Jump to content

TacoSenpai

Member
  • Posts

    1,343
  • Joined

  • Last visited

Reputation Activity

  1. Like
    TacoSenpai reacted to Delicieuxz for a blog entry, Eleven different ways to disable Windows Update in Windows 10 (updated March 2019)   
    A highly important aspect of owning property, such as your computer hardware, the data on it as well as any data it generates, your Windows operating system, and other software you've purchased, is exclusively being the person that has the authority to make decisions over it, and being able to make the decisions that you know are the best for your situation.
     
    As the European Union and Australia's top courts have ruled, and as even the US Supreme Court has indirectly supported, you own the software that you purchase, and you possess full property rights apply to your personally-owned software (with no comparable court in the world ruling contradictory to the European Union and Australia's top court rulings). The ownership rights that people possess over their software naturally includes full decision-making authority concerning whether their software may become modified or not, such as by updates.
     
    In recent years, ever since the release of Windows 10, Microsoft has shown itself to be struggling to grasp the understanding of these things. Microsoft's efforts to oppose and sabotage Windows and PC system owners' ability to control and stop updates from being installed on their machines and modifying their OSes and storage drives against their wills constitutes a clear violation of property laws and is vandalism of people's computer systems and their personally-owned Windows OSes.
     
    If you'd like more information about your ownership of your software, including Windows 10, and to learn about the nature of software licenses and EULAs, you can check out this link: You legally own the software that you purchase, and any claims otherwise are urban myth or corporate propaganda
     
     
     
    Despite Microsoft's ongoing failure to meet its legal obligations to respect Windows owners' rights and property, there are a variety ways to take back control of your OS and make it more secure and reliable by controlling Windows Update. Here are 10 of them:
     
    Method 1
    One method is by using the Group Policy editor. The Group Policy editor is only available in Windows 10 Pro and Enterprise. If you have Home edition, you will have to follow one of the other methods.
     
    Setting the Group Policy editor policy for Automatic Updates to Disabled does the following: "If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start."
     
    To Disable the automatic updates group policy:
     
    Step 1 - In the start menu, search for Group Policy, and open the policy editor
    Step 2 - Navigate to: Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update
    Step 3 - In the folder containing policies for Windows Update, double-click on the policy titled "Configure Automatic Updates"
    Step 4 - In the top-left area of the window that pops up, check the box that says Disabled
    Step 5 - Press OK to close that window
     

     
     
    If you don't want to stop Windows Update from letting you know when new updates are available, but want to stop automatic downloads and installations of updates, then follow this guide to set the automatic updates policy to "Notify for download and notify for install":
     
    If following that video guide to stop automatic downloads and installs of Windows updates, then after about 2 months, you might start getting full-screen pop-ups after you boot into the OS saying that updates are available for your OS. There are additional guides online showing how to disable those full-screen pop-ups (which shouldn't be happening in the first place, but Microsoft is not a good company and acts abusively by nature).
     
     
     
    Method 2  ---  now possible with Windows 1803 and newer!
    Windows Update can be fully disabled by opening Services and then disabling the item for Windows Update. To re-enable Windows Update at a later time, just re-enable its service.
     
    If using Windows 1803 or newer, you will have to first give your Windows account "ownership" over the WaaSMedicSvc.dll file that's located in C:\Windows\System32, and possibly over the entire System32 folder. A guide on how to do that is here.
     
    After you have control over the WaaSMedicSvc.dll file, then do the following:
     
    Step 1 - Go to C:\Windows\System32\
    Step 2 - Locate and delete or rename the file WaaSMedicSvc.dll
    Step 3 - In the start menu, search for and open Services
    Step 4 - In the Services window, search for Windows Update and double-click on it to open it. Press Stop, and the set the Startup Type to Disabled. Then press OK to close the window.
     
    If you need to re-enable the Windows Update service at a later time:
     
    Step 1 - In the start menu, search for and open Services
    Step 2 - In the Services window, search for Windows Update and open it. Press Start, and the set the Startup Type to Enabled. Then press OK to close the window.
     
     
    If using Windows 10 1709 and earlier, then the WaaSMedicSvc.dll file that automatically resets the Windows Update service isn't there, and so all it takes to disable Windows Update in earlier versions of Windows is this:
     
    Step 1 - In the start menu, search for and open Services
    Step 2 - In the Services window, search for Windows Update and double-click on it to open it. Press Stop, and the set the Startup Type to Disabled. Then press OK to close the window.
     
     
     
    Method 3
    Here is another Group Policy editor method. If you have Windows 10 Pro or Enterprise, you can run the Group Policy editor (GPEdit.msc) and set the Windows Update Source to a non-existent URL.
     
    Step 1 - In the start menu, search for Group Policy, and open the policy editor
    Step 2 - Navigate to: Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update
    Step 3 - In the folder containing policies for Windows Update, double-click on the policy titled "Specify Intranet Microsoft update service location"
    Step 4 - In the upper-left of the Set the policy to "Enabled"
    Step 4 - In the top-left area of the window that pops up, check the box that says Disabled
    Step 4 - In the lower-left area of the window, under Options, set the intranet update service address and the intranet statistics server address to a URL that doesn't exist
    Step 5 - Press OK to close that window
     

     
     
     
    Method 4
    Use 3rd-party program NTLite to completely remove the Windows Update module from Windows.
     

     

     
    Removing Windows Update via this method apparently, or might (according to one person), also remove the "turn Windows features on or off" section in the Windows control panel. I don't know if this is true, and it sounds strange to me, but if it does then individual Windows components can still be enabled or disabled using PowerShell.
     
    For information on how to do that, visit this page: https://www.ghacks.net/2017/07/14/use-windows-powershell-to-install-optional-features/
     
    Here's a quote of the comment which appears to me to claim that removing Windows Update via NTLite also removes the "turn Windows features on or off" section in the Windows control panel:
     
     
     
    Method 5
    In Windows 10 1803, Microsoft behaves criminally and vandalizes Windows owners' OSes by re-enabling WU-restarting scheduled tasks and the WU service via a new service titled "Windows Update Medic Service". If "Windows Update Medic Service" could be independently disabled, it would be possible to first disable that service and then disable the Windows Update service and have it stay disabled. However, Microsoft is not an honest and fair player, and doesn't respect their customers nor even treats them as people with legitimate interests and goals concerning their personally-owned OS. So, things aren't quite that straight-forward.
     
    However, they're still somewhat straight-forward, and here are some programs that will block Windows Update and disable the offending Windows Update Medic service:
     
    5.1
    Disable Windows Update with one click using StopUpdates10:
    https://www.thewindowsclub.com/block-updates-windows-10-stopupdates10    Alternative link: https://www.majorgeeks.com/files/details/stopupdates10.html
     
    5.2
    Block Updates on Windows 10 using Windows Update Blocker, a 3rd-party tool which disables Windows Update:
    https://www.sordum.org/9470/windows-update-blocker-v1-4/    Alternative link: https://www.majorgeeks.com/files/details/windows_update_blocker.html
     
    5.3
    Block Updates on Windows 10 using StopWinUpdates, a 3rd-party tool which disables Windows Update:
    https://www.majorgeeks.com/files/details/stopwinupdates.html
     
    5.4
    Control Windows Updates with Sledgehammer scipt:
    https://www.ghacks.net/2019/04/28/control-windows-updates-with-sledgehammer-formerly-wumt-wrapper-script/
     
     
     
    Method 6
    There is a method to disable Windows Update involving using an offline Windows account (instead of a Microsoft account) described here:
     
    https://www.wintips.org/how-to-turn-off-windows-10-updates-permanently/
     
    For people not wanting their personal and personally-identifiable data harvested by Microsoft, it is strongly recommended to use a regular, "local" Windows account anyway and not a Microsoft account to log into Windows, as using a Microsoft account significantly increases the amount of personally-identifiable Windows usage data that is harvested by Microsoft.
     
     
     
    Method 7
    SimpleWall is a 3rd-party firewall program that has built-in protection rules for Windows Update that can be enabled.
     
    https://www.thewindowsclub.com/simplewall-block-applications-from-using-internet
     
     
     
    Method 8
    There is a registry tweak to disable Windows Update, which might work for people on Home editions of Windows 10:
     
    https://www.forbes.com/sites/gordonkelly/2015/08/26/windows-10-how-to-stop-forced-updates/#55d4846e46f6
     
    Step 1 - Open the Run command (Win + R), in it type: regedit and press enter
    Step 2 - Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    Step 3 - In there create a ‘32-bit DWORD’ value called ‘AuOptions’ and under ‘Value Data’ type 2 and click ‘OK’
    Step 4 - Open the Settings app (Win + I) and navigate to -> Update and Security -> Windows Updates. Click ‘Check for updates’ which applies the new configuration setting
    Step 5 - Restart your PC
     
     
    Alternatively, you can try this registry edit:
     
    HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU 
    Key: NoAutoUpdate 
    Type: DWORD 
    Value: 1 
     
    To enable updates again, remove the "AU" registry key or delete NoAutoUpdate DWORD.
     
     
     
    This Microsoft documentation offers alternate registry edits to disable Windows Update:
     
    Or:
     
     
     
    Method 9
    You can also manually block Windows Update in your router's firewall, or in 3rd-party firewall software such as Comodo Firewall and PeerBlock. An advantage of using this method is that there is nothing that Microsoft can do to over-ride, reset, or ignore the block.
     
    Be aware that some people have claimed that adding Microsoft servers to the Windows hosts file and to the Windows Defender Firewall will not block then because Windows 10 is maliciously designed to ignore any instructed blocking of Microsoft's own servers. I don't have confirmation that this is true, but if it is then you're going to have to block Microsoft's servers in a a 3rd-party firewall program such as those mentioned previously.
     
    These are all or some of the Microsoft servers to block in your router's firewall or 3rd-party firewall software to block Windows Update:
     
    windowsupdate.microsoft.com
    *.windowsupdate.microsoft.com
    *.update.microsoft.com
    *.windowsupdate.com
    download.windowsupdate.com
    download.microsoft.com
    *.download.windowsupdate.com
    wustat.windows.com
    ntservicepack.microsoft.com
    *.ws.microsoft.com
     
    That list was last updated in 2015, so there could be some servers to add to it. There is an updated list of Microsoft's data-harvesting servers to block, and a hosts file with Microsoft's data-harvesting servers already included in it, here:
     
    https://encrypt-the-planet.com/windows-10-anti-spy-host-file/
     
    There might be an updated list of Microsoft's Windows Update servers on that site, too.
     
     
     
    Method 10
    You can turn off your Windows 10 OS' connection to Microsoft's Windows Update server.
     
    "Used to download operating system patches and updates. If you turn off traffic for these endpoints, the device will not be able to download updates for the operating system."
     
    Source process: svchost 
    Protocol: HTTPS
    Destination:  *.windowsupdate.com
    Destination:  fg.download.windowsupdate.com.c.footprint.net
     
    For more information on that approach, see this link: https://mspoweruser.com/these-are-the-websites-your-clean-install-windows-pc-connects-to-by-itself/
     
     
     
    Method 11
    Prevent Windows Update's ability to connect online via the registry. I haven't tried this method and I'm just reporting it as I've seen it stated.
     
     
     
     
     
     
     
    People should be aware that the reason why Microsoft tries to prevent Windows Update from being disabled is not due to security of your PC (if that was Microsoft's goal there would be a security-only updates setting, and it would be truly security-only), or making things easier for Microsoft's support efforts (which are dedicated from the outset of a new Windows release to run for a certain time-frame, and can't be reduced otherwise Microsoft would be guilty of false advertising), but is to provide Microsoft as many opportunities as possible to reset your Windows and default programs settings, as well as your data-harvesting settings, all back to the Microsoft defaults where Microsoft is able to harvest as much personal and personally-identifiable data about you as possible, while having lots of opportunities to add more data-harvesting to your OS.
     
    And at the "Basic" setting, which is the most minimal data-harvesting setting in Windows 10 Home and Pro versions, Microsoft is continuously harvesting your personal and personally-identifiable data from over 3,500 individual data points. Altogether, that data forms a meticulous and comprehensive picture of all your activities in your Windows OS.
     
    Also, Microsoft's documentation on the volume of data they are harvesting at the Basic setting is incomplete, as watching Microsoft's Diagnostic Data Viewer tool on the transmitted data reveals transmitted data containers that can't be referenced in Microsoft's documentation.
     
     
    Selling your personal and personally-identifiable data is a big part of Microsoft's business model now - despite that it is actually illegal for Microsoft to do it because Windows 10 is legally and factually a product (which you own) and not a service (which you merely access). So, Microsoft harvesting your data is analogous to a thief entering your home, taking your possessions, and selling them for profit. This activity by Microsoft, where they commercialize Windows owners' PCs without a license, constitutes the indictable crime of unjust enrichment.
     
     
    Another major reason why Microsoft wants to force Windows updates on people's personal Windows OSes is because the large bi-annual Windows 10 updates grant Microsoft frequent opportunity to deliberately break any 3rd-party UI customization software twice a year.
     
    Microsoft does this because any 3rd-party UI customization software stops Microsoft's own UI systems from harvesting your personal and personally-identifiable data. Since Microsoft wants to steal as much of that data from you as possible so that Microsoft can then sell it for their unjust enrichment, Microsoft seeks for chances to break your custom software, and typically does so with each major update when Microsoft resets your Windows, program defaults, and data-privacy settings at the same time.
     
     
    Trying to reason with Microsoft is like talking to a deranged psychopath who doesn't care about you in the least and who is only looking to exploit you as though you are not even human, and expecting them to see common sense and express empathy. Microsoft seeks to dominate and harvest, and not to serve and take into account its customers' needs and interests. Under Satya Nadella, Microsoft views its customers as its enemies to be defeated.
     
     
    I hope this help many people regain their rightful control control of their operating system and to have a much more comfortable and stress-free experience in their own OS.
     
     
     
     
     
    Old information:
     
    In Windows 10 version 1803 and onward, the "Windows Update Medic Service" keep re-starting Windows Update and related scheduled tasks and re-creates Windows Update related scheduled tasks even after a person manually stops them, disables them, and removes the scheduled tasks. You could find another way to disable Windows Update Medic Service, which otherwise keeps re-starting Windows Update, and then disable Windows Update and any associated scheduled tasks.
     
    http://batcmd.com/windows/10/services/waasmedicsvc/
     
    One way to disable Windows Update Medic Service might be to disable Remote Procedure Call, which is what starts Windows Update Medic Service: http://batcmd.com/windows/10/services/rpcss/
     
    Or by deleting the file "WaaSMedicSvc.dll" that's in the %WinDir%\System32 folder or possibly replacing it with another file and setting its permissions to "read only".
     
    There is some information on disabling Windows Update medic Service and preventing it from re-enabling on this page: https://www.sordum.org/9470/windows-update-blocker-v1-1/
     
     
     
    Method -- (superceded by current method 2)
    Remove the files for all Windows 10 services that violate the commands of the system and Windows OS owner.
     
    As of Windows 10 1803, the three offending Windows 10 services are:
     
    - Windows Update (wuauserv)
    - Windows Update Medic Service (WaaSMedic)
    - Update Orchestrator Service (UsoSvc)
     
    Background Intelligent Transfer Service (BITS), which might be thought of as also being involved, reportedly doesn't have any influence over the Windows 10 updates regime.
     
    The files to be removed to stop the 3 offending services are all in the directory Windows\System32, and are the following files:

    wusa.exe - windows update stand alone installer
    wuapi.dll - windows update
    wuaueng.dll - windows update
    wuauclt.exe - old windows update
    UsoClient.exe - update orchestrator
    usoapi.dll - update orchestrator
    usocore.dll - update orchestrator
    WaaSMedicAssessment.dll - new medic service
    WaaSMedicSvc.dll - new medic service
    WaaSMedicPL.dll - new medic service
     
    One Windows owner has reported that removing these files has fixed the Windows Update service from re-starting without authorization, without any detrimental effects on the rest of their system's operation. I haven't tried this method myself, and if anyone wants to add their feedback after trying it, please do.
×