this post was submitted on 20 Jun 2024
55 points (91.0% liked)

No Stupid Questions

35826 readers
1066 users here now

No such thing. Ask away!

!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must be legitimate questions. All post titles must include a question.

All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.



Rule 2- Your question subject cannot be illegal or NSFW material.

Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding META posts and joke questions.

Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.

On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.

If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.



Rule 7- You can't intentionally annoy, mock, or harass other members.

If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- Majority of bots aren't allowed to participate here.



Credits

Our breathtaking icon was bestowed upon us by @Cevilia!

The greatest banner of all time: by @TheOneWithTheHair!

founded 1 year ago
MODERATORS
 

I haven't run windows since 2019. However I need to boot my old drive to grab some data. I really need to make sure this system doesn't update any windows components, but I'll need it to have internet access for a portion of the time.

On a different system, I used to have two reg keys that I would run to disable or enable updates when I found that disabling the services only worked until the watchdog would re enable them. Those resulted in updates saying something was wrong, which is perfect by me.

Now that web searches for stuff like this are all AI-gen'd SEO BS, can anyone tell me or point me to a reliable resource for truly disabling updates on Win 10?

PS - Bonus points if Anyone can link me to the page I used a few years back that had all sorts of privacy enhancing and telemetry disabling option on the left side and would create a reg file for applying those changes on the right. It might have been a purple theme, I forget.

Edit: it may also have been a "services" command that fully disabled services from CLI where the GUI says access denied. I forget.

Edit 2: I got the updates services disabled via registry. Thanks to those who refreshed my old Windows admin memory. I dumped Windows on my personal systems years ago, and haven't had to think about this for a while. It's a shame when the operating system changes to this model of SaaS where they call all the shots. I want security updates, but not bleeding edge drivers, candy crush, "feature enhancements", random unexpected reboots, etc. I miss when the update feature didn't assume nobody in the world could handle manual updates. You know, like sudo apt-get update.

top 44 comments
sorted by: hot top controversial new old
[–] folekaule@lemmy.world 17 points 5 months ago (1 children)

Is moving the drive to another computer as a secondary drive an option? Or put it in a separate USB enclosure? That way you don't need to boot it at all, unless it's encrypted or something.

[–] XeroxCool@lemmy.world 2 points 5 months ago (1 children)

Would plugging a drive with an OS on it into a running computer just show a list of files like normal?

[–] folekaule@lemmy.world 3 points 5 months ago

Yes, unless it is encrypted, in which case you need a way to decode that. You can even boot an OS from a USB thumb drive to recover files from a hard drive.

[–] Blizzard@lemmy.zip 14 points 5 months ago* (last edited 5 months ago)

I tried every suggested way of disabling Windows Updates, including changing dedicated settings in Windows Update, registry, group policy, disabling services, blocking it in firewall, adding WU domains to HOST file and some other tricks I can no longer remember - Windows just ignores it all and updates itself anyway.

The only thing that seems to have worked is to set your internet connection as metered and then set WU not to update over metered connections.

[–] fah_Q@lemmy.ca 11 points 5 months ago* (last edited 5 months ago) (1 children)
[–] s38b35M5@lemmy.world 3 points 5 months ago

That is similar to the web page I was thinking of. Thx. I'll check it out.

[–] http417@lemmy.world 10 points 5 months ago* (last edited 5 months ago) (1 children)

Bonus points if Anyone can link me to the page I used a few years back that had all sorts of privacy enhancing and telemetry disabling option on the left side and would create a reg file for applying those changes on the right

Sounds like https://privacy.sexy/ might be the answer?

[–] s38b35M5@lemmy.world 2 points 5 months ago

Yes!!! ⭐ ⭐

And it isn't remotely purple! Thank you for sharing!!!

[–] Kit@lemmy.blahaj.zone 9 points 5 months ago* (last edited 5 months ago) (1 children)

Everyone here is dramatically overcomplicating the solution. Simply:

  1. Turn on the PC without an Internet connection
  2. From an elevated cmd, run net stop wuauserv
  3. Connect the network and copy your files

This stops the update service and will absolutely prevent windows updates from running. BUT it reverts at the next boot, so be careful.

If you want a more permanent solution, you can edit a regkey to trick the system into looking for a local wsus server, which will prevent it from reaching out to the web. Read this for a rundown: https://learn.microsoft.com/de-de/security-updates/windowsupdateservices/21669493

Source: More than a decade as a sysad with a focus on endpoint patching

[–] Reygle@lemmy.world 3 points 5 months ago (2 children)

Hate to be "that guy", and maybe OP's no updates since 2019 exempt them from this, but modern 10/11 both immediately auto-restart the Windows update service when it's manually stopped.

[–] s38b35M5@lemmy.world 3 points 4 months ago (1 children)

No, you're absolutely right. That's what happens when you have the WaaSMedic service running, which cannot be easily disabled in services.msc. I would think I had finally gone the "full-nuclear" option and broken al updates by disabling and stopping the update services (that I knew about), but they would re-enable themselves without fail.

This comment explains where you need to disable it (if you want to go that route).

[–] Reygle@lemmy.world 2 points 4 months ago

Very helpful thank you.

[–] Kit@lemmy.blahaj.zone 2 points 5 months ago (1 children)

This is not my experience on Windows 10 Pro

[–] Reygle@lemmy.world 2 points 5 months ago (1 children)

Good, it's been my experience, at least on fully updated 10.

[–] Kit@lemmy.blahaj.zone 1 points 4 months ago (1 children)
[–] Reygle@lemmy.world 1 points 4 months ago

Yeah was standard pro I saw it on.

[–] NaibofTabr@infosec.pub 8 points 5 months ago* (last edited 5 months ago) (2 children)

InControl by Steve Gibson allows you to set a specific Windows release version and prevent further feature updates, but does allow security updates:

InControl controls Windows automatic updating/upgrading system by targeting it to a specific major version and feature update release. By default, the current release will be used. So if you “Take Control” with the major version and feature release shown in the boxes in the lower left, Windows will remain right where it is – only installing monthly security updates – until you “Release control”.

Also:

Like all of GRC's ultra lightweight freeware utilities, no setup or installation is required. Just run the utility with administrative rights. InControl's operation can be scripted from the command line, and full technical details about the Registry keys it changes is provided.

[–] s38b35M5@lemmy.world 7 points 5 months ago* (last edited 5 months ago) (1 children)

God bless Steve Gibson! Security Now! I used Spinrite back in 92. I've used his other utilities (when they were relevant), and ShieldsUP too. That man is a treasure. Thanks for the link. I know he gets it.

On second thought, while this is great, I need to block all updates in this PC.

[–] NaibofTabr@infosec.pub 2 points 5 months ago

Yeah, I started listening to the podcast a couple years ago, and based on that I'd trust Steve's opinion on basically everything related to computers & networking - largely because I know he'd be able to explain in detail why he has that opinion.

[–] FauxPseudo@lemmy.world 2 points 5 months ago (1 children)

I was thinking boot from a different media and access the file system. But the moment I saw Steve Gibson had a different way I felt like my option was stupid. That is the power of Steve Gibson.

[–] NaibofTabr@infosec.pub 1 points 5 months ago* (last edited 5 months ago)

Steve is one of those guys that has done so much with computers that if you have a problem it's highly likely that he's already dealt with that problem too and has a solution or workaround, or knows where to find one.

[–] algorithmae@lemmy.sdf.org 5 points 5 months ago (2 children)

Download and install sysinternals suite: https://learn.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite

then run:

psexec -i -s services.msc

and disable Windows Update, Update Orchestrator, and WaaSmedic if it's there.

Alternatively, do the same psexec but regedit instead of services, navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services, find those same services I listed above, change the Start value to 4 to disable. I went to the next step and neutered all the registry entries for each of those services to make sure they stayed dead.

[–] Thorry84@feddit.nl 9 points 5 months ago (1 children)

Why would you need psexec to run services.msc? You can just open the services by running it directly or even from the start menu.

[–] algorithmae@lemmy.sdf.org 2 points 5 months ago

To run as System and prevent permission issues from wagging its finger at you and saying "nuh uh". Yes obviously you can open Services the normal way if it wasn't windows update BS

[–] s38b35M5@lemmy.world 4 points 5 months ago (1 children)

WaaSmedic must be that watchdog that kept re-enabling update services after I disabled them years ago. I just remember my OS would start a multi hour encode or compile, and I'd come back hours later to a login screen and update history telling me it rebooted when I didn't have automatic updates enabled.

Thx for the reply.

[–] algorithmae@lemmy.sdf.org 2 points 5 months ago (1 children)

Eeyup, same exact situation here. I leave my work computer overnight reencoding video pretty frequently, and would lose so much productivity due to restarts I didn't ask for.

[–] s38b35M5@lemmy.world 2 points 5 months ago

Its all coming back to me now. Must've been repressed memories...

For the record, the service names are: UsoSvc WaaSMedicSvc wuauserv

[–] RisingSwell@lemmy.dbzer0.com 5 points 5 months ago

There are programs like net limiter that you can use to just block access entirely for windows updates, every time one pops up to use data you can just block it, i think there's like 6 processes windows will try to use to update various things. It's not exactly what you are looking for, but it should solve your problem anyway.

[–] adespoton@lemmy.ca 4 points 5 months ago

Put it behind a PiHole that drops all traffic to Microsoft servers?

[–] Glide@lemmy.ca 3 points 5 months ago* (last edited 5 months ago)

I just install DoNotSpy after a fresh install of Windows and have never had an issue with Windows Update ignoring me and doing whatever it wanted.

Obviously the system has to be offline until it is installed and probably restarted, but after that you can plug in a cable and be fine, to my experience. Mind you I am still using an old, old, copy of 10 Pro as the installer, so I am uncertain how newer, fresh installs or home edition will handle it.

[–] KillingAndKindess@lemmy.blahaj.zone 3 points 5 months ago* (last edited 5 months ago)

One thing that has worked for over a year on ky backup laptop at least, is to use the only setting Microsoft seems to not be able to take away without being in trouble: Windows Update Setting: Don't download over metered connections. Then, any network you connect to go into the networks settings and set as a metered network. The only thing that has made it through from updater was a tiny security update that it was able to download cause I was a bit forgetful once, pretty easy if u ask me

[–] kindenough@kbin.earth 3 points 5 months ago
[–] BearOfaTime@lemm.ee 2 points 5 months ago

O & O Shutup on a thumbdrive

[–] Contramuffin@lemmy.world 2 points 5 months ago* (last edited 5 months ago)

Windows comes with a secret option to turn off updates with group policies, so you don't need to modify anything or use a script. It works just fine for me. No updates (unless I manually click update).

The option for automatic updates is several layers deep in a nested menu tree, and I don't fully recall what the path to get there is. But you should be able to find it online.

[–] jak2k@discuss.tchncs.de 2 points 5 months ago

Use something like NextDNS and block the update-domains.

[–] Toes@ani.social 1 points 5 months ago (1 children)

I'm not sure what the purple app was.

But disabling the relevant services should be enough or modifying your host file to block all the Microsoft domains for it.

I am curious why you need it to go online at all.

If you're looking to copy files just use your phone or USB drive?

[–] s38b35M5@lemmy.world 1 points 5 months ago

I'm not sure what the purple app was.

It was a website, and after a Lemmy user reminded me of privacy.sexy, I realized it is decidedly un-purple.

[–] Brkdncr@lemmy.world -3 points 5 months ago (3 children)

Just disable the windows update services.

You could also use a allowlist firewall rule to restrict access to what you need.

Also why the paranoia? What do you have against windows updates?

[–] BearOfaTime@lemm.ee 6 points 5 months ago

After 30 years of running windows boxes, I've never been hacked.

But I've lost thousands of hours to update fucking my shit up.

[–] algorithmae@lemmy.sdf.org 4 points 5 months ago (1 children)

What do you have against windows updates?

Forced windows 11 upgrades, breaking VPNs, breaking recovery partitions, intentionally targeting and breaking the win10 start menu for win11, installing unwanted software, enabling ads, adding additional telemetry, adding half baked AI nonsense that nobody asked for, restarting without a prompt and losing progress or canceling a running program... Should I keep going?

[–] Brkdncr@lemmy.world 0 points 5 months ago (1 children)

Win11 isnt forced.

Breaking vpns was a result of security fixes and was addressed. This is normal for all OS’s that get patched.

There’s no restarting without prompting.

Copilot is optional.

I don’t need to go on.

[–] algorithmae@lemmy.sdf.org 2 points 5 months ago (1 children)

Win11 was forcibly installed on my coworker's computers. This happened more than once. https://learn.microsoft.com/en-us/answers/questions/1607264/why-is-my-windows-10-pro-system-automatically-forc

What if you needed to use a VPN between May 1 and May 14? https://www.pcworld.com/article/2320535/microsofts-newest-windows-update-breaks-vpns-and-theres-no-fix.html

I guess I hallucinated my computer restarting by itself on multiple occasions due to Microsoft updates, even after I disabled the services, before I nuked every sign of it from the registry and the reboots suddenly stopped. Crazy. https://superuser.com/questions/1277757/windows-updates-forcibly-rebooting-my-pc-at-night

Copilot appeared with regular updates on my sister's computer, unprompted. https://answers.microsoft.com/en-us/windows/forum/all/why-is-it-that-you-install-software-i-never-asked/a4fce101-b9e8-4d10-9c15-1f8350004e09

There were easy to find examples of everything that I said, some of them happened to myself, my family, or my coworkers. If you're going to be blatantly wrong and easily disproved then maybe you shouldn't go on after all.

[–] Brkdncr@lemmy.world -2 points 5 months ago

It was pretty simple to stop windows 11.

Updates will eventually restart but not unprompted. There is a combination of settings you can set that will install updates right away and restart soon after, but it’s not default.

The vpn issue didn’t affect all vpn software and a workaround was available.

MS adds features to their products and are pretty forceful about getting you to use them.

[–] lemann@lemmy.dbzer0.com 2 points 5 months ago

Deleting documents from insider branch users a few years back, forced installation of HP SMART printer utility, constantly switching users' default browser back to Edge, even bypassing my employer's GPO to do so at one point in a Teams update

Not to mention their habit of making practically everything opt-in by default. And what is up with the new Aptos "cloud" font that only works if you have an active Office 365 subscription?

I don't know tbh, Windows just doesn't cut it for me anymore personally, mainly because of Microsoft. Stuck with it on my desktop though because of sim hardware.

I still have XP on an airgapped old PC for nostalgia ☺️