VMware Horizon Community
JHBPJF
Enthusiast
Enthusiast
‎01-22-2019 11:11 AM

Disabled Windows Updates service on master image goes back to Manual on linked clone - Windows 10 1803

Something has changed in 1803 and disabling the windows update service in the master image doesn't stick when logging into the linked clone. I've seen the service turn back to Manual (Triggered) and that kind of makes me think eventually Windows Updates will scan. I've gone ahead and added some registry hacks, but has something changed in this version that I am unaware of? Anyone know how to turn it off completely? I only want to enable it when I patch.

Reply
0 Kudos
7 Replies
etsmc
Contributor
Contributor
‎02-17-2019 09:35 PM

One thing you can try is setting the following Services to Disabled aswell

Windows Modules Installer

Background Intelligent Transfer Service

We found with these services set to manual windows would re-enable the Windows Update service just like you are experiencing.

Reply
0 Kudos
JohnLord
Contributor
Contributor
‎02-19-2019 08:37 AM

are you windows 10 pro?  it seems MS has made it so those settings are worthless now in pro. Been fighting this for months. Working on using sccm to control this now

Reply
0 Kudos
Feedjdream
Contributor
Contributor
‎02-19-2019 09:11 AM

I am running 1607 LTSB and after one of the security rollup packages was installed I started experiencing this issue as well. I fought it for weeks and the way I finally got it to stick was by creating a group policy that disables the service.

Reply
0 Kudos
sjesse
Leadership
Leadership
‎02-19-2019 09:16 AM

The windows module installer is a big one, set that to disabled, I see the same thing in a versions of windows. If you didable it doesn't mater if the windows update service starts. I did find this tibit the other day

Reduce App Volumes Login Time on Windows 10

It suggests disabling the window module service to improve logon times.

Reply
0 Kudos
Jstrat31
Enthusiast
Enthusiast
‎02-22-2019 01:42 PM

I've used this in the past to ensure Windows updates are disabled on gold images.

sc config wuauserv start= disabled

net stop wuauserv

sc config bits start= disabled

net stop bits

sc config dosvc start= disabled

net stop dosvc

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v AUOptions /t REG_DWORD /d 1 /f

Jason Hartley VMware Systems Specialist "Develop the skill of sensing problems when they are still small and taking care of them before they become intractable"—Robert Greene http://privatecloudky.com/
Reply
0 Kudos
nburton935
Hot Shot
Hot Shot
‎02-23-2019 04:02 PM

Welcome to Windows 10 - where updates are now forced! I believe Microsoft enabled this “feature“ around end of 2017. Easiest way to stop this is set the service to disabled and set the account to .\guest (use a fake/random password). When it tries to flip it back to manual and start, it fails. An error will get triggered in the event logs, but this is an easy method I found to stop this.

Reply
0 Kudos
bcross64
Contributor
Contributor
‎02-25-2019 02:04 PM

Disable the Windows Update Medic Service like this (run as administrator):

PowerShell

    Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc -Name Start -Type DWord -Value 4

Command line

    reg ADD HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc /v Start /t REG_DWORD /d 4 /f

You can't disable it normally through services.msc, but that registry entry works.

Fully disable Windows Update with PowerShell:

Set-Service wuauserv -StartupType Disabled

Stop-Service wuauserv -Force

Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc -Name Start -Value 4

Get-ScheduledTask -TaskPath "\Microsoft\Windows\UpdateOrchestrator\" | Disable-ScheduledTask

Get-ScheduledTask -TaskPath "\Microsoft\Windows\WindowsUpdate\" | Disable-ScheduledTask

Reply
0 Kudos