Jump to content
  • 0

How are you handling Windows Updates?


rfav808

Question

Posted

Hi,

We have been battling with keeping windows updates disabled and we thought we had it cracked up until March/April of this year and now we are back to the drawing board with the service restarting itself in our master images and in live sessions - what worked for us previously is no longer working after we intentionally applied windows updates. We have GPO's on the masters configured and domain level, regedits, service logon account manipulations and task scheduler configs in place but still Windows Updates finds a way. 

FYI, we are on Windows 10 22H2, Non-persistent Desktops running 2203CU3. 

Has anyone been able to find a way to disable Windows updates on master images and in live sessions but then re-enable as needed to apply updates?

If so I would love to hear from you. 

Thanks
 

2 answers to this question

Recommended Posts

  • 1
Posted

## Disable Windows Update download

New-Item -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU' -Name 'NoAutoUpdate' -value 1 -Force

## Disable auto startup for Windows Update

Set-Itemproperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\UsoSvc' -Name 'Start' -value 4
Set-Itemproperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc' -Name 'Start' -value 4
Set-Itemproperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\wuauserv' -Name 'Start' -value 4


You want to be careful with the below, and maybe change the logic to a rename or something similar - this logic is good for killing WU always, but also relies on you building a new image each time. You would likely want to have a backout plan to bring it back

## Kill the Scheduled Task XML configs

remove-Item -Path "C:\Windows\System32\Tasks\Microsoft\Windows\WaaSMedic\PerformRemediation"
remove-Item -Path "C:\Windows\System32\Tasks\Microsoft\Windows\WaaSMedic\"
remove-Item -Path "C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start"

## Kill Scheduled Tasks

Unregister-ScheduledTask -TaskName "PerformRemediation" -Confirm:$false
Unregister-ScheduledTask -TaskName "Scheduled Start" -Confirm:$false

 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...