Solved: Re: Windows Update service will not stay Disabled ...

WheatonCollege · ‎03-30-2018

Hi All,

Trying to get my Windows 10 parent image prepared for a linked-clone composer pool and every time I disable the Windows Update service it eventually gets set back to Manual and it starts up.

I've tried setting a Group Policy to set it to disabled in the linked-clones but it still somehow changes.

I saw this entry in the System event viewer log

"The start type of the Windows Update service was changed from disabled to demand start"

Within about a minute of that I also see these entries about other services being changed

"The start type of the Connected User Experience and Telemetry service was changed from disabled to auto start"

"The start type of the Windows Modules Installer service was changed from demand start to auto start"

Anyone know what is changing these services? We do not have anti-virus installed and we are not using SCCM so I know it's not either of those.

Thanks!

solgaeDK · ‎04-04-2018

I think something changed at Microsoft's end, and now this particular update is no longer being offered to Windows 10 LTSB builds. I check my image with wushowhide and KB4023057 was no longer listed in my blocked list, nor does it appear on the available patch list. I'm guessing this was meant to be pushed out to Windows 10 consumer editions only, but Microsoft flubbed it and ended up making it available to everybody. After all, there has been reports about machines getting upgraded to build 1709 without warning, even those that had the "delay feature upgrade" setting enabled.

You're probably fine now if you uninstalled the patch, but you probably still want to keep that wushowhide tool around and run whenever you need to update the image. It's the only way for Windows 10 to control which patches would be downloaded and installed every time you hit that "check for update" button on Settings app -> Updates.

View solution in original post

Magneet · ‎03-31-2018

I am currently going trough the same process, check all the tasks in the task scheduler. There are some causing havoc. Oh and btw LTSB is sadly NOT supported for oiffice usage by Microsoft only for special cases like atm's and medical equipment.

WheatonCollege · ‎03-31-2018

Hi Magneet,

Thanks for the reply. I just went through the VMware Optimization Tool and found all the scheduled tasks is recommends disabling and did so... I'll check Monday to see if the Windows Update service is still disabled and report back.

When you say LTSB doesn't support Office is it that it won't even install or it will install but Microsoft won't help you if you run into issues?

Thanks!

Magneet · ‎04-01-2018

the latter, it will work perfectly and seems to be the perfect fit vor VDI, Microsoft doesn't support it sadly.

techguy129 · ‎04-01-2018

Not a fix to your solution but a possible workaround. You can change the permissions on the registry key so that SYSTEM cannot change it.

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv

WheatonCollege · ‎04-02-2018

Thanks Magneet and TechGuy129

I'm a little hesitant to change the permissions on the registry entry only because I want to easily be able to turn the service back on in the master image when I want to install updates on my terms (but if I have to I'll take that route!).

I checked today and unfortunately the service started up again on the master image and on the clone. Here is the list of scheduled tasks I disabled in the master image without luck (the list comes from the VMware Optimization Tool)

schtasks /Change /TN "\Microsoft\Windows\Defrag\ScheduledDefrag" /Disable

schtasks /Change /TN "\Microsoft\Windows\AppID\SmartScreenSpecific" /Disable

schtasks /Change /TN "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /Disable

schtasks /Change /TN "\Microsoft\Windows\Application Experience\ProgramDataUpdater" /Disable

schtasks /Change /TN "\Microsoft\Windows\Application Experience\StartupAppTask" /Disable

schtasks /Change /TN "\Microsoft\Windows\Autochk\Proxy" /Disable

schtasks /Change /TN "\Microsoft\Windows\Bluetooth\UninstallDeviceTask" /Disable

schtasks /Change /TN "\Microsoft\Windows\Chkdsk\ProactiveScan" /Disable

schtasks /Change /TN "\Microsoft\Windows\CloudExperienceHost\CreateObjectTask" /Disable

schtasks /Change /TN "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" /Disable

schtasks /Change /TN "\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" /Disable

schtasks /Change /TN "\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" /Disable

schtasks /Change /TN "\Microsoft\Windows\Diagnosis\Scheduled" /Disable

schtasks /Change /TN "\Microsoft\Windows\DiskCleanup\SilentCleanup" /Disable

schtasks /Change /TN "\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" /Disable

schtasks /Change /TN "\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver" /Disable

schtasks /Change /TN "\Microsoft\Windows\Feedback\Siuf\DmClient" /Disable

schtasks /Change /TN "\Microsoft\Windows\FileHistory\File History (maintenance mode)" /Disable

schtasks /Change /TN "\Microsoft\Windows\Location\Notifications" /Disable

schtasks /Change /TN "\Microsoft\Windows\Maintenance\WinSAT" /Disable

schtasks /Change /TN "\Microsoft\Windows\Maps\MapsToastTask" /Disable

schtasks /Change /TN "\Microsoft\Windows\Maps\MapsUpdateTask" /Disable

schtasks /Change /TN "\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents" /Disable

schtasks /Change /TN "\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic" /Disable

schtasks /Change /TN "\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" /Disable

schtasks /Change /TN "\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem" /Disable

schtasks /Change /TN "\Microsoft\Windows\RAS\MobilityManager" /Disable

schtasks /Change /TN "\Microsoft\Windows\Registry\RegIdleBackup" /Disable

schtasks /Change /TN "\Microsoft\Windows\Servicing\StartComponentCleanup" /Disable

schtasks /Change /TN "\Microsoft\Windows\Shell\FamilySafetyMonitor" /Disable

schtasks /Change /TN "\Microsoft\Windows\Shell\FamilySafetyRefreshTask" /Disable

schtasks /Change /TN "\Microsoft\Windows\Shell\IndexerAutomaticMaintenance" /Disable

schtasks /Change /TN "\Microsoft\Windows\SystemRestore\SR" /Disable

schtasks /Change /TN "\Microsoft\Windows\TPM\Tpm-Maintenance" /Disable

schtasks /Change /TN "\Microsoft\Windows\UPnP\UPnPHostConfig" /Disable

schtasks /Change /TN "\Microsoft\Windows\WDI\ResolutionHost" /Disable

schtasks /Change /TN "\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable

schtasks /Change /TN "\Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable

schtasks /Change /TN "\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable

schtasks /Change /TN "\Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable

schtasks /Change /TN "\Microsoft\Windows\Windows Error Reporting\QueueReporting" /Disable

schtasks /Change /TN "\Microsoft\Windows\Windows Filtering Platform\BfeonServiceStartTypeChange" /Disable

schtasks /Change /TN "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" /Disable

schtasks /Change /TN "\Microsoft\Windows\WOF\WIM-Hash-Management" /Disable

schtasks /Change /TN "\Microsoft\Windows\WOF\WIM-Hash-Validation" /Disable

There are 4 scheduled tasks having to do with Windows Updates that are not listed above, I am going to add them to my lists of scheduled tasks to disable and see how I make out.

They are....

\Microsoft\Windows\WindowsUpdate\Automatic App Update

\Microsoft\Windows\WindowsUpdate\Scheduled Start

\Microsoft\Windows\WindowsUpdate\sih

\Microsoft\Windows\WindowsUpdate\sihboot

I would think a ton of other people are dealing with this, no?!?!?!

Thanks!

solgaeDK · ‎04-02-2018

What you're seeing is the workings of KB4023057 patch. In Microsoft's infinite wisdom, they decided to push out an update that has a process running on the background which will attempt to find and, well, "fix" any issues that will cause Windows Update to not work. In all fairness, that's probably in their best interest and would probably allow regular user's desktops to receive updates normally, except it wasn't supposed to be pushed out to the LTSB build, but it did anyway. And obviously, this isn't going to work out if you have non-persistent desktops and disabled Windows Update service for a reason.

You can find the KB4023057 from the Control Panel -> Add/Remove programs (don't use the app & features list on the settings app) and uninstall it. Then, ensure the scheduled tasks listed in one of the replies are all disabled. Namely, you want to disable the ones listed under Microsoft\Windows\UpdateOrchestrator and Microsoft\Windows\Windows Update.

You can then use the wushowhide diagnostic tool to hide that update (https://support.microsoft.com/en-us/help/3073930/how-to-temporarily-prevent-a-driver-update-from-rei...) so you can prevent it from being installed. Just bear in mind that Windows Update service and Windows Modular Installer service has to be enabled and running before running the wushowhide tool. Also, Microsoft often pushes out a new version of the KB4023057 patch occasionally, so you probably want to run the wushowhide tool every time you need to update the image with the new Windows patches. I may also add that there has been reports that even with Windows Update service disabled, the patch can get pushed out and get installed, so you may want to check your list of installed patches from Add/Remove Programs too.

WheatonCollege · ‎04-02-2018

Thanks solgaeDK,

I'll look into this 😉

WheatonCollege · ‎04-02-2018

Hi solgaeDK,

I actually do not see KB4023057 installed. We are running "Windows 10 Enterprise 2016 LTSB" The ISO we installed from is named "SW_DVD5_WIN10_ENT_LTSB_2016_64BIT_English_MLF_X21-07421.ISO".

I only see these Windows Updates listed under control panel -> Programs & Features -> View Installed Updates

solgaeDK · ‎04-02-2018

The patch, if installed, is listed as part of the regular app list under Programs and Features, instead of being listed the "view installed updates" list as you would expect. Go figure why.

I believe it's usually named as: Update for Windows 10 (KB4023057).

WheatonCollege · ‎04-03-2018

so embarrassing, it was right in front of me where you said it is!

I'll work to remove it, block it, then reply with my results.

Thanks!

WheatonCollege · ‎04-03-2018

Just an update, I uninstalled KB4023057 and rebooted the parent image then downloaded wushowhide to try and hide KB4023057 from future updates but the tool wouldn't list KB4023057 as available. I'll leave the master image up and see if a.) the Windows Update service gets re-enabled and if it does, b.) I'll run wushowhide periodically to see if KB4023057 appears in the list for me to hide.

Fingers crossed.

andiwe79 · ‎04-04-2018

Had this a month ago, but with NON-LTSB 1607 (EOL 11.04.18). I ended up assigning the local Guest account (wich is disabled) to the service. So even if the service is set to e.g. manual it will not start anymore.

solgaeDK · ‎04-04-2018

I think something changed at Microsoft's end, and now this particular update is no longer being offered to Windows 10 LTSB builds. I check my image with wushowhide and KB4023057 was no longer listed in my blocked list, nor does it appear on the available patch list. I'm guessing this was meant to be pushed out to Windows 10 consumer editions only, but Microsoft flubbed it and ended up making it available to everybody. After all, there has been reports about machines getting upgraded to build 1709 without warning, even those that had the "delay feature upgrade" setting enabled.

You're probably fine now if you uninstalled the patch, but you probably still want to keep that wushowhide tool around and run whenever you need to update the image. It's the only way for Windows 10 to control which patches would be downloaded and installed every time you hit that "check for update" button on Settings app -> Updates.

WheatonCollege · ‎04-04-2018

Thanks for all your help with this SolgaeDK 😉

I haven't seen the service re-enable itself (yet) since I removed that KB patch.

Hoodsie2018 · ‎12-01-2021

this doesn't work in 2021. microsoft made this KB now part of the servicing stack update 10.0.18362.1790 which cannot be uninstalled as far as I'm aware. So now you can't remove this kb. thus now updates install every time you rebuild a VM in horizon.

All

Windows Update service will not stay Disabled in Windows 10 Enterprise 2016 LTSB