What's new
  • Donate
    TheWindowsForum.com needs donations to stay online!
    Love TheWindowsForum.com? Then help keep it alive by sending a donation!

Windows Update Service - how to disable?

WELCOME TO THEWINDOWSFORUM COMMUNITY!

Our community has more than 50.000 registered members, and we'd love to have you as a member. Join us and take part in our unbiased discussions among people of all different backgrounds about Windows OS, Software, Hardware and more.

Buster Friendly

Active Member
May 5, 2022
37
6
OS
Windows 10
BR
Chrome 100.0.4896.127
Hi everyone,

I have a serious problem to solve.

I work in the health sector, embedded software for LTSC machines.

And I try to kill the Windows Update Service completely.

I already wrote a script which deactivates various scripts and tasks.

But still, the UsoSvc gets with some machines back to life.

And I really don't know what or who triggers that service to come back to life for the whole Update thingi.

is there anybody out there with an experience on that ominous Windows Update Service, cause Microsoft itself isn't really helpful and far away from being transparent.
 

Buster Friendly

Active Member
May 5, 2022
37
6
OS
Windows 10
BR
Chrome 100.0.4896.127
Thanks...but:

we don't use tools.
I'm working on LTSC-machines, invitro-diagnostics, we can't just use any tools.
besides, I wrote a PS-script, disabling all those services and I even deleted the corresponding tasks.

But at a client, somehow the Orchestratorservice (UsoSvc) came back to life.
And I can't abstract from the logs HOW that happens.

Microsoft is NOT helpful and lightyears away from being transparent.
I read now in so many forums that Microsoft won't tell sh*t.
Concerning WinUpdates, Microsoft went rogue, telling nothing about it.

sure, they want you to have an updated machine, but for LTSCs there should be a plan to deactivate that nonsense completely. Microsoft knows it, that some of those machines are used in sections like the invitro-diag.

that is so enormously frustrating...
 

Buster Friendly

Active Member
May 5, 2022
37
6
OS
Windows 10
BR
Chrome 100.0.4896.127
UPDATE:

finally.....
I could reproduce the error.

The Service Control Manager brought the services all back to life.

Now it's to find out, how to stop the Service Control Manager from bringing back the selected services.

if anybody has any clue.... I would be enormously grateful.

And please .... don't propose to use any tools. That is not really helpful.
 

hacxx

Well-Known Member
VIP
May 29, 2021
475
55
OS
Windows 8.1
BR
Chrome 91.0.4472.77
UPDATE:

finally.....
I could reproduce the error.

The Service Control Manager brought the services all back to life.

Now it's to find out, how to stop the Service Control Manager from bringing back the selected services.

if anybody has any clue.... I would be enormously grateful.

And please .... don't propose to use any tools. That is not really helpful.
Use my IFEO tool and block the executable from running on the target machine.
 

Buster Friendly

Active Member
May 5, 2022
37
6
OS
Windows 10
BR
Chrome 100.0.4896.127
Use my IFEO tool and block the executable from running on the target machine.
again: NO TOOLS!

please read my opening in this thread, tools are NOT HELPING!

And I really doubt, that your tool blocks the Service Control Manager. :rolleyes:
 

fdonato

New Member
May 9, 2022
1
0
OS
Windows 10
BR
Chrome 101.0.4951.54
again: NO TOOLS!

please read my opening in this thread, tools are NOT HELPING!

And I really doubt, that your tool blocks the Service Control Manager. :rolleyes:
hi, i'm sorry for my bad english!
i suggest, you try to block it in firewall, by blocking urls below

windowsupdate.microsoft.com
*.windowsupdate.microsoft.com
*.update.microsoft.com
*.windowsupdate.com
download.windowsupdate.com
download.microsoft.com
*.download.windowsupdate.com
wustat.windows.com
ntservicepack.microsoft.com
*.ws.microsoft.com
 

Buster Friendly

Active Member
May 5, 2022
37
6
OS
Windows 10
BR
Chrome 100.0.4896.127
hi, i'm sorry for my bad english!
i suggest, you try to block it in firewall, by blocking urls below

windowsupdate.microsoft.com
*.windowsupdate.microsoft.com
*.update.microsoft.com
*.windowsupdate.com
download.windowsupdate.com
download.microsoft.com
*.download.windowsupdate.com
wustat.windows.com
ntservicepack.microsoft.com
*.ws.microsoft.com
This won't stop it.
The Service Control Manager will re-initiate the services. I forwarded in the Reg to non existent sites. didn't help.
 

DVDR_Dog

Well-Known Member
Ultimate Donator
Donator
VIP
Nov 5, 2018
1,564
1,053
OS
Windows 10
BR
Chrome 101.0.4951.54
OK I have a couple of questions. In the past I have had to deal with systems that fell under the US HIPA laws.
So I take it that these systems all have Internet access and are stand alone (no one is a remote admin of these machines or those rights are shared and granted to the end user).
Given those two criteria, your group puts systems out in the field which may contain sensitive health care records of individuals? That being the case you should be locking down those systems and only have admin rights granted to members of your deployment group. In addition, it's irresponsible to send out systems that deal with sensitive data that do not receive security updates.
Might i suggest the possibility of deploying thin clients, that would give you the ultimate control of exactly what permissions are given to your end users, complete control of the update cycles and the added security of cloud based records storage including the redundancy offered by a colo server farm. All of the updates can be tested and vetted by your group before they are deployed.
To just "shut off" Windows updates is a rather child-like solution without the considerations of stability and security they offer.
 

Buster Friendly

Active Member
May 5, 2022
37
6
OS
Windows 10
BR
Chrome 101.0.4951.54
OK I have a couple of questions. In the past I have had to deal with systems that fell under the US HIPA laws.
So I take it that these systems all have Internet access and are stand alone (no one is a remote admin of these machines or those rights are shared and granted to the end user).
Given those two criteria, your group puts systems out in the field which may contain sensitive health care records of individuals? That being the case you should be locking down those systems and only have admin rights granted to members of your deployment group. In addition, it's irresponsible to send out systems that deal with sensitive data that do not receive security updates.
Might i suggest the possibility of deploying thin clients, that would give you the ultimate control of exactly what permissions are given to your end users, complete control of the update cycles and the added security of cloud based records storage including the redundancy offered by a colo server farm. All of the updates can be tested and vetted by your group before they are deployed.
To just "shut off" Windows updates is a rather child-like solution without the considerations of stability and security they offer.
As I wrote in the first comment, I work in the health-sector on LTSC-machines, better calling invitro-diagnostics. That has nothing 2 do with health care records.
So, those machines are in no network, neither "in the any field", they are standalone machines for the laboratory.
And when the client wants the Windows Update deactivated, so I have to shut that down completely.
It's really annoying that there is no help at all from Microsoft, and Microsoft is lightyears away from being transparent concerning this case.
in the last 2-3 years, they had different services embedded in this Update machinery, and the Service Control Manager brings 'em back to life, it doesn't matter what you adjust in this computer. And that with a LTSC-license, that's not helping and def. not expedient.

you should think about that.

To just "shut off" Windows updates is a rather child-like solution without the considerations of stability and security they offer.
That's not helping and lightyears away from a professional consult.
 

Buster Friendly

Active Member
May 5, 2022
37
6
OS
Windows 10
BR
Chrome 101.0.4951.54
UPDATE:

finally.....
I could reproduce the error.

The Service Control Manager brought the services all back to life.

Now it's to find out, how to stop the Service Control Manager from bringing back the selected services.

if anybody has any clue.... I would be enormously grateful.

And please .... don't propose to use any tools. That is not really helpful.
FINAL UPDATE:

There is no possibility in a LTSC-machine (embedded software) to deactivate the Windows Update process.
Not even for older builds like 1607 or 1809. Nothing.
Microsoft isn't really transparent and we have to deal with it for ourselves.

Now I have to find a way to write the appropriate script.
I'm not really amused, but this is the only thing to do.
 

hacxx

Well-Known Member
VIP
May 29, 2021
475
55
OS
Windows 8.1
BR
Chrome 101.0.4951.54
again: NO TOOLS!

please read my opening in this thread, tools are NOT HELPING!

And I really doubt, that your tool blocks the Service Control Manager. :rolleyes:
IFEO Tool add registry keys to Image File Execution Options and can disable any executable from running in the computer. If you intentionally block system exes from the system you won't be able to use the computer. Use with caution.
 

hacxx

Well-Known Member
VIP
May 29, 2021
475
55
OS
Windows 8.1
BR
Chrome 101.0.4951.54
hi, i'm sorry for my bad english!
i suggest, you try to block it in firewall, by blocking urls below

windowsupdate.microsoft.com
*.windowsupdate.microsoft.com
*.update.microsoft.com
*.windowsupdate.com
download.windowsupdate.com
download.microsoft.com
*.download.windowsupdate.com
wustat.windows.com
ntservicepack.microsoft.com
*.ws.microsoft.com

Buster Friendly

You can add the list above to your hosts file...
 

hacxx

Well-Known Member
VIP
May 29, 2021
475
55
OS
Windows 8.1
BR
Chrome 101.0.4951.54
This won't stop it.
The Service Control Manager will re-initiate the services. I forwarded in the Reg to non existent sites. didn't help.
Sorry about recommending another tool. Use my firewall blocker tool.

Firewall Blocker...
Block any exe from accessing the internet with the Windows Firewall.
 

Online statistics

Members online
2
Guests online
29
Total visitors
31
Top