search

cschneegans / unattend-generator

.NET Core library to create highly customized autounattend.xml files
https://schneegans.de/windows/unattend-generator/
MIT License
633 stars 55 forks source link

[REQUEST] Option to disable Windows Update completely #87

Open Reptaiin opened 3 weeks ago

Reptaiin commented 3 weeks ago

This would help users who want to install drivers on their own or via software like Snappy Driver Origin or NVCleanstall, but also prevent certain hardware from automatically offering their bloatware without the user's consent (Razer or Logitech famously do this with pop-ups appearing while Windows finalizes the install).

stimpy81 commented 3 weeks ago

Yes, this would be nice for more secure locations. The less phoning home and constant popups for WU, the better!

cschneegans commented 3 weeks ago

I have not experienced such issues with drivers installed through Windows Update. In general, I do not like the idea to disable Windows Update.

After a quick Google search, it seems there might be a simpler solution: When you run %windir%\system32\SystemPropertiesHardware.exe and click Device Installation Settings, there is a setting to prevent Windows from automatically downloading “manufacturers' apps and custom icons”:

image

This setting is stored in the registry at this key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata]
"PreventDeviceMetadataFromNetwork"=dword:00000001

Could this solve the issue?

Reptaiin commented 3 weeks ago

I believe this is the correct one:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"ExcludeWUDriversInQualityUpdate"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings]
"ExcludeWUDriversInQualityUpdate"=dword:00000001

I'll be testing this first:

This setting is stored in the registry at this key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata]
"PreventDeviceMetadataFromNetwork"=dword:00000001

Could this solve the issue?

Reptaiin commented 3 weeks ago

I believe this is the correct one:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"ExcludeWUDriversInQualityUpdate"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings]
"ExcludeWUDriversInQualityUpdate"=dword:00000001

I'll be testing this first:

This setting is stored in the registry at this key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata]
"PreventDeviceMetadataFromNetwork"=dword:00000001

Could this solve the issue?

This sadly didn't work when inserting it in the "Scripts to modify the default user's registry hive" part. image

Should this be done in "Scripts to run in the system context, before user accounts are created"?

cschneegans commented 3 weeks ago

Should this be done in "Scripts to run in the system context, before user accounts are created"?

.reg files with [HKEY_LOCAL_MACHINE\…] keys need to go to the Scripts to run in the system context section, yes. And please don't change key names just to pass the JavaScript validation.

stimpy81 commented 3 weeks ago

Microsoft and Intel have been allegedly working on Windows Driver Update problems for over a year now. Anyone who owns an Intel GPU have encountered the bug where if you install your own driver for the GPU, then Windows Update will download an old one and replace your nice shiny new driver with something a year old. This is a well-known problem, as is still an issue.

So being able to stop forced driver update through WU would be great at the time of install for those of us that need control of what is installed.

Reptaiin commented 3 weeks ago

Should this be done in "Scripts to run in the system context, before user accounts are created"?

.reg files with [HKEY_LOCAL_MACHINE\…] keys need to go to the Scripts to run in the system context section, yes. And please don't change key names just to pass the JavaScript validation.

Sorry, I sorta didn't know exactly where to put it. That being said, I have tried: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata] "PreventDeviceMetadataFromNetwork"=dword:00000001 in the Scripts to run in the system context section, and it didn't work as the Razer Synapse pop-up still appeared (and Nvidia drivers got automatically installed).

cschneegans commented 3 weeks ago

Please try

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"ExcludeWUDriversInQualityUpdate"=dword:00000001

next. This is the registry value that is controlled by this group policy:

image

Reptaiin commented 3 weeks ago

Please try

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"ExcludeWUDriversInQualityUpdate"=dword:00000001

next. This is the registry value that is controlled by this group policy:

image

That didn't work as well sadly, still updating on its own and showing the Razer Synapse pop-up.

image image

stimpy81 commented 3 weeks ago

What about blocking WU servers in the Hosts file?

cschneegans commented 3 weeks ago

Since it seems that there is no way to disable driver updates selectively, I am open to disable Windows Update as a whole.

There are many tutorials on the web that promise to achieve this, but it seems to me that most

Shawn Brink's tutorials are usually well-researched, but in this case the two methods he describes do not seem ideal to me. Also note how much more methods were available for Windows 10!

cschneegans commented 3 weeks ago

https://github.com/cschneegans/unattend-generator/commit/4644b24f807390f037a5206bb1a4cb9db2dffbaa adds a scheduled task that periodically updates several values in [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings] to pause updates for one week again and again. This approach seems quite elegant to me, but it probably needs further testing.

image

image

Reptaiin commented 3 weeks ago

Thanks! I will be testing this with the latest 24H2 ISO and report back shortly.

Reptaiin commented 3 weeks ago

4644b24 adds a scheduled task that periodically updates several values in [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings] to pause updates for one week again and again. This approach seems quite elegant to me, but it probably needs further testing.

image

image

While that did pause Windows Update, it did not stop it. Still installing the drivers, and a update?

image image

cschneegans commented 3 weeks ago

Well, at least the new color settings seem to work properly. 😀

I have a 24H2 VM running since yesterday, and I was confident the approach worked because of this Settings page:

image

However, it seems that Windows actually did install several updates:

PS C:\> Get-WinEvent -ProviderName 'Microsoft-Windows-WindowsUpdateClient' | Select-Object -ExpandProperty 'Message' | Sort-Object -Unique;
An update was downloaded.
Installation Failure: Windows failed to install the following update with error 0x80073D02: 9NTXGKQ8P7N0-MicrosoftWindows.CrossDevice.
Installation Started: Windows has started installing the following update: 9MSSGKG348SP-MicrosoftWindows.Client.WebExperience
Installation Started: Windows has started installing the following update: 9MVZQVXJBQ9V-Microsoft.AV1VideoExtension
Installation Started: Windows has started installing the following update: 9MW2LKJ0TPJF-Microsoft.NET.Native.Framework.2.2
Installation Started: Windows has started installing the following update: 9N4WGH0Z6VHQ-Microsoft.HEVCVideoExtension
Installation Started: Windows has started installing the following update: 9N5TDP8VCMHS-Microsoft.WebMediaExtensions
Installation Started: Windows has started installing the following update: 9NBLGGH3FRZM-Microsoft.VCLibs.140.00
Installation Started: Windows has started installing the following update: 9NBLGGH4LS1F-Microsoft.StorePurchaseApp
Installation Started: Windows has started installing the following update: 9NBLGGH4NNS1-Microsoft.DesktopAppInstaller
Installation Started: Windows has started installing the following update: 9NBLGGH4RV3K-Microsoft.VCLibs.140.00.UWPDesktop
Installation Started: Windows has started installing the following update: 9NCTDW2W1BH8-Microsoft.RawImageExtension
Installation Started: Windows has started installing the following update: 9NH2SW16MQ7F-Microsoft.WindowsAppRuntime.1.5
Installation Started: Windows has started installing the following update: 9NSTH9KHZDLQ-Microsoft.UI.Xaml.2.8
Installation Started: Windows has started installing the following update: 9NTXGKQ8P7N0-MicrosoftWindows.CrossDevice
Installation Started: Windows has started installing the following update: 9PB0TRCNRHFX-Microsoft.AVCEncoderVideoExtension
Installation Started: Windows has started installing the following update: 9PCSD6N03BKV-Microsoft.ApplicationCompatibilityEnhancements
Installation Started: Windows has started installing the following update: 9PG2DK419DRG-Microsoft.WebpImageExtension
Installation Started: Windows has started installing the following update: 9PLL735RFDSM-Microsoft.NET.Native.Runtime.2.2
Installation Started: Windows has started installing the following update: 9PMMSR1CGPWG-Microsoft.HEIFImageExtension
Installation Started: Windows has started installing the following update: 9WZDNCRFJBMP-MICROSOFT.WINDOWSSTORE
Installation Successful: Windows successfully installed the following update: 9MSSGKG348SP-MicrosoftWindows.Client.WebExperience
Installation Successful: Windows successfully installed the following update: 9MVZQVXJBQ9V-Microsoft.AV1VideoExtension
Installation Successful: Windows successfully installed the following update: 9MW2LKJ0TPJF-Microsoft.NET.Native.Framework.2.2
Installation Successful: Windows successfully installed the following update: 9N4WGH0Z6VHQ-Microsoft.HEVCVideoExtension
Installation Successful: Windows successfully installed the following update: 9N5TDP8VCMHS-Microsoft.WebMediaExtensions
Installation Successful: Windows successfully installed the following update: 9NBLGGH3FRZM-Microsoft.VCLibs.140.00
Installation Successful: Windows successfully installed the following update: 9NBLGGH4LS1F-Microsoft.StorePurchaseApp
Installation Successful: Windows successfully installed the following update: 9NBLGGH4NNS1-Microsoft.DesktopAppInstaller
Installation Successful: Windows successfully installed the following update: 9NBLGGH4RV3K-Microsoft.VCLibs.140.00.UWPDesktop
Installation Successful: Windows successfully installed the following update: 9NCTDW2W1BH8-Microsoft.RawImageExtension
Installation Successful: Windows successfully installed the following update: 9NH2SW16MQ7F-Microsoft.WindowsAppRuntime.1.5
Installation Successful: Windows successfully installed the following update: 9NSTH9KHZDLQ-Microsoft.UI.Xaml.2.8
Installation Successful: Windows successfully installed the following update: 9PB0TRCNRHFX-Microsoft.AVCEncoderVideoExtension
Installation Successful: Windows successfully installed the following update: 9PCSD6N03BKV-Microsoft.ApplicationCompatibilityEnhancements
Installation Successful: Windows successfully installed the following update: 9PG2DK419DRG-Microsoft.WebpImageExtension
Installation Successful: Windows successfully installed the following update: 9PLL735RFDSM-Microsoft.NET.Native.Runtime.2.2
Installation Successful: Windows successfully installed the following update: 9PMMSR1CGPWG-Microsoft.HEIFImageExtension
Installation Successful: Windows successfully installed the following update: 9WZDNCRFJBMP-MICROSOFT.WINDOWSSTORE
Windows Update started downloading an update.
Windows Update successfully found 0 updates.
Windows Update successfully found 1 updates.
Windows Update successfully found 11 updates.
Windows Update successfully found 2 updates.
Windows Update successfully found 8 updates.

Please post the output of this PowerShell command on your machine.

Reptaiin commented 3 weeks ago

Aren't these Windows Store updates?

PS C:\WINDOWS\system32> Get-WinEvent -ProviderName 'Microsoft-Windows-WindowsUpdateClient' | Select-Object -ExpandProperty 'Message' | Sort-Object -Unique;
Ein Update wurde heruntergeladen.
Es wurden 0 Updates gefunden.
Es wurden 1 Updates gefunden.
Es wurden 17 Updates gefunden.
Es wurden 2 Updates gefunden.
Es wurden 4 Updates gefunden.
Es wurden 5 Updates gefunden.
Es wurden 6 Updates gefunden.
Es wurden 7 Updates gefunden.
Es wurden 8 Updates gefunden.
Installation erfolgreich: Das folgende Update wurde installiert. 9MV0B5HZVK9Z-Microsoft.GamingApp
Installation erfolgreich: Das folgende Update wurde installiert. 9N4D0MSMP0PT-Microsoft.VP9VideoExtensions
Installation erfolgreich: Das folgende Update wurde installiert. 9N4WGH0Z6VHQ-Microsoft.HEVCVideoExtension
Installation erfolgreich: Das folgende Update wurde installiert. 9N5TDP8VCMHS-Microsoft.WebMediaExtensions
Installation erfolgreich: Das folgende Update wurde installiert. 9NBLGGH4LS1F-Microsoft.StorePurchaseApp
Installation erfolgreich: Das folgende Update wurde installiert. 9NCTDW2W1BH8-Microsoft.RawImageExtension
Installation erfolgreich: Das folgende Update wurde installiert. 9NKNC0LD5NN6-Microsoft.Xbox.TCUI
Installation erfolgreich: Das folgende Update wurde installiert. 9NMPJ99VJBWV-Microsoft.YourPhone
Installation erfolgreich: Das folgende Update wurde installiert. 9NTXGKQ8P7N0-MicrosoftWindows.CrossDevice
Installation erfolgreich: Das folgende Update wurde installiert. 9NZKPSTSNW4P-Microsoft.XboxGamingOverlay
Installation erfolgreich: Das folgende Update wurde installiert. 9P5VK8KZB5QZ-Microsoft.UI.Xaml.2.7
Installation erfolgreich: Das folgende Update wurde installiert. 9P6CT0SLW589-Microsoft.LanguageExperiencePackde-DE
Installation erfolgreich: Das folgende Update wurde installiert. 9PB0TRCNRHFX-Microsoft.AVCEncoderVideoExtension
Installation erfolgreich: Das folgende Update wurde installiert. 9PG2DK419DRG-Microsoft.WebpImageExtension
Installation erfolgreich: Das folgende Update wurde installiert. 9PMMSR1CGPWG-Microsoft.HEIFImageExtension
Installation gestartet: Windows hat mit der Installation des folgenden Updates begonnen: 9MV0B5HZVK9Z-Microsoft.GamingApp
Installation gestartet: Windows hat mit der Installation des folgenden Updates begonnen: 9N4D0MSMP0PT-Microsoft.VP9VideoExtensions
Installation gestartet: Windows hat mit der Installation des folgenden Updates begonnen: 9N4WGH0Z6VHQ-Microsoft.HEVCVideoExtension
Installation gestartet: Windows hat mit der Installation des folgenden Updates begonnen: 9N5TDP8VCMHS-Microsoft.WebMediaExtensions
Installation gestartet: Windows hat mit der Installation des folgenden Updates begonnen: 9NBLGGH4LS1F-Microsoft.StorePurchaseApp
Installation gestartet: Windows hat mit der Installation des folgenden Updates begonnen: 9NCTDW2W1BH8-Microsoft.RawImageExtension
Installation gestartet: Windows hat mit der Installation des folgenden Updates begonnen: 9NKNC0LD5NN6-Microsoft.Xbox.TCUI
Installation gestartet: Windows hat mit der Installation des folgenden Updates begonnen: 9NMPJ99VJBWV-Microsoft.YourPhone
Installation gestartet: Windows hat mit der Installation des folgenden Updates begonnen: 9NTXGKQ8P7N0-MicrosoftWindows.CrossDevice
Installation gestartet: Windows hat mit der Installation des folgenden Updates begonnen: 9NZKPSTSNW4P-Microsoft.XboxGamingOverlay
Installation gestartet: Windows hat mit der Installation des folgenden Updates begonnen: 9P5VK8KZB5QZ-Microsoft.UI.Xaml.2.7
Installation gestartet: Windows hat mit der Installation des folgenden Updates begonnen: 9P6CT0SLW589-Microsoft.LanguageExperiencePackde-DE
Installation gestartet: Windows hat mit der Installation des folgenden Updates begonnen: 9PB0TRCNRHFX-Microsoft.AVCEncoderVideoExtension
Installation gestartet: Windows hat mit der Installation des folgenden Updates begonnen: 9PG2DK419DRG-Microsoft.WebpImageExtension
Installation gestartet: Windows hat mit der Installation des folgenden Updates begonnen: 9PMMSR1CGPWG-Microsoft.HEIFImageExtension
Windows Update hat mit dem Herunterladen eines Updates begonnen.
cschneegans commented 3 weeks ago

Aren't these Windows Store updates?

Yes, but on my primary computer (running Windows 10 22H2), the very same PowerShell command finds log messages like these:

Installation Successful: Windows successfully installed the following update: 2024-10 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5044273)
Installation Successful: Windows successfully installed the following update: Advanced Micro Devices, Inc. - Display - 31.0.12027.9001
Installation Successful: Windows successfully installed the following update: Brother - Printer - 4/22/2009 12:00:00 AM - 10.0.17119.1
Installation Successful: Windows successfully installed the following update: Feature update to Windows 10, version 22H2

To be honest, I am not sure what is going in here. You could run the PowerShell command Get-WinEvent | Where-Object -Property 'Message' -Match -Value 'KB5046683'; to search all logs. This will take some time, but hopefully will tell us why Windows chose to install the KB5046683 update.

cschneegans commented 2 weeks ago

After installing the VM again with exactly the same settings, I now receive the KB5046683 update too despite Windows Update being paused:

image

PS C:\> Get-WinEvent | Where-Object -Property Message -Match -Value 'KB5046683' | Select-Object -Property TimeCreated, Message | Sort-Object -Property TimeCreated

TimeCreated         Message
-----------         -------
2024-10-26 23:23:19 Installation Started: Windows has started installing the following update: 2024-10 Update for Windows 11 Version 24H2 for x64-based Systems (KB5046683)
2024-10-26 23:23:19 Initiating changes for package KB5046683. Current state is Absent. Target state is Installed. Client id: WindowsUpdateAgent.
2024-10-26 23:23:20 Auditing settings on object were changed....
2024-10-26 23:23:20 Auditing settings on object were changed....
2024-10-26 23:23:45 A reboot is necessary before package KB5046683 can be changed to the Installed state.
2024-10-26 23:24:01 Package KB5046683 was successfully changed to the Installed state.
2024-10-26 23:24:12 Installation Successful: Windows successfully installed the following update: 2024-10 Update for Windows 11 Version 24H2 for x64-based Systems (KB5046683)