Windows 10 Updates Havoc


  #1  
Old 07-11-19, 07:55 AM
kolias's Avatar
Member
Thread Starter
Join Date: Jul 2004
Location: Canada
Posts: 1,689
Received 9 Upvotes on 9 Posts
Windows 10 Updates Havoc

It doesn’t happen very often but when Windows 10 does certain updates it really screws everything in my laptop, from the StartMenu (I use Classic Shell) to changing the fonts in my file explorer, Internet connection is gone, printer is not working, start icon is gone etc. etc.

I have managed to have in one locations certain files which I downloaded from the web (basically they are registry hacks) and they help me to bring my laptop to where it was before, but still takes at least half hour to fix everything up.

I thought if I was going to get Windows 10 Pro I could avoid the updates but I understand it not possible as the Pro would only give me the flexibility to postpone the updates for another time.

Has anyone found a trick to prevent the updates?

Or better where Windows 10 keeps all my system configuration files? If I know this I could copy these files and after an Update I could paste them back and have my laptop as it was before.
 
  #2  
Old 07-11-19, 09:05 AM
Shadeladie's Avatar
Super Moderator
Join Date: Jan 2005
Location: PA - USA
Posts: 4,897
Received 388 Upvotes on 316 Posts
There's no way to prevent updates.

I could copy these files and after an Update I could paste them back
Nope, doesn't work that way. You need to use SYSTEM RESTORE to revert, however, doing this would only cause Windows to update again.

The problems you're having tho are not normal things that happen after an update. I've never had any of those things happen. Ever. So we need to figure out why this is happening. There's something else going on that causes these things to happen but it's not actually because of the update.

Hopefully someone here has some insight to help you figure it out.
 
CasualJoe voted this post useful.
  #3  
Old 07-11-19, 10:36 AM
kolias's Avatar
Member
Thread Starter
Join Date: Jul 2004
Location: Canada
Posts: 1,689
Received 9 Upvotes on 9 Posts
My friend also has a similar PC and she has the same problems. Perhaps because I highly customize my installation? I always have done this in all my PC’s since the late 80’s because I want to have the OS look like I want and never had a problem. My other PC’s one with Vista Home and the other with Windows 8.1 have no problems either.

Its only Windows 10 and I think possibly because MS uses the same OS for both smart phones and PC’s?

Anyway perhaps someone has a solution and if not I have no choice. Actually I do have a choice if I want to use Linux but I did try all of their flavors and never liked any one (and keep trying just in case I get used to them)
 
  #4  
Old 07-11-19, 06:02 PM
F
Member
Join Date: May 2010
Location: USA
Posts: 514
Upvotes: 0
Received 49 Upvotes on 37 Posts
kolias I've got five different methods that *might* work, or it might take some combination of two or more, but I don't have a copy of Win10 Home to use as a guinea pig. I was trying to outline all five but the post was going to be longer than War and Peace so I'm cutting it short (and this is still WAY too long).

One way that absoutely will work is to block all of M$'s update servers at the firewall. There's an old trick for blocking URLs in Windows' Hosts file but that won't work in this case because these functions all bypass the Hosts file for name resolution, so you'd have to block them at the firewall.

This for certain will work if you block them at your router's firewall because your router almost certainly runs on Linux firmware and M$'s voodoo doesn't work with Linux. However, not all routers have a user-friendly method for creating firewall rules, and this method also would block all of your other Windows PCs from receiving their updates, so it might not even be possible for you, much less ideal.

If you can't or don't want to do it at the router, you can block them at the specific PC using Windows' native firewall but I have some small doubt that that would work (10% chance) because M$ could have coded the firewall to always allow its own update processes to access its update servers in spite of the firewall.

However, there was a great hue and cry when M$ started forcibly updating Win7 users to Win10, even those who thought they had updates disabled, so I blocked all their update servers in the native firewall of my Win7 Pro. And it worked because I'm still on the Internet and still on Win7. But that's Win7, not Win10, and there have been discussions of this firewall blocking in M$'s own forums so you can be certain they are aware of how it was done.

So you could try it with the native firewall but IMHO that leaves some small risk that M$ can circumvent the native firewall's blocking. Or you could switch to a 3rd-party firewall application and be sure. There are many that are free and simple to use.

Regardless, these are the sites you'd need to block:
--------------------------------------------------
crl.microsoft.com
download.microsoft.com
download.windowsupdate.com
ntservicepack.microsoft.com
office.microsoft.com
officeupdate.microsoft.com
stats.microsoft.com
stats.update.microsoft.com
update.microsoft.com
v4.windowsupdate
windowsupdate.com
windowsupdate.microsoft.com
ws.microsoft.com
wustat.windows.com
--------------------------------------------------
Each of these URLs will have a pool of IP addresses associated with them, so to discover all the addresses use the 'nslookup' command. I'll show you how to look up the first one.

Open a command line window and enter "nslookup"

C:\Users\owner>nslookup <Enter>

It should reply with a simple "greater than" symbol (>) comme ça ...

>

The '>' means you have started an 'nslookup' session. Now enter "server 208.67.222.222" thusly:

> server 208.67.222.222<Enter>

It should reply ...

Default Server: resolver1.opendns.com
Address: 208.67.222.222

Now enter the target URL:

> crl.microsoft.com <Enter>

It should reply ...

Server: resolver1.opendns.com
Address: 208.67.222.222

Non-authoritative answer:
Name: a1363.dscg.akamai.net
Addresses: 2600:1408:9000::172d:b48b
2600:1408:9000::172d:b490
23.48.94.144
23.48.94.153[/INDENT]Aliases: crl.microsoft.com
crl.www.ms.akadns.net

Formatting probably will differ from what I have tried to represent because this forum is contrary.

The response shows four IP addresses, two of which are IPV6 (2600:1404:23::3fef:e93a and 2600:1404:23::3fef:e95b) and two IPV4 (69.31.132.33 and 69.31.132.27). It also shows the original URl and one alias, a1363.dscg.akamai.net. So you've got to write two rules, one for each of the two URLs, and each rule must block all four IP addresses (not to worry, I've included an example below).

Continue with the other 13 main URLs, recording the responses from them all, then enter "exit" to close the 'nslookup' session.

I already have IPV6 disabled on my router because I have no need of it, nor do most home networks, which means in my case I only would have to block the two IPV4 addresses.

There is a GUI to add rules to the native firewall but I think the method I'll be showing you is subject to less error, especially for a first-timer.

First make a list with each of the 14 URLs (and the aliases of each) and all of the IP addresses associated with each. Now create a batch file. Use notepad (or your favorite text editor) to create a file named "add_rules.cmd". I would suggest you create it on your desktop. It doesn't matter what you call it so long as you use a '.cmd' extension. Open your new '.cmd' file with your text editor.

Cut and paste the following into that file:


>
@echo off
cls
echo Block Telemetry Firewall Rules
echo Confirm the UAC prompt to continue.
echo.
PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& {Start-Process PowerShell -ArgumentList '-NoProfile -ExecutionPolicy Bypass -File ""%~dp0.\rules.ps1""' -Verb RunAs}"
echo Rules should be included in Firewall.
echo.
pause
>


Save and close the file. Make sure that the file saved with a .cmd extension and your text editor didn't change it (notepad will tend to do that).

Note that the entry you just created ...

PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& {Start-Process PowerShell -ArgumentList '-NoProfile -ExecutionPolicy Bypass -File ""%~dp0.\rules.ps1""' -Verb RunAs}"

... is all one very long line so make sure your text editor didn't add a line break where one wasn't needed.

Now create a second text file (in the same directory where you created the '.cmd' file) named "rules.ps1". Again the file name doesn't matter (so long as it matches what's in the line ""%~dp0.\rules.ps1""' -Verb RunAs}" in the '.cmd' file but it must have a .ps1 extension (pee-ess-one) because the batch file is going to execute the rules contained in the file from within PowerShell.

As before, edit the '.ps1' file. Cut and paste the following as its first line:

Set-NetFirewallProfile -all

Now you need to fill in the rules. In your case, based on the 'nslookup' I ran, leave a couple of blank lines and add this:


>
netsh advfirewall firewall add rule name="crl.microsoft.com" dir=out action=block remoteip=69.31.132.27,69.31.132.33,2600:1404:23::3fef:e93a,2600:1404:23::3fef:e95b enable=yes


netsh advfirewall firewall add rule name="a1363.dscg.akamai.net" dir=out action=block remoteip=69.31.132.27,69.31.132.33,2600:1404:23::3fef:e93a,2600:1404:23::3fef:e95b enable=yes
>

Note that this is two separate "rules," one for the main URL and another for the alias, and each rule associates the one URL with four different IP addresses (69.31.132.27, 69.31.132.33, 2600:1404:23::3fef:e93a and 2600:1404:23::3fef:e95b). If you block IPV6 at your router, leave out the IPV6 addresses.

Repeat this process for the other 13 URLs, as many rules as URLs and aliases combined, each with all of the IP addresses, and a couple of blank lines after each rule.

Save and close this file and, again, confirm it still has the same extension as you originally gave it (.ps1).

Now open a command window.

Start> Run> cmd <Enter>

CD to the directory where you left the two files you created. If it were my Windows PC they would be in C:\Users\owner\Desktop so the command would be:

cd C:\Users\owner\Desktop

Your user name probably isn't "owner" so change accordingly.

Once you're in C:\Users\<user>\Desktop, enter the following command:

add_rules.cmd

... or whatever you called it. Then sit back and *hopefully* watch PowerShell successfully add all the rules.

--------------------------------------------------

The second method -- the one I can't say for certain will work (but if it didn't work here, it probably wouldn't work in Win10 Pro either) -- is to edit the registry to turn off updates.

The reason this works is that in most cases M$ uses the cheapest mods possible to make Win10 Home less capable than Win10 Pro. The functions still exist but they simply removed the control settings from the registry. So you restore them by re-creating the registry keys that M$ left out.

M$ resorts to all manner of jiggery-pokery to prevent users configuring their systems against their wishes but I have yet to see an instance of them being able to countermand a registry setting. So if I had to bet, I'd bet this one will control all updates. But that's not 100%.

To re-create the registry keys (and values), open the Registry Editor:

Start> Run> regedit <Enter> (or regedit.msc)

In the menu at the top of the GUI, select File> Export. This will make a backup of your current registry. (DON'T skip this step, registry editing is the Windows equivalent of brain surgery)

In the left-hand pane, drill down to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows

Right-click on the Windows folder and select New> Key

Name the new key WindowsUpdate (this is case sensitive; cut-and-paste is advisable)

Right-click on the new WindowsUpdate key and create yet another key within it named AU

Right-click on the new AU key and select New> DWord (32-bit) Value

Name the new value AUOptions

Double-click on the AUOptions value, set the base as Hexadecimal and set the value as one of the following:

2 – means “Notify for download and notify for install”.
3 – means “Auto download and notify for install”.
4 – means “Auto download and schedule the install”.
5 – means “Allow local admin to choose the settings”.

#2 is the recommended value so it will still check on what's available but not download them until you give permission.

I set mine to #5 because I NEVER allow the OS to download updates directly from M$ (details to follow ...eventually).

Modify the registry as stated, close regedit and reboot to make the changes effective.


I'm also working on a post (or posts) to detail what I consider a 'better' procedure for doing updates (which involves a free 3rd-party application) and another for what I consider a painless and fool-proof (and free) method for restoring the entire OS if/when another M$ update poops the bed.
 
kolias voted this post useful.
  #5  
Old 07-11-19, 07:45 PM
kolias's Avatar
Member
Thread Starter
Join Date: Jul 2004
Location: Canada
Posts: 1,689
Received 9 Upvotes on 9 Posts
Wow Fred, that’s a pretty interesting and lengthy info you provide here, thanks for your time.

Regarding blocking the URL’s at the firewall that’s a lengthy and tedious procedure which I like to experiment but not for now. I know how to make batch files but for now I will print your email and do this work in the winter when we stay more inside than outside, lol.

The second method to edit the registry I will try it soon but I have my doubts that it will work because MS does not allow me to edit certain parts of the registry neither allows me to take permissions to edit the registry. That’s very upsetting to me because I have found a few hacks which I would like to do but I cant. Perhaps if I had Windows 10 Pro it would have been better but I don’t know. In any case I will give it a try since it looks very interesting.

Your last paragraph is also very interesting and I have no problem losing my OS since I take quite often an image of my HD with Macrium Reflect and I can restore it quite fast

Thanks again
 
  #6  
Old 07-11-19, 08:51 PM
H
Member
Join Date: Nov 2012
Location: USA
Posts: 2,304
Received 292 Upvotes on 250 Posts
Originally Posted by kolias
Your last paragraph is also very interesting and I have no problem losing my OS since I take quite often an image of my HD with Macrium Reflect and I can restore it quite fast
Which raises two interesting questions

First- is the computer new/powerful enough to just virtual boot your favorite customized Macrium Image?

Second, if you do an incremental backup between "customized" and "default" shouldn't that incrimental backup allow you to isolate and identify what has been changed?
 
  #7  
Old 07-12-19, 07:15 AM
kolias's Avatar
Member
Thread Starter
Join Date: Jul 2004
Location: Canada
Posts: 1,689
Received 9 Upvotes on 9 Posts
I don’t understand where you are getting at Hall_S but I suspect it could be interesting

My laptop is a 2 years old Lenovo Flex 5 and for my needs Is powerful enough. The best part is that she boots within 6-7 seconds (the boot drive is an SSD) and that includes typing 2 passwords, one for the BIOS and one for the Desktop. That’s pretty fast!

I have been using Macrium Reflect for the last 8 years or so and I always do a full backup to my USB 1.4TB HD. I never did an incremental backup. Since I have 2 HD’s I first backup my C:\ which takes about 12 minutes and then my D:\ which takes about 1 hour. On the C:\, besides the OS it also includes any other program which by default they install on the route drive and that includes the MS Office. All other programs which I have a choice I install them on my D:\

I suspect what you mean is to compare my old C:\ backup with a new incremental backup after an update and see the difference. That will be a very difficult task but even if I identify any changed files are you suggesting to replace them with my old ones?
 
  #8  
Old 07-12-19, 08:45 AM
H
Member
Join Date: Nov 2012
Location: USA
Posts: 2,304
Received 292 Upvotes on 250 Posts
Originally Posted by kolias
I suspect what you mean is to compare my old C:\ backup with a new incremental backup after an update and see the difference. That will be a very difficult task but even if I identify any changed files are you suggesting to replace them with my old ones?
SHORT
An incremental-disk-image should allow you to quickly identify what files are changed by the update..
A full-disk-image should allow you to run your customized Win10 OS as a virtual machine that will never change, while still accessing your files on D-drive.

LONGER
Taking the second part-
The incremental backup idea is that if you go into file manager and double-click Macrium-disk-images it will mount as a virtual hard drive. Which leads me to think that an incremental backup should help you identify the SUBSET of specific files have changed which change your desktop settings. I think you can mount incremental backups as virtual hard drives.
An alternate option, now that the computer has updated, if you mount the OLD disk image of the customized system, you SHOULD be able to use a "disk comparison" program to compare the files on the physical laptop drive to the files on the virtual laptop drive to figure out which files have been changed.

Moving to the first point - with Macrium viBoot you can BOOT UP a Macrium full disk image and run it in a window as a virtual computer.
So, if you have a disk image of Windows10 OS configured as you like, (with a bit of tweaking) you ought to be able to boot and run THAT OS version, which will be locked out of any future changes.
Bonus, if you have work files stored on a different drive, I believe that you should still be able to run/use/access those work files on D-drive.

So, basically, you actually boot from crappy-default-Win10 on C-drive, THEN boot up the Macrium disk image of your custom drive as a virtual drive, say X-drive, and just run the OS from X-drive, while running programs and saving your work on D-drive.

Example, I've used Macrium viBoot when a co-worker was locked out of their computer by a MS-Tech-Support-Scam. I made a Macrium disk image of the locked out computer's hard drive, then booted THAT disk image as a virtual machine on another computer.
This lets you try out solutions on the virtual computer and a virtual drive: if something fails or locks up on the virtual machine you simply close the virtual machine; reboot a fresh copy as a new virtual machine, and try again.
Once you find a solution that works on the virtual machine, THEN you try it on the actual hard drive/computer.

This suggestion is kinda-sorta like a dual boot system, but booting a locked-in-version of your customized Windows10.
 
kolias voted this post useful.
  #9  
Old 07-12-19, 10:26 AM
F
Member
Join Date: May 2010
Location: USA
Posts: 514
Upvotes: 0
Received 49 Upvotes on 37 Posts
kolias, I got into this more than I ever wanted a few months back because I have an elderly aunt who is senile and almost blind but she gets agitated if her PC isn't working and she can't receive emails or play her video games. Unfortunately she also routinely finds creative methods for breaking it.

One of the problems I ran into in making her PC unbreakable was that she's on Win7 Home. The Home versions don't have an Administrator's account but, like controlling the updates, the function is still there, it's just disabled through some hidden setting.

Sorry I didn't remember before that the Admin account is disabled in all Home versions, but that, too, is "fixable."

If you can access and modify the Security Policy Manager (and I think you should be able to), you probably can enable a full-fledged Administrator account. To enable it, ...

Start> Run> secpol.msc <Enter>

That should open the Local Policy Security applet. In the left-hand pane, drill down to Security Settings\Security Options. In the right-hand pane, double-click 'Accounts: Administrator account status'. Click the radio button labeled 'Enabled'.

I don't recall if it requires a reboot to be active but I think it does.

If you do ...

Start> Run> compmgmt.msc <Enter>

... that should open the Computer Management applet. In the left-hand pane drill down to

Computer management (Local)\System Tools\Local Users and Groups\Users

In the right-hand pane, double-click on your username. Look under the 'Member Of' tab to see if you are in the Administrator's group. If not, Click the "Add" button, enter "Administrators" in the window provided, click OK, Apply, and OK. If it refuses, you need a reboot.

Once added your user should have Admin's privileges. To start a program with Admin privileges, right-click and choose "Run as administrator." Or go Start> Run> <appname> <Enter> to start it from command line (anything executed from the 'Run' window [Start> Run] is supposed to be executed with Administrator's privileges).

A side note here. There are a number of UNIX/Linux features that M$ covets but has only been able to replicate crudely in their products. Starting with Windows Vista they've included a feature in all Windows versions called User Access Control (UAC) to try to provide the same granularity of control over local security as *NIX has had almost since its beginning 45 years ago. The problem is that it's always been more a nuisance than anything else to users who frequently make modifications just such as these, and Win10 has (IMHO) the most intrusive UAC implementation to date.

I ran Win10 for a few months when it first came out and try as I might I could never come to terms with its UAC. I would install a program only to have UAC block me from editing one of that program's files, even if I logged in as Administrator. I recall there was no way to use right-click "Run as administrator" for File Explorer -- which I consider a YUGE screw-up. The work-around was to create a special shortcut icon that would start File Explorer with elevated privileges. It just wasn't worth the headaches so my experiment with Win10 was short-lived.

I go to the length of mentioning all this because because Win10's UAC has a tendency to prevent even the Administrator from performing tasks that the Admin should be able to make according to M$'s own guidelines. Once you have Administrator's privileges, if UAC blocks you from doing something you want to do, log off as your user and log back in using the user name 'Administrator' (you can create the Admin account with no password but it probably isn't wise, if for no other reason than the password reminds you you're wielding elevated privileges) and try again.

If you're logged in as Administrator (as opposed to a user with Admin privileges) and UAC still blocks you, the only advice I can offer is do what I did. Ditch 10 and go back to 7. I consider myself pretty adept at this 'cracking' stuff but I could never get Win10's UAC disabled to the extent that I could live with it.

That said (and off-topic), I've since found a way to install Win10 without UAC, and without Cortana, too (by installing from a custom image through Bob.Omb's Modified Win10PEx64). That might give me a Win10 I can live with but I don't intend revisiting it to confirm until M$ sunsets Win7.

Anyway, if you've enabled Administrator through Security Police Manager, then confirmed your username is in the Administrators group, you should be able to edit the registry any way you please.


As for the Macrium Reflect, I test-drove a lot of backup solutions trying to find something goof-proof for my aunt, Reflect and AOEMI Backuper and EASEUS Todo Backup and some others, and I think it was Acronis True Image I settled on. What I liked most about it is all you had to do to run restore was hit F11 during reboot, but it did suck up a considerable amount of disk space. But if Macrium is working for you (and I'm not sure that wasn't what I used), I wouldn't change.


As for back-ups, I never let Windows download updates itself. The automatic update process it too random, the download speeds are too slow, and the updates aren't received in an archive-able form. Professional admins use a M$ program called Windows Server Update Service (WSUS) to update all their systems because it eliminates each PC having to access M$'s update servers individually (saves bandwidth) and it allows the Admin to select which updates/patches to install and which to decline or defer, and they can push out the updates at a time when it will least impact the local network. And it archives the updates so they can be reused.

As it happens, there is a free 3rd-party application called WSUSOffline that lets the home administrator do the same thing. It will download updates for all Windows (and M$ Office products), regardless which version of Windows it's being run from. You can run it on Vista and download updates for Win8.1 and/or Win10. All you have to do is install the WSUSOffline program on and copy the update/patch files to the target machine, then run the program. It's all GUI-driven, no command line, and it's reasonably intuitive. The biggest downside is storage space. The updates I've archived for Win7 are close to 10GB (and took for-ever to install on my aunt's PC, which only has a single-core AMD processor). I also used WSUSOffline to archive all the patches for WinXP before M$ decommissioned the XP update servers so I can reinstall and patch XP forever and ever, Amen, and without an Internet connection.

If you're fed up with updates wrecking your PC, it's an option worth looking into.
 
kolias voted this post useful.
  #10  
Old 07-12-19, 02:21 PM
F
Member
Join Date: May 2010
Location: USA
Posts: 514
Upvotes: 0
Received 49 Upvotes on 37 Posts
As for back-ups, I never let Windows download updates itself....
That was supposed to be "As for updates, ..." but I don't seem to be able to correct my misteaks. (sic)
 
  #11  
Old 07-12-19, 04:46 PM
kolias's Avatar
Member
Thread Starter
Join Date: Jul 2004
Location: Canada
Posts: 1,689
Received 9 Upvotes on 9 Posts
Thank you Hal_S and Fred_C_Dobbs, everything been said sound very interesting and at the moment I can’t try any of your suggestions due to other projects on hand. However I will do some of your suggestions at a later day. For now here are my comments.

For Hal_S:

I noticed Macrium has a menu entry called “Convert Image to VHD” and I assume it means Virtual Hard Disk. So it will be easy after an update to convert my old image to a VHD and run it. Assuming my understanding is correct that will make my OS immune to any further updates which will be lovely. My problem is that I don’t like using my VHD on a daily basis because of the extra steps required and the fact that the VHD is kind of slow. I use the VMWare Player right now for my VHD and I have some Linux OS in there and although that’s fine to experiment with Linux however it is not something I would like to have my main OS on it.

In any case, it sound like a good alternative and worth to experiment with it and I will try it later.

For Fred_C_Dobbs:

My Windows 10 Home does not have “secpol.msc”. This is only available in Windows 10 PRO. Also under computer management I don’t have an entry for Local Users and Groups. As far as I know I’m the Administrator in my Laptop because under Accounts the only entry is “My Name” and it says “Local Account, Administrator”. Now I find it odd, like you mentioned, that although I’m the Admin in my Laptop I’m unable to edit certain registry entries and that’s my problem. I think MS did that to restrict users making major changes to the OS.

I’m also aware about the UAC which first was introduced in Vista and I was among the first users back then to delete the UAC. Quite useless.

At one point, considering the frustrations I have with Windows 10 I was looking to buy a Win 7 OS but I was unable to find one. There are some on eBay but for any OS I would like to have an original from a trusted vendor. I was also thinking to get Win 8.1 but since I have it on my second laptop I didn’t like the idea of having the same OS on both laptops.

On my other PC’s my settings for updates is “Notify me for Updates” but in Windows 10 this option is not available. Even in Windows 10 PRO you can’t avoid or select updates but you can postpone the installation of them at a later day

Regarding the WSUSOffline sound like the BART PE which I have and use in the past quite often. I got the link and I will give it a try during the long winter nights we have up here

Bottom line with this thread is that I’m surprised no one has found an easy solution to make Windows 10 more user friendly. I guess MS learned from the past and this time they made the OS kind of "bullet-proof", lol

Many thanks
 
  #12  
Old 07-14-19, 08:13 PM
F
Member
Join Date: May 2010
Location: USA
Posts: 514
Upvotes: 0
Received 49 Upvotes on 37 Posts
kolias, I have installed Win10 Home in VirtualBox and I think I'm en route to a fix that will work for you but it's time consuming to both work out the procedure and document it so it will be useful to you. I'm jammed up tomorrow but hope to have it done Tuesday.

I for certain have figured out 1) how to enable the Administrator account, 2) and how to get local policy and 3) group policy editors working, so the rest should just be details.
 
  #13  
Old 07-15-19, 06:19 AM
kolias's Avatar
Member
Thread Starter
Join Date: Jul 2004
Location: Canada
Posts: 1,689
Received 9 Upvotes on 9 Posts
I have Win7 And XP Pro in my VHD and both needed authentication which means if I do the same with Win10 I will have to remove it from my C:\ ?

Can I install Win10 on my VHD from my back up image?

I gather there must be 2 types of Admin accounts and the one I have now is not the “real” admin and that’s why I can’t edit everything in the registry. That will be real nice to have.

The same for the group policy editor which is only available in Win10 PRO

I’m curious how you will do all this Fred
 
  #14  
Old 07-15-19, 06:53 AM
Shadeladie's Avatar
Super Moderator
Join Date: Jan 2005
Location: PA - USA
Posts: 4,897
Received 388 Upvotes on 316 Posts
I think your user profile isn't being saved when it updates, so it's reverting back to a default one maybe?
If you can figure out or find out why, then maybe you could solve the problem.
I don't know why anyone would want to stop all the updates. Most of them are security updates to keep up with all the hacking and what not that goes on. Seems you'd want to protect your computer. But that's just me I guess!
 
  #15  
Old 07-15-19, 11:29 AM
R
Member
Join Date: Dec 2005
Location: USA
Posts: 646
Upvotes: 0
Received 67 Upvotes on 52 Posts
I don't know why anyone would want to stop all the updates. Most of them are security updates to keep up with all the hacking and what not that goes on
Do we really know if updates are for our benefit or MS? Seems as though MS does a whole lot of updates under the guise of security but I think it's possibly more data mining than anything.
 
  #16  
Old 07-15-19, 11:42 AM
H
Member
Join Date: Nov 2012
Location: USA
Posts: 2,304
Received 292 Upvotes on 250 Posts
Originally Posted by kolias
The same for the group policy editor which is only available in Win10 PRO
Upgrading from Win10 Home to Win 10 Pro isn't that difficult, might be worth the slight effort in this case.
 
  #17  
Old 07-15-19, 11:56 AM
Shadeladie's Avatar
Super Moderator
Join Date: Jan 2005
Location: PA - USA
Posts: 4,897
Received 388 Upvotes on 316 Posts
I think their updates benefit us. Each update tells you exactly what's being updated. I doubt they're going to lie about it without anyone knowing.
I subscribe to How-To Geek and groovyPost and I'm always being notified about new updates and what they entail. Neither ever put them down.
Personally, I have nothing to hide and whatever data anyone might collect, really doesn't bother me. I'm sure they have more important things to check up on than a run of the mill user like myself.
 
  #18  
Old 07-15-19, 12:50 PM
kolias's Avatar
Member
Thread Starter
Join Date: Jul 2004
Location: Canada
Posts: 1,689
Received 9 Upvotes on 9 Posts
Shadeladie:

You have a point here, next time after the updates I will check my account to see what the status is.

Regarding the updates its only my opinion that MS has the updates to have us hooked to their OS and change it as often since the old OS is only good for X number of years. I just can’t justify the amount of the updates MS issues considering all the programmers he has. Why they don’t do it right the first time and they have to issue so many updates? I mean it’s about 2-3 years I have Win10 and the amount of updates I got so far is ridiculous and don’t forget the time I have to waste for them.

And as Ron53 mentioned above I do believe it’s more for data mining and perhaps otter marketing schemes than just for security

I still have Vista and XP in my other PC’s and I get no updates and never had any issues. But I am careful; I only stay on the Internet as long as I need and then I disconnect and I always delete email before opening if I don’t know the sender. Perhaps I’m lucky?

Hal_S:

You are right Hal_S it is not a big deal for me to go to Win10 and I may go for it. My problem is if I fork out the $$$ I will still have to accept the updates except with the PRO I can postpone them for a latter day.
 
  #19  
Old 07-17-19, 09:17 AM
Shadeladie's Avatar
Super Moderator
Join Date: Jan 2005
Location: PA - USA
Posts: 4,897
Received 388 Upvotes on 316 Posts
Another thought is to check the "event viewer" after an update and see what errors it's showing.
 
  #20  
Old 07-19-19, 06:58 AM
F
Member
Join Date: May 2010
Location: USA
Posts: 514
Upvotes: 0
Received 49 Upvotes on 37 Posts
Kolias, sorry for missing my own deadline. I had to put an elderly family member in the hospital Monday night and they're (supposed to be) discharging that person to a skilled nursing care facility today, after which I should be able to get back to it.
 
  #21  
Old 07-22-19, 06:43 PM
F
Member
Join Date: May 2010
Location: USA
Posts: 514
Upvotes: 0
Received 49 Upvotes on 37 Posts
Or not.

I'll give you what I've got now (the rest I haven''t tested) and maybe once you have Admin working you can continue with the instructions I wrote above.

I was testing using the latest Win10 Home, build 1903. I made exactly zero changes or customizations to it and ran it exactly as it came out of the box.
Hopefully it will respond the same as whatever version you're running.

Local Group Policy Editor is easy. Make a batch file containing this:


@echo off
pushd "%~dp0"

dir /b C:\Windows\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientExtensions-Package~3*.mum >List.txt

dir /b C:\Windows\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientTools-Package~3*.mum >>List.txt

for /f %%i in ('findstr /i . List.txt 2^>nul') do dism /online /norestart /add-package:"%SystemRoot%\servicing\Packages\%%i"

pause


You might want to turn off the word wrap function on whatever text editor you use to make sure those three long lines don't get a line break added by mistake.

Save and close the file.


In "Type to search here", enter "cmd".

In the left-hand pane you should see 'Command Prompt' and 'App' highlighted in blue. If not, highlight them. In the right-hand pane, click on "Run as administrator".

It will ask "Do you want to allow this app to make changes to your device?" Answer 'Yes'.

That should open an instance of Command Prompt with Administrator at the top and the prompt should be C:\Windows\System32. This means you are running the 'limited' administrator's account.

Into the Command Prompt "CD" to whever you left the batch file you just created. In my case that was "cd \users\owner\desktop"

Then type in

dir <Enter>

It should display your file, only there probably will be a .txt at the end. If that's the case, to rename it so it will have the proper file extension, type in:

ren [space] <your file name-dot-whatever> [space] <your.file.name>.cmd <Enter>

now enter "dir" again to confirm the name change took place.

If it's successful, run it by typing in:

<your.file.name>.cmd ...and <Enter>

It will make two installations. If the commands are successful, each will state so plainly.

Provided it completes normally, in 'Type here to search' enter "policy". That will reveal the new Local Policy Editor. Open it with Admin privileges.

Drill down to Security Settings/Local Policies/Security Options. In the right-hand pane, double-click on "Accounts: Administrator account status". Click the radio button marked "Emabled" and click "Apply" and "OK"


That's as far as I got testing (and documenting) on my copy, which at least should give you a full-blown Admin account. But while I was waiting in the hospital and reading the 26 June issue of WebUser magazine, I came across a free application called Kill-Update, which claims to turn off ALL Win10 updates, provided you run it with Admin privileges.

I haven't had time to test it but I offer it for your investigation (because I don't know when I can find time to do and document it the other way).
 
  #22  
Old 07-24-19, 11:34 AM
P
Member
Join Date: Jul 2001
Location: MD
Posts: 2,191
Received 6 Upvotes on 6 Posts
This is July 24th and now it is recognized that updates did cause issues with 1903 particularly Defender.
 
  #23  
Old 07-24-19, 12:20 PM
Shadeladie's Avatar
Super Moderator
Join Date: Jan 2005
Location: PA - USA
Posts: 4,897
Received 388 Upvotes on 316 Posts
Well it's not everyone. I didn't have any problems or issues with any updates. Just saying.
 
  #24  
Old 07-30-19, 04:32 AM
P
Member
Join Date: Jul 2001
Location: MD
Posts: 2,191
Received 6 Upvotes on 6 Posts
Like many users I had some damage done after the last cumulative update.
Windows did admit to having issues with compatibility between Defender and SFC. I thought files were corrupted which were not.
After a lot of DISM work and things were ok I found this was a known issue for some. I am running ok now but that the updates caused trouble is not in your head. There is no viable answer. You need updates if Defender is your AV and SFC if you wish to check files. One can only hope Windows will do a better job and like a good user, revert to an image if there is a problem. I too find Macrium reflect to be reliable.
I only wish I had become proficient with Linux years ago instead of just playing with it.
 
 

Thread Tools
Search this Thread
 
Ask a Question
Question Title:
Description:
Your question will be posted in: