win 2012 R2 Datacentre machines running Hyper-V and I have built around 20 or so guest production servers of various types and builds onto each. Guest machines are a mix of Server 2012 R2 Standard, Server 2008 R2 standard and a few Centos Linux boxes.

    By build document and change control during the build project, EVERY machine is built and set to Never check for updates (Not recommended). 

    This issue is occurring ONLY with Server 2012 machines, but every now and then a server will set itself to Automatic and then periodically reboot itself  - I get to find out that this has happened when a hypervisor has recycled and my monitoring system lights up with 20 or so machines offline.

    I have just read through the WindowsUpdate.log on one of the affected servers and there is a line (below) saying that AU set new AU options. So component AU which is Automatic Updates is performing this task and changing its own settings.

    ###########  AU: Setting new AU options  ###########

    So far, the ONLY way that I can control this problem is to stop the WU service and only restart the service when we are ready to perform updates.

    Monday, July 20, 2015 1:55 PM
  • do you use SCCM in your environment?

    rsop.msc shows no WU GPOs?

    do any of these servers have the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

    Monday, July 20, 2015 3:42 PM
  • Trying to figure out which is worse, your apparent lack of knowledge of these very real issues, or your condescension of those that would dare to disagree with you.  I own a small PC company, retail and repair, and can tell you absolutely that my computers (home, and at the shop) do 2 things with regularity.  1. They change from Do not check for updates, or download and let me decide, to Install Automatically.  2. Once every month or so, I will come in to find that (at least) one of my machines has in fact rebooted itself.  (and yes, bingo, now set to automatic again)  As others have said, if you're running any programs on the computer, whatever work you may have been doing or have done is lost.

    Has anyone else (among you that know this is real) found any additional information on this?  It's a real annoyance.

    Note: I signed up here specifically to respond to this thread, I knew I wasn't  the only one seeing this, but there is a surprising lack of available information on this issue.  Is it that this is not widespread, or are people just rolling their eyes, saying "thanks Microsoft" and living with it, like they do a lot of Microsoft "policies and procedures"?



    Friday, February 19, 2016 3:30 PM
  • This is the 2nd time I have had this issue on a Windows 2008 R2 stand alone Server. It just happened again on Sept 24th. I had manually set it to Download updates and Notify (approval type =3) and on the 24th it Automatically set the Approval Type to 4 - Download and install updates. I was manually installing a few updates at a time and testing for a week because in one big set of updates it caused a huge speed decrease in the server, so I had to do a system restore to get the speed back and then was slowly installing a few updates at a time to find out which one caused the speed issue.

    2016-09-24 09:59:22:276 1116 10c4 AU ###########  AU: Setting new AU options  ###########

    2016-09-24 09:59:22:276 1116 10c4 AU Setting AU Approval Type to 4
    2016-09-24 09:59:22:276 1116 10c4 AU Setting Install Schedule Day to 0
    2016-09-24 09:59:22:276 1116 10c4 AU Setting Install Schedule Time to 3
    2016-09-24 09:59:22:277 1116 10c4 AU Successfully wrote event for AU health state:0
    2016-09-24 09:59:22:277 1116 10c4 AU  # Policy changed, AU refresh required = No
    2016-09-24 09:59:22:277 1116 10c4 AU  # Approval type: Scheduled (User preference)
    2016-09-24 09:59:22:277 1116 10c4 AU  # Scheduled install day/time: Every day at 3:00
    2016-09-24 09:59:22:277 1116 10c4 AU  # Auto-install minor updates: Yes (User preference)
    2016-09-24 09:59:22:277 1116 10c4 AU AU settings changed through User Preference.
    2016-09-24 09:59:22:278 1116 10c4 AU Setting AU scheduled install time to 2016-09-25 10:00:00
    2016-09-24 09:59:22:278 1116 10c4 AU Successfully wrote event for AU health state:0

    • Proposed as answer by Mike Plett Wednesday, October 5, 2016 9:10 PM
    • Unproposed as answer by Mike Plett Wednesday, October 5, 2016 9:10 PM
    Wednesday, October 5, 2016 7:19 PM
  • I found this blog https://blogs.technet.microsoft.com/sus/2012/01/17/windows-update-agents-suddenly-and-unexpectedly-start-downloading-all-updates-from-the-microsoft-update-site/

    by the Microsoft WSUS Team. They are saying this is an expected result if the source for the update changes.

    Wednesday, October 5, 2016 9:11 PM
  • Deleted
    Sunday, January 15, 2017 10:28 PM
  • I have this issue on Windows 7 Pro and Windows 8.1 home premium. I would very much like to have you explain how to find the reason in the logs. I have limited home network and try to schedule my updates on a weekly visit to the library. I check every week to see if there are any updates that need my attention. I have MSE installed and I usually download the updates for that. Tonight I tried to do that and it failed because an update was already in progress. I checked the update settings and found it reset to automatically download and install updates. I know for a fact that I did not set it like this and I reset it back to check and notify again. This happens every few months. I will check the other two machines and see if they have also changed. Unless I can find out what is causing this, I guess I will have to add one other check to my weekly maintenance.

    Thanks-in-advance

    Friday, February 17, 2017 3:15 AM
  • Omg,this is unbelievable .I've got the same damn issue.I've got windows 10 machine everything is set to OFF or disabled,and all of a sudden the windows update service kicks in!I've disabled all calls home (as this version of OS calls home more then telemarketers!) god oh mighty!

    But the thing keeps changing to bloody On!

    WHY?!

    ....this is so frustrating!

    Thursday, September 28, 2017 1:57 PM
  • 1. I too have an office full of Windows 10 machines with the exact same issue. I turned off automatic updates and yet it comes back on. I disabled the windows update service and the BITS service and it comes back on. I made sure nothing was set to start up. They have no login scripts or group policy objects to initiate re-enabling those services.

    2. I find it amusing that the Moderator, Lawrence Garvin, marked his answer as the best answer even though he hadn't provided a single reasonable explanation for the issue.

    3. Lawrence, how is there a "misunderstanding of how automatic updates works"? There's a simple you have it on or you have it off. You have it disabled or you have it enabled. Perhaps you have a fundamental misunderstanding of how an on off switch works! Light switches must confuse the heck out of you.

    4. To the person that said "disabling updates is extremely risky in this time of pervasive malware" I say this, why would I trust microsoft to create a patch to protect me from such sophisticated malware when they can't even create a button that actually turns automatic updates off when I want it to?


    MCP MCSA MCSE MCTS MCITP CompTIA A+ CompTIA Net+ CompTIA Sec+

    Friday, September 29, 2017 5:36 PM
  • 1. I too have an office full of Windows 10 machines with the exact same issue. I turned off automatic updates and yet it comes back on. I disabled the windows update service and the BITS service and it comes back on. I made sure nothing was set to start up. They have no login scripts or group policy objects to initiate re-enabling those services.

    2. I find it amusing that the Moderator, Lawrence Garvin, marked his answer as the best answer even though he hadn't provided a single reasonable explanation for the issue.

    3. Lawrence, how is there a "misunderstanding of how automatic updates works"? There's a simple you have it on or you have it off. You have it disabled or you have it enabled. Perhaps you have a fundamental misunderstanding of how an on off switch works! Light switches must confuse the heck out of you.

    4. To the person that said "disabling updates is extremely risky in this time of pervasive malware" I say this, why would I trust microsoft to create a patch to protect me from such sophisticated malware when they can't even create a button that actually turns automatic updates off when I want it to?


    MCP MCSA MCSE MCTS MCITP CompTIA A+ CompTIA Net+ CompTIA Sec+

    Just an FYI, Lawrence passed away a few years ago suddenly.

    Your logic of updating is flawed. You expect a way to turn it off as it used to be. Things have changed, and it's a requirement.

    You can imitate turning it off by Installing WSUS, not approving any patches, but that will only last so long as Microsoft is trying to PROTECT you from the bad guys.

    Half the time I help in Spiceworks forums and as I just started helping here on technet, we have people who are TRYING to go against the grain. When you do that, issues happen. Change how you think. Change your life.

    Gotta go now, but I'll post more later.


    Adam Marshall, MCSE: Security
    http://www.adamj.org

    Saturday, September 30, 2017 2:14 PM
  • Lawrence

    Even though you have an alphabet after your name, you are denying things that DO happen. I disable Windows 10 updates through Services, but it keeps coming back. Why did I do this. Because a big Win10 update crashed right in the middle of download and caused me to reinstall Windows 10 from the beginning. A Microsoft tech, tried to help but INSISTED  that the updates were safe. What happened when the updates were installed a second time? I lost all networking...no ethernet, no broadband, no wifi. Nothing. I had to start over again. The updates were the problem. You claim that they are tested prior to roll out, but they still cause more problems than they fix.  BTW, in Canada and the USA there is an inherent "right" called the "Freedom of Choice" which Microsoft is denying the user. I have the right to refuse updates if I want to, but Microsoft says I do not.

    And YES, Microsoft DOES shut down programs. When an update is installed and you are not monitoring it, Windows will automatically restart, regardless of what is running. If you are monitoring it and you say "restart later" it should restart when YOU want it to, not when Microsoft decides to.

    Now get off your pedestal and accept what users are saying. Microsoft is not this almighty being that is perfect and controls the computing world. Try being a little humble and listen to what users are saying, instead of insinuating that you are always right. Only one person was perfect, and he was crucified 2000 years ago.

    Thursday, October 5, 2017 2:28 AM
  • I've possibly been a bit more radical.  Really can't stand all this unrequested chitty-chatting to the Internet.  Whose computer is it anyway?  What I've been and gone and done on my son's new Windows 10 Home edition gaming computer is delete the Windows Update service by opening a CMD prompt as admin and entering the following command:

    sc delete wuauserv

    This seems to have got rid of the damned thing and I've even been able to successfully restart the computer afterwards.  That was 10 minutes ago and it's still running except that it is now unusually quiet, fast, responsive and I can now use other devices through our 2.5MB broadband.  I'll see how it goes.  If it all goes pear shaped then I'll re-format and re-install windows. If anyone else is stupid enough to give it a go then please leave a note.

    Thursday, October 5, 2017 11:48 AM
  • Lawrence

    Even though you have an alphabet after your name, you are denying things that DO happen. I disable Windows 10 updates through Services, but it keeps coming back. Why did I do this. Because a big Win10 update crashed right in the middle of download and caused me to reinstall Windows 10 from the beginning. A Microsoft tech, tried to help but INSISTED  that the updates were safe. What happened when the updates were installed a second time? I lost all networking...no ethernet, no broadband, no wifi. Nothing. I had to start over again. The updates were the problem. You claim that they are tested prior to roll out, but they still cause more problems than they fix.  BTW, in Canada and the USA there is an inherent "right" called the "Freedom of Choice" which Microsoft is denying the user. I have the right to refuse updates if I want to, but Microsoft says I do not.

    And YES, Microsoft DOES shut down programs. When an update is installed and you are not monitoring it, Windows will automatically restart, regardless of what is running. If you are monitoring it and you say "restart later" it should restart when YOU want it to, not when Microsoft decides to.

    Now get off your pedestal and accept what users are saying. Microsoft is not this almighty being that is perfect and controls the computing world. Try being a little humble and listen to what users are saying, instead of insinuating that you are always right. Only one person was perfect, and he was crucified 2000 years ago.

    2 Things

    1. Do you realize that Windows 10 was not out at the time of Lawrence's post (October 2014)
    2. If you had read the most recent post above what you posted, I mentioned that Lawrence passed away a few years ago, suddenly, so he won't be responding back to you.

    And to put it into perspective, I'm in Canada, and I CHOOSE to use Windows. When you choose Windows, you CHOOSE to follow the methods of Microsoft. If you don't want to reboot after applying updates, or don't WANT to apply updates, use an OS that allows you that CHOICE (insert your favourite flavour of Linux, Unix, Solaris.) I'm not positive, but I think Apple does the same thing with updates, but I could be wrong there because I don't have a Mac system.

    If you choose to use an OS that allows you to stop updates, you shouldn't put that system on the internet, or LAN with other systems as viruses have a unique way of getting past air gaps (Stuxnet anyone?)


    Adam Marshall, MCSE: Security
    http://www.adamj.org

    Thursday, October 5, 2017 12:27 PM
  • I've possibly been a bit more radical.  Really can't stand all this unrequested chitty-chatting to the Internet.  Whose computer is it anyway?  What I've been and gone and done on my son's new Windows 10 Home edition gaming computer is delete the Windows Update service by opening a CMD prompt as admin and entering the following command:

    sc delete wuauserv

    This seems to have got rid of the damned thing and I've even been able to successfully restart the computer afterwards.  That was 10 minutes ago and it's still running except that it is now unusually quiet, fast, responsive and I can now use other devices through our 2.5MB broadband.  I'll see how it goes.  If it all goes pear shaped then I'll re-format and re-install windows. If anyone else is stupid enough to give it a go then please leave a note.

    The bigger question here is WHY don't you want to update your system? Do you use an Antivirus? Is it updated? Why is your AV updated but your OS not? Why are you so afraid of updates for a Windows OS yet I bet your phone is on the LATEST Android or iOS Operating system version. Why? Are any of your apps on there updated? Why?


    Adam Marshall, MCSE: Security
    http://www.adamj.org

    Thursday, October 5, 2017 12:37 PM
  • To answer your question would be to just repeat what so many others here have already said but I'll give it a go anyway. Reasons to not update your system right away when an update is released by Microsoft:

    1. They on occasion tend to break things.

    2. How often does Microsoft release an update and then immediately start working on fixes for the update they've just sent out? The answer is, all the time! 

    3. As I stated before why would I trust a company to release a proper security update when they can't even make a button that turns off automatic updates actually turn off automatic updates. 

    4. If you were paying attention to Technobollocks' post you would have read the line about having 2.5mb broadband. Can you imagine how long it takes for someone to download an entire load of windows update on that? You don't know why that's the best speed he gets, perhaps it's the only speed in the area which is still common in a lot of places. Also try to imagine an office, with ten computers. All basically forced to upgrade to Windows 8-10 at some point because prior versions are becoming no longer supported. A small ten seat company probably doesn't pay for the fastest internet speeds possible. Windows shoots out an update, there goes bandwidth for the next 3 days. 

    5. With ISPs putting download limitations on customers in terms of how much they can download why waste any of that on crappy windows updates? 


    MCP MCSA MCSE MCTS MCITP CompTIA A+ CompTIA Net+ CompTIA Sec+

    Monday, October 16, 2017 3:22 PM
  • Let's think differently.

    #1 & 2 are very very very subjective statement. In the THOUSANDS of updates Microsoft releases, a few have issues. I will admit, more now than in the past, but the fact that they push out ~50-80 updates a month for a handful of software, the fact that 79 of that 80 pass without issues is unheard of. REALLY! You only hear about that 1 update.

    On your iphone or android phone - do you have auto-updates turned on? Do any of your software break as a result of an update? I've had a few break, only to be fixed a few days later. All software has bugs. Having a software company write a bug fix or an enhancement that creates a business critical problem is a failure on the Admin... A failure on the approving in a test environment FIRST before approving it to a production environment.

    #3 - They don't want you to be able to turn them off. Why would they in this day and age where systems are getting hacked due to lack of updating (Equifax?, EternalBlue?, etc)

    #4 & 5 - 2.5 MB internet is fine, along with a bandwidth cap is also fine - Implement a WSUS Server. This way you control the updates, you control the bandwidth usage (see GPOs for throttling during business hours or all the time), control how systems update FROM your WSUS server with GPOs relating to the Windows Update Agent on each client system. On Windows 10, enable the delivery options for sharing updates over LAN connections (not Internet) - this will help in the feat. Oh, and If you're about to say they can't do it inside, or can't afford a server inside the network to run WSUS - use Amazon Web Services or another cloud system - they're cheap, even with renting the licensing!

    Your entire argument is based on the fact that you want an OS that doesn't download, doesn't update, allows you full control of everything... Well all of that sounds wonderful, and exists in a Linux system (although I still would not recommend not updating)...  but Linux is not Windows, and you want 'Windows'.

    Times are changing, either get with the program or switch to Linux... which may end up following this method at some point in the future too. This is the SAME type of argument that you can create with a perpetual license for software. Once you buy it you want to 'own it'... that's going away too (in time, not yet, but O365 has already started it).


    Adam Marshall, MCSE: Security
    http://www.adamj.org

    Tuesday, October 17, 2017 3:57 AM
  • I know this is an old discussion, but you are refusing to accept this occurs quite frequently. I have hundreds of workstations that are set to "download but let me choose when to update". We can debate the reasoning why one would use such setting, but it doesn't change the fact that many times the systems will reboot without warning and after the reboot it will usually indicate recent updates have been downloaded and need to be installed.

    Since your posts indicate how you feel about turning off auto updates, you obviously are not using the above setting and therefore don't have the knowledge of first hand experience. So it is quite omnipotent of you to claim it doesn't happen as described.

    By the way...the hundreds of workstations I support are on dozens of networks at different locations with different companies and running a wide array of different software.

    So when others who are actually experiencing this issue and read your remarks...makes you look like a arrogant dimwit.

    Thursday, December 14, 2017 2:03 PM
  • I know this is an old discussion, but you are refusing to accept this occurs quite frequently. I have hundreds of workstations that are set to "download but let me choose when to update". We can debate the reasoning why one would use such setting, but it doesn't change the fact that many times the systems will reboot without warning and after the reboot it will usually indicate recent updates have been downloaded and need to be installed.

    Since your posts indicate how you feel about turning off auto updates, you obviously are not using the above setting and therefore don't have the knowledge of first hand experience. So it is quite omnipotent of you to claim it doesn't happen as described.

    By the way...the hundreds of workstations I support are on dozens of networks at different locations with different companies and running a wide array of different software.

    So when others who are actually experiencing this issue and read your remarks...makes you look like a arrogant dimwit.

    I would say that you have a mis-configured (somewhere) setup, either with your GPOs (sprouting unwanted registry settings causing Dual Scan), or using deadlines in your WSUS approvals.

    Here's a screenshot of my servers GPO. I have a GPO Inheritance setup, so the Location is left out as that's taken from inheritance of another GPO.

    Before you say that that's for servers, I have a Windows 10 (32bit) client acting as servers for special software (HVAC system) that requires a user be logged in and the program running for the software to record the data into the database (very poor requirement - they couldn't even make it a service). I've had no issues with this system being left for days with pending updates... sometimes I forgot about this system in my update routine as a user was using it at the time and I said that I'd come back later, and then forgot. Longest time was 2 patch cycles (2 months) where it had been waiting for the updates to patiently be installed. It didn't reboot during those 2 months, either on its own or requested by a user.

    As for your last comment, I figured it would be more advantageous to show you what I have, and that it works. I do truly wish to help and don't appreciate the rude comments.


    Adam Marshall, MCSE: Security
    http://www.adamj.org
    Microsoft MVP - Windows and Devices for IT

    Friday, December 15, 2017 4:55 AM
  • I've just spent the last few minutes reading through the old posts, and in fact some which are quire recent.

    I too have the issue of updates turning itself back on, and with this I'd like to make a few comments on the posts in this thread.

    It is mentioned "why would you want to turn off updates when MS is just trying to protect you"   My response to that would be, why do the police book you for speeding, or drink driving, and that would be the same answer, because they want to protect you.   But at the end of the day, it is my choice whether I speed or not, and my choice whether I want to get behind the wheel after a few drinks.

    In the same frame, it should be my choice whether I choose to let MS protect me or not.   I don't want to be protected.   I want control of what is mine, of what I paid for, even of my own destiny.

    If I want to turn off updates, MS should respect this wish, and allow me to do it.   When my windoze machine breaks, because I didn't have updates enabled, then MS is well withing their rights to tell me "We tried to warn you, we tried to help you, you are on your own"

    I do agree that I can use Linux if I want full control of my PC, updates etc, and I do use is and I prefer it, but unfortunately, the office  I work in is a Windoze environment.   Why??   Well that's simple, because Windoze is a mums and dads operating system that everyone knows.

    I'm not a fan of Windoze, as you have probably notice, but if I want to use my notebook at the office I have no choice.  I have to follow suit.  As I own this notebook, and I own the software on it, it is up to me whether I keep it up to date.   The company doesn't care less, not even if anyone here start saying that I could be responsible for the proliferation of malware, viruses etc. ( I actually us and own purchased antivirus software, which has been rated the highest and most reliable in the world for many years running, so these issues are not present or caused by me.   Just an aside in case anyone wants to have a shot at me.

    I would like to add my voice to the many here saying to MS, please leave my windoze box alone.   Please let me be the master of my own destiny, and please when I turn something off, leave it like I left it. 


    Thursday, January 11, 2018 4:52 PM
  • It is mentioned "why would you want to turn off updates when MS is just trying to protect you"   My response to that would be, why do the police book you for speeding, or drink driving, and that would be the same answer, because they want to protect you.   But at the end of the day, it is my choice whether I speed or not, and my choice whether I want to get behind the wheel after a few drinks.

    Think of this differently.

    MS is not the police. MS is your car manufacturer. You have a car that they've manufactured that contains a computer on-board and that computer controls your REV limiter and limits you to 6000RPM. Should the manufacturer allow you to modify this limit considering it has tested that at 6800RPM the engine blows up and causes bodily harm including death? If the car enthusiast wants to 'hack' his way through the computer, tinkering through trial and error, to remove the limitation or raise it to 6700RPM, then he may 'hack' his way to do so at his own risk, but the car manufacturer will in no way shape or form help them do that.


    If you want to hack your way through life (and some people do, I'm not pointing fingers), then you do it on your own without the support of the manufacturer.


    As I own this notebook, and I own the software on it,

    But you don't own the software on it - well at least not Windows or your Antivirus. You License it. Big difference.


    Adam Marshall, MCSE: Security
    http://www.adamj.org
    Microsoft MVP - Windows and Devices for IT


    • Edited by AJTek.caMVP Thursday, January 11, 2018 6:53 PM
    Thursday, January 11, 2018 6:52 PM
  • I actually have a more reasons of why I want updates off. The most recent update completely eliminated what was saved on my start menu. Broke a couple minor applications. Took away features that were there before.

    The piece that makes me so angry, is the last part. HEY MICROSOFT! It's not an upgrade if you take features away! That's called a downgrade. That is what has been happening lately with updates. The other one is making harder for me to get to various IT tools. Like in windows 10 you can right click in the lower right to get to control panel for quickly adding and removing software. Now I have to hope Cortana is in the mood to bring up what I type in. Some days it's fine some days it's not.

    Linux is looking better and better and have been pushing and willing to learn Mac products lately in my company. They want to talk about updating cell phones. Here's another one for ya when was the last release for my windows phone to get updated? It's easy to be on the latest version when the latest version is several years old. No leg to stand on for updating to latest version of phones. Many of my phone apps are not working because of lack of updates available by microsoft. Now tell us how to disable updates and stop trying to just pick fights with everyone.

    Friday, January 19, 2018 11:03 PM
  • I'll give another reason why Windows Updates should NOT be mandatory.

    We've got several LattePanda boards that come pre-installed with Windows 10 Home.

    We're going to be using these in field computers.  Most of the time these won't have access to the Internet, so MS Updates won't work anyway.  But in the event that they DO, for some reason, get access to the 'net at a customer's location for a time, Windows Updates will immediately start trying to download and install a bunch of stuff, including the Creators Update.

    We don't want it.

    We don't need it.

    We aren't exposed to any security risks.  There is no virus vector.

    These PCs will be running our own in-house code and just need to sit there quietly doing their work.

    Having them perform some updates where there isn't even a monitor or keyboard plugged in, at a customer's location where we don't even have access (remote or otherwise) to the device is a recipe for disaster.

    I had Windows Updates set to Disabled.  It turned back on, apparently because of a Group Policy setting that I didn't set.  GPEDIT.MSC wasn't even enabled on these machines by default, because it's Windows 10 Home.  The only thing that makes sense is that Microsoft PUT IT THERE, but then doesn't give instructions on how to disable it.

    It went from Disabled to Manual (trigger start) on its own.

    So I ran "sc qtriggerinfo wuauserv" and discovered that it was enabled by Group Policy in both the Machine and User Policies.

    I have reimaged and have Disabled Windows Updates again.  When I run that command I get the same result BUT with a Note saying "Since the service start type is disabled, the triggers are inactive."

    I guarantee you that if I connect this system to the 'net I'll be getting the update prompt inside of 24hrs and the start type of the service will be back to Manual (trigger start).

    I have given a perfectly valid reason NOT to have Windows updates turned on.

    Can you assist, or at least point me in the right direction?

    EDIT:

    Confirmed.  Those triggers turned back on with no intervention from myself.  I even went in and changed the behaviour of the trigger so it would only activate on Joining a Domain...and the triggers got changed BACK to looking for a Machine/User Policy that is present.


    • Edited by Tempest8008 Monday, January 29, 2018 12:56 PM
    Wednesday, January 24, 2018 6:41 PM
  • I continued to work on this and found a solution from a 3rd party.

    https://www.sordum.org/9470/windows-update-blocker-v1-0/

    This is a single-run executable.  It makes changes to registry entries, scheduled tasks, and services.

    It does not stay resident in memory; I've confirmed this directly with one of the authors of this application.

    I have had my Win10 Home running for over a week now with no sign of Windows Updates re-enabling.

    Hopefully this will help someone out.
    Wednesday, February 7, 2018 9:25 PM
  • here we are at yet another phony support site spewing out bullshit answers by an insulting and argumentative Asshole who calls himself a 'moderator'
    Friday, February 23, 2018 4:28 AM
  • Here's the best solution, folks!.      Switch to Linux Mint, remove windows altogether. 

    Forget Windows ever existed.  It's expensive, their support is Crappy and sometimes insulting and The developers of Windows make it a habit of removing good features while making the worst features like Update Mandatory!

    Obviously, they're not serious, and never have been, serious about making an Easy-to-use Operating system.  If fact, it looks like they're dead set against it.  LOL

    Go with Linux mint, it's better than THIS crapware.  I'm removing Windows after posting this comment and installing Linux Mint.  It does not have all this Bullshit you're getting from Windows!!!




    • Edited by corydee Friday, February 23, 2018 4:44 AM
    Friday, February 23, 2018 4:41 AM
  • I realize that this original post is somewhat old, and that the discussion has become quite strident. I'd like to refocus on the original issue, and take the temperature down a few notches.

    The original issue is a Server 2012 R2 system that was set to either Turn Off Windows Updates, or (like mine) Download But Let Me Choose When to Update, and it was changing, apparently without user intervention, to Update Automatically, causing servers to restart unexpectedly.

    Let's set aside the advisability of these settings, and focus on how they are getting changed. Is it possible that some windows updates (installed manually, for example) will change this default without alerting the user? Are there some updates that, once downloaded, are deemed by Microsoft to be so critical that Microsoft has decided to override the WU setting, and change it to Automatic? I know it is happening somehow, and I know I'm not authorizing it, and I'm the only person who should have the rights to authorize it. The other thing that concerns me is that this seems to happen somewhat randomly. We have several 2012 R2 servers, and we typically run updates to all of them at the same time, but this automatic change only appears to happen to one or at most two at a time.

    Has anyone addressed this issue directly with Microsoft?

    Does anyone know what is causing this change?

    I understand that there may be third party solutions to get around this, but I would really like to stay with Microsoft approaches, and if this is actually an issue with the Microsoft software, I'd like to see them either fix it, or address why they aren't going to change it.

    Thank you all.

    Jeremy Heymann


    Jeremy Heymann Market Mentor Online

    Sunday, March 18, 2018 3:42 PM
  • This has just happened to me again. Am I the only one experiencing this issue?

    Jeremy Heymann Market Mentor Online

    Friday, February 15, 2019 4:45 PM
  • It's happened to me 3 times in a row on my personal computer. I'm running Windows 8 on purpose, and DO NOT wish for Windows Updates to screw up my current settings. I've built my own computers. I set things up in a very precise fashion. Grandpa over there thinks we're stupid and don't know how automatic/windows updates work, but I'm pretty sure our generation, who've grown up typing on both Macs and PCs, instead of typewriters, would know what the hell Windows Update is and how it's supposed to function. Windows has a habit of forcing what they want over what we consumers want. The only reason I haven't switched over to Linux is because there's quite a few things that aren't yet fully supported. Microsoft's screwed up Outlook and Skype after they bought it. It's a company that's very out of touch with what consumers are truly looking for.
    Monday, March 4, 2019 7:49 AM
  • This doesn't happen automatically ... something is causing it. 

    But let me ask a more signfiicant (significant*) question... Why do you want these systems configured with Automatic Updates *OFF* in the first place? 

    Or, perhaps, you've lost "_countless days_" of work because of your fundamental misunderstanding of how Automatic Updates works, or perhaps even, Windows itself.

    --Wow, arrogant much, grandpa? I'd be shocked if you could tell your anus from your face, given that receding hairline.

    Yes, sweetie, it does happen. I've seen it happen on different Windows versions, with and without antivirus. But you keep up that attitude. It'll get you places. Probably a dark room while someone's beating your posterior until you cry out for mommy. Windows fanboys are so obnoxious.

    Monday, March 4, 2019 8:14 AM
  • That's fine. We are well aware that Microsoft doesn't support updates being avoided. 

    Here is the thing: They HAVE THESE SETTINGS that SEEM TO BE AVAILABLE and SUGGEST THAT THEY SHOULD ACTUALLY CAUSE THE OUTCOME SUGGESTED. 

    In the name of god, WHY provide a setting that isn't even going to function the way anyone would expect it to by its very definition? If Disabled means "disabled until reboot", then put disabled until reboot, or have a prompt generated when its changed that explains to the user that disabled in win10 means something different than disabled in win7. I am more fed up and disgusted by Windows pervasively fraudulent language and settings design than I am by the actual state of affairs, which are still pretty pathetic, given the market presence. 

    All that said, in your example, the car manufacturer is off the hook if the engine blows up after being tampered with, as they've provided full disclaimer of best practice and how to avoid the engine blowing up. Microsoft is very clear that users should update. If the car manufacturer had any business integrity, they wouldn't leave you some false, bogus option to change a setting on the limiter that doesn't actually stick or cause the outcome it seems to suggest it does. A setting should be functional or not be there, plain and simple. Constant, terrible failures posed as successes that users just misunderstand. So sick of it. 







    Wednesday, April 3, 2019 2:30 PM