Installation via Node.JS Permanently Disables Windows Update

[runewake2]

What You Are Seeing?

I have been enrolled in a group policy that has forcibly disabled all Windows Updates after Node.JS invoked Boxstarter. This policy continues to exist after Boxstarter has completed and no obvious option to revert this change is apparent.

What is Expected?

Boxstarter should not have any permanent effects on my PC including state changes. This current behavior is what I would expect from a Virus or other malicious software.

How Did You Get This To Happen? (Steps to Reproduce)

• Installed Node.JS
• Boxstarter forcibly restarted PC multiple times (this is awful behavior btw)
• After install script completed a Group Policy had been created and Windows Updates have now been completely disabled.
• My personal PC is now enrolled in a group policy.

This issue has also been mentioned multiple other times on the Node.JS page.

[runewake2]

Seems to be tied to this PR: https://github.com/nodejs/node/pull/22645

[pauby]

@runewake2 Have you checked Group Policy to ensure it is in there? Have you also tried to use Enable-WindowsUpdate assuming you still have Boxstarter.WinConfig installed?

[runewake2]

To be completely honest, I have no idea what I'm doing in Group Policy. I don't know what it should look like because I'm not a systems administrator and have no knowledge of what this should look like "normally". I only know that an application (Node.JS) used this tool to apply a group policy that disabled UAC and Automatic Updates. I do not want these changes.

I was told this would install python and visual studio tooling using chocolaty. Group Policy modifications were not mentioned as part of this. Maybe there was a prompt, but the entire process was forced and included multiple hard-restarts that made following any information in real-time largely impossible.

I don't know how to manually change this back because I have no idea how to tell what has been changed or the extent of the changes (short of manually parsing a 9000 line log file). I would expect I could uninstall or revert these changes but I don't know how to do that either. The only uninstall option I've seen is deleting a folder from %appdata% and I don't see how that could remove group policy or address any of the other hidden changes these scripts had on my PC (the only file in the %appdata% folder is a log file).

I really don't want to reinstall my OS because Node.JS misused this tool. Is there a way to revert these changes that is less drastic?

[pauby]

@runewake2 Did you run the command I asked you to? Your issue was raised because you said Windows Updates were permanently disabled.

[runewake2]

That command does not exist. I have not taken any steps to remove Boxstarter yet.

[pauby]

@runewake2 Is there a BoxStarter Shell option under your Start Menu -> Programs -> Boxstarter? If so, click that and type Enable-WindowsUpdate

[runewake2]

This is what I see. Did you mean: Enable-MicrosoftUpdate? That does exist.

[pauby]

@runewake2 Apologies it is Enable-MicrosoftUpdate - I was confusing myself with the names as I'm looking at Install-WindowsUpdate!

[runewake2]

Boxstarter now reports that updates are enabled, but Windows reports that Updates are disabled and the setting continues to be locked behind a group policy.

[pauby]

@runewake2 Have you rebooted?

[runewake2]

Yes, the updates on my system are in the same state per Windows Settings as the original bug. This is what Boxstarter reports now though:

C:\> Enable-MicrosoftUpdate
Boxstarter: Microsoft Update is already enabled, no action will be taken.

[pauby]

@runewake2 Okay, from the same command prompt try and run Start-UpdateServices.

[runewake2]

That command had no output. Is that expected. I had to run it with a full path.

C:\ProgramData\Boxstarter\Boxstarter.Bootstrapper\Start-UpdateServices

After running this updates are still disabled and my user is still controlled by a group policy.

[gep13]

@runewake2 said... After running this updates are still disabled and my user is still controlled by a group policy.

Can you please confirm what process you are using to confirm this?

[runewake2]

I am looking at Settings -> Windows Update -> View configured update policies after restarting my system.

[pauby]

@runewake2 What OS and version are you using?

[runewake2]

Windows 10 Pro version 10.0.17134 BUILD 17134 Virtualization and WSL have both been enabled if relevant.

[pauby]

@runewake2 I have a VM here, Windows 10 Enterprise Version 1803 Build 17134.285. I have no 'View configured update policies' option. I have All Settings -> Update & Security -> Windows Update

Are you connected to a domain? Unlikely but I'm going to ask.

[runewake2]

No, you'll only see View configured update policies if you have a group policy enabled (see original post for image). A group policy was created for my PC after running this tool which controls my automated updates now.

[flcdrg]

I've seen a similar problem where Windows thinks there is a group policy enabled (even though my computer is not on a domain so technically can't have any group policies). Let me see if I can dig up the steps I used to make that go away...

David

On Mon, 26 Nov 2018 at 06:22, Sam Wronski notifications@github.com wrote:

No, you'll only see View configured update policies if you have a group policy enabled (see original post for image). A group policy was created for my PC after running this tool which controls my automated updates now.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/chocolatey/boxstarter/issues/371#issuecomment-441467589, or mute the thread https://github.com/notifications/unsubscribe-auth/AAXe60BJKq4CTwXfbaHm_0hNEsrlwApdks5uyvUUgaJpZM4Yxuuv .

[pauby]

@runewake2 Boxstarter doesn't create any group policy. As you can see in the code that it runs to stop Windows Updates from applying doesn't do any of that.

On that Windows 10 VM I spun up I can't see any Group Policy mentions.

My only suggestion is to run gpedit.msc from a command prompt and look at Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update - all of these are Not Configured.

[flcdrg]

In my case (similar error message but pretty sure it wasn't triggered by Boxstarter), I followed these steps and the problem resolved.

https://www.drivereasy.com/knowledge/solved-how-to-fix-some-settings-are-managed-by-your-organization-error-on-windows-10/

David

On Mon, 26 Nov 2018 at 07:38, Paul Broadwith notifications@github.com wrote:

@runewake2 https://github.com/runewake2 Boxstarter doesn't create any group policy. As you can see in the code that it runs to stop Windows Updates https://github.com/chocolatey/boxstarter/blob/master/Boxstarter.Bootstrapper/Stop-UpdateServices.ps1 from applying doesn't do any of that.

On that Windows 10 VM I spun up I can't see any Group Policy mentions.

My only suggestion is to run gpedit.msc from a command prompt and look at Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update - all of these are Not Configured.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/chocolatey/boxstarter/issues/371#issuecomment-441473413, or mute the thread https://github.com/notifications/unsubscribe-auth/AAXe64KSP_zE8FXsqzVZk82r553tbRelks5uywbggaJpZM4Yxuuv .

[20k]

I'm also experiencing this. There's nothing in gpedit.msc that's enabled relating to windows update, but windows update has been permanently disabled in the same fashion as OP

[20k]

I'm unsure exactly which, but either deleting the GPO files as per

RD /S /Q "%WinDir%\System32\GroupPolicyUsers" RD /S /Q "%WinDir%\System32\GroupPolicy" gpupdate /force

And/or fiddling about with the GPO registry keys and deleting it there, then restarting fixed it

[fangmarks]

Going to bump this up because it happened to me just now as well. Installed node.js 11.x and was told that my update stuff was disabled and after searching for an update I was told that this was managed by a Organisation. I will try the Steps in the comment above but I, and many others, would like it if it wouldn't exist in the first place.

@20k Did you run those commands in Boxstarter Shell, Powershell, or cmd.exe?

[fangmarks]

To add onto my previous comment, restarting 2+ times (I'm currently still installing it) should not be needed to install something.

[fangmarks]

Sorry for all this spam but as it turns out they get activated again. After finishing the installation they got turned back on and I was able to check for updates once again.

I'm not sure if this is still happening to some people but I'd assume that this is done and would suggest closing this Issue to prevent more spam from People like me

[gep13]

@codepupper thank you for the update. As you have found out, if you leave the Boxstarter process to complete, your system will be put back to the state that it was in before the process started. Part of the issues that we have seen being raised is that people are terminating the Boxstarter process before it has had a chance to finish, and therefore it is being left in a unfinished state.

[gep13]

@runewake2 @20k @codepupper @pauby @flcdrg @mwallner The latest version of the NodeJS installer no longer makes use of Boxstarter. Instead, it uses Chocolatey directly to install the required applications. This approach runs the risk of applications not being able to install correctly due to a requirement for a reboot to install remaining applications, but it does mean that your system will not automatically restart, or alter your system configurations in terms of temporarily disabling Windows Updates, as well as UAC. If you are interested, I uploaded a video showing the new end to end process for the Node JS installation using Chocolatey here:

https://youtu.be/OgJBFSfsRP0

[pauby]

@gep13 Yeah, I'm aware of that. I'm assuming the last issue raised here was from an old installer as @codepupper is not aware of every having installed them directly.

[fangmarks]

I just downloaded the latest installer from Nodejs' website and was worried that I would not be able to update. I had heard of this mistake before but completely forgot about it when I installed it

[4yx]

@gep13 said: Part of the issues that we have seen being raised is that people are terminating the Boxstarter process before it has had a chance to finish, and therefore it is being left in a unfinished state.

I am having the exact same problem, I had left my PC to finish the installation and reboot as many times as it wanted, and I didn't touch anything, so why is mine in this state?

Is there anything I can do to fix this or should I reinstall Windows? I am using Win 8.1.

@20k said: I'm unsure exactly which, but either deleting the GPO files as per

RD /S /Q "%WinDir%\System32\GroupPolicyUsers" RD /S /Q "%WinDir%\System32\GroupPolicy" gpupdate /force

And/or fiddling about with the GPO registry keys and deleting it there, then restarting fixed it

Could you tell me what keys you deleted? Will this have an effect on my computer or any other apps or is it the safest way to proceed? Also, if I would run the repair tool via an installation disk, would it help?

Thanks in advance.

[pauby]

@PCTipsGR As @gep13 said NodeJS no longer makes use of Boxstarter. Which version did you install?

[4yx]

I had installed an older version which used Boxstarter, I can't remember now as I used the uninstaller provided to delete it, unfortunately :neutral_face:

[pauby]

@PCTipsGR See the comments in this issue and also see the linked issues on #378 (that issue itself only links to others at the moment). We'd appreciate any feedback on the uninstall process which we're going to document.

[pauby]

As this issue relates to the NodeJS installer which is no longer being used for Boxstarter, and the issue not been updated in 3 months, I will close it. We can always re-open again in the future if needed.