How to write script to execute stop windows update services.

[Hemanth1047]

Hi Team,

I am a system administrator in a company I am struggling to implement a process where a normal user can start or stop windows services. I know how to implement this process when user working in the office but I don't know when users are outside of the network. I know that normal user requires admin rights to start the service, I do have admin credentials with me just help

How to write a script to execute stop windows update services for a Domain user and standard user without administrator rights or with admin rights.

[leadeater]

4 minutes ago, Hemanth1047 said:

Hi Team,

I am a system administrator in a company I am struggling to implement a process where a normal user can start or stop windows services. I know how to implement this process when user working in the office but i don't know when users are outside of the network. I know that normal user requires admin rights to process the service, I do have admin credentials just help

How to write a script to execute stop windows update services for a Domain user and standard user without administrator rights or with admin rights.

Why do you even need to stop it? You can use group policy to control Windows Update behavior.

 

To answer the question you want to use PowerShell and Secure Strings.

https://social.technet.microsoft.com/wiki/contents/articles/4546.working-with-passwords-secure-strings-and-credentials-in-windows-powershell.aspx

[Hemanth1047]

7 minutes ago, leadeater said:

Why do you even need to stop it? You can use group policy to control Windows Update behavior.

 

To answer the question you want to use PowerShell and Secure Strings.

https://social.technet.microsoft.com/wiki/contents/articles/4546.working-with-passwords-secure-strings-and-credentials-in-windows-powershell.aspx

Yes your right, I can do this when users are in office. But I need to do this outside of the network, users even don't have VPN to connect the network and there are few users which they are not configured with Domain (system standard users). why I want to stop updates because recent updates from Microsoft is STOP preventing me to take remote access to the user.

[NinJake]

So some of your users that are not in office use these devices locally and they are not joined to the domain?

[leadeater]

28 minutes ago, Hemanth1047 said:

Yes your right, I can do this when users are in office. But I need to do this outside of the network, users even don't have VPN to connect the network and there are few users which they are not configured with Domain (system standard users). why I want to stop updates because recent updates from Microsoft is STOP preventing me to take remote access to the user.

Just create a local account of the device and use that in the script and secure string, don't have to even tell the user the account exists. Not sure I fully understand the issue your having though, able to explain that more?

[Hemanth1047]

yes, few users have joined the domain and not in the network, few users are not at all configured with the domain.

[Hemanth1047]

2 minutes ago, leadeater said:

Just create a local account of the device and use that in the script and secure string, don't have to even tell the user the account exists. Not sure I fully understand the issue your having though, able to explain that more?

our business is at three different locations one of which is at (US) this location is not having WSUS server to push updates. all these users are getting direct updates from Microsoft, where recent updates from Microsoft are stop preventing us to take remote access for WFH users. where which we have to stop the services further until the location has WSUS server. (i am from INDIA) (HYDERABAD)

[leadeater]

7 minutes ago, Hemanth1047 said:

our business is at three different locations one of which is at (US) this location is not having WSUS server to push updates. all these users are getting direct updates from Microsoft, where recent updates from Microsoft are stop preventing us to take remote access for WFH users. where which we have to stop the services further until the location has WSUS server. (i am from INDIA) (HYDERABAD)

 

Just change the local policy on the devices using gpedit.msc or use regedit and change the Windows Update Server URL to a non existent location and that will stop all Windows Updates until you get the WSUS server in place then change the URL to the real location. One time action that won't require stopping the Windows Update service and will work even after a device reboot.

[Hemanth1047]

2 minutes ago, leadeater said:

 

Just change the local policy on the devices using gpedit.msc or use regedit and change the Windows Update Server URL to a non existent location and that will stop all Windows Updates until you get the WSUS server in place then change the URL to the real location. One time action that won't require stopping the Windows Update service and will work even after a device reboot.

My point is I am not able to take remote. And I want to send a mail to all users who are working from home with an script attachment where user need to double click on the script to stop services.

[leadeater]

6 minutes ago, Hemanth1047 said:

My point is I am not able to take remote. And I want to send a mail to all users who are working from home with an script attachment where user need to double click on the script to stop services.

Oh that's going to be hard then because PowerShell secure string only works on the computer you encrypted it on, I think. There are some restrictions on how you can use it anyway.

 

Only way I can see emailing a script to run is if you embed in to that script an existing local administrator username and password, which you would then have to change everywhere that password is used.

 

Every good way of doing this that I can think of requires prior setup before this was a problem. Maybe someone else will come up with a good idea.

 

P.S. The script can also be made to change the Windows Update URL if you did want to solve it that way.