Suppressing Windows 10 Update and Forced Reboots

Meet our new DJ. His name is Otto Mayshun.
User avatar
Shane
Posts: 870
Joined: Fri Feb 01, 2008 12:08 am
Location: Omaha
Contact:

Re: Suppressing Windows 10 Update and Forced Reboots

Post by Shane » Fri Oct 26, 2018 12:50 am

I've had Win7 boxes with 80gb drives pretty much self-distruct over time due to limited drive space, even on limited use hardware such as digital signage or kiosk operations.
A lot of this is Windows bloating up a certain subfolder under the Windows folder.

I’m typing on an Apple device so I can’t refresh my memory as to what it’s called but it starts with Win.

I asked an expert whether this folder could be deleted and, of course, you can’t touch it. At a rate of 5-15GB per year, more or less, it’s easy to see how a drive can get filled up with this pollution. Thinking a thorough wipe and fresh OS install would get one the space back at the expense of having to redo everything else. Wouldn’t think a cloning program could solve this.

Having a separate drive for your data would postpone the inevitable and not take your data with it when it TUs.
-Mike Shane- -Omaha-

radio_guru
Posts: 83
Joined: Sat Oct 02, 2010 11:23 pm
Location: Illinoid

Re: Suppressing Windows 10 Update and Forced Reboots

Post by radio_guru » Sat Oct 27, 2018 5:11 am

The point of this thread is about WIN10 updates with a forced restart taking the station or operation down. :)

RR

spareparts
Posts: 34
Joined: Sun Feb 11, 2018 12:02 pm

Suppressing Windows 10 Update and Forced Reboots

Post by spareparts » Sat Oct 27, 2018 11:16 am

I pretty much gave up fighting MS re the update and forced reboot issue - what seems to be working for me so far

Deploy Server 2016, and the "user experience" package. Pretty much acts like W10, with the ability to update and reboot issue on your schedule, not theirs.

https://docs.microsoft.com/en-us/window ... experience

tonybroom
Posts: 17
Joined: Fri Aug 19, 2011 2:29 pm
Location: Virginia, USA

Re: Suppressing Windows 10 Update and Forced Reboots

Post by tonybroom » Sat Mar 16, 2019 2:12 pm

Chiming in late on this and I haven't read all of the discussion but I've had good luck with disabling the windows update service.

For most mission critical things in addition to disabling the service I remove the DNS servers so they can't reach MS/think they are off-line.

TPT
Posts: 869
Joined: Mon Dec 03, 2007 3:18 pm
Location: St. Marys, WV

Re: Suppressing Windows 10 Update and Forced Reboots

Post by TPT » Sat Mar 16, 2019 4:43 pm

Isolating an air machine from the internet would be the simple solution. However, we have two studios 20 miles apart, --and my ops manager is in Denver. Need remote access.

User avatar
Dale H. Cook
Posts: 874
Joined: Thu Dec 20, 2007 9:08 am
Location: Roanoke/Lynchburg, VA
Contact:

Re: Suppressing Windows 10 Update and Forced Reboots

Post by Dale H. Cook » Sun Mar 17, 2019 7:25 am

tonybroom wrote:
Sat Mar 16, 2019 2:12 pm
... I remove the DNS servers so they can't reach MS/think they are off-line.
Tony likely does that for the same reason that I did when I was still working full time - to prevent automation machines from reaching out while allowing remote management.
Dale H. Cook, Contract Engineer, Roanoke/Lynchburg, VA
http://plymouthcolony.net/starcityeng/index.html

User avatar
kkiddkkidd
Posts: 790
Joined: Mon Dec 03, 2007 11:13 am
Location: Lawrenceburg, TN

Re: Suppressing Windows 10 Update and Forced Reboots

Post by kkiddkkidd » Sun Mar 17, 2019 9:18 am

Dale H. Cook wrote:
Sun Mar 17, 2019 7:25 am
tonybroom wrote:
Sat Mar 16, 2019 2:12 pm
... I remove the DNS servers so they can't reach MS/think they are off-line.
Tony likely does that for the same reason that I did when I was still working full time - to prevent automation machines from reaching out while allowing remote management.
How are you remoting in with no DNS? Remote into another computer via the internet and then VNC into the DNSless machine via the LAN?
--
Kevin C. Kidd CSRE/AMD
WD4RAT
AM Ground Systems Company
http://www.amgroundsystems.com
KK Broadcast Engineering
http://www.kkbc.com

tonybroom
Posts: 17
Joined: Fri Aug 19, 2011 2:29 pm
Location: Virginia, USA

Re: Suppressing Windows 10 Update and Forced Reboots

Post by tonybroom » Sun Mar 17, 2019 12:41 pm

Dale H. Cook wrote:
Sun Mar 17, 2019 7:25 am
Tony likely does that for the same reason that I did when I was still working full time - to prevent automation machines from reaching out while allowing remote management.
Dale is correct. I do this on all systems that have a dedicated purpose. Automation, VoxPro etc.. It's alarming how many times I've found web browsers open on computers that should never be used to access the internet even though the staff have been told and should know better.

Taking out the DNS but leaving the gateway so I can point now playing data or anything directly to an IP but in general the system can't browse.
kkiddkkidd wrote:
Sun Mar 17, 2019 9:18 am
How are you remoting in with no DNS? Remote into another computer via the internet and then VNC into the DNSless machine via the LAN?
Typically I don't allow anyone in programming to remote in to the on-air workstations. In a few cases we've used a VPN to allow them to connect to the automation network to send logs or use WideOrbit's playlist editor but we restrict that as much as possible. I can connect to the VPN and then VNC in to any of the machines as needed. It puts an extra burden on myself but preferred over a PD/MD unknowingly infecting an on-air machine with a virus or ransomware.
TPT wrote:
Sat Mar 16, 2019 4:43 pm
Isolating an air machine from the internet would be the simple solution. However, we have two studios 20 miles apart, --and my ops manager is in Denver. Need remote access.
In your case I'd recommend a VPN solution and a remote access tool that doesn't need to call home like VNC.

User avatar
Dale H. Cook
Posts: 874
Joined: Thu Dec 20, 2007 9:08 am
Location: Roanoke/Lynchburg, VA
Contact:

Re: Suppressing Windows 10 Update and Forced Reboots

Post by Dale H. Cook » Sun Mar 17, 2019 12:49 pm

kkiddkkidd wrote:
Sun Mar 17, 2019 9:18 am
How are you remoting in with no DNS?
A machine doesn't need DNS to remote into it. Any system that would need DNS such as LogMeIn or Splashtop is not secure and would not be allowed at any of my clients. Any system like Logmein or Splashtop is designed for dynamic IP addresses and the client on the target machine has to frequently call the mothership so that the mothership knows where to find it on the internet. Any secure remote management system uses static IP addresses for the target networks. As with Tony I use VPN and then VNC or pcAnywhere, except for hardware that has a web interface such as a transmitter or sat receiver, and then I use VPN and a browser. If you can remote access a machine without a secure tunnel I would not consider that machine secure.

Tony knows how to keep mission-critical machines secure and so do I. He is the IT/automation guy at the largest and most successful ownership group in the market. For the last decade of my full time employment I was the IT/automation guy at the third largest ownership group in the market. I have known Tony and at times worked with him since he got started in radio many years ago.
Dale H. Cook, Contract Engineer, Roanoke/Lynchburg, VA
http://plymouthcolony.net/starcityeng/index.html

User avatar
kkiddkkidd
Posts: 790
Joined: Mon Dec 03, 2007 11:13 am
Location: Lawrenceburg, TN

Re: Suppressing Windows 10 Update and Forced Reboots

Post by kkiddkkidd » Sun Mar 17, 2019 1:48 pm

For many years I kept automation systems on a completely separate physical network but that just isn't practical any more. Most of my clients have TeamViewer, SplashTop, RemoteUtilities or similar on every computer in the building and thus far hasn't had any security problems. Using TeamViewer is a stretch for many of my clients.

Having to use VPN/VNC would be out of the question.

I always try to delete or at least hide browsers on automation systems and depending on the router, block the automation computers from having as much outside access as possible and still leave the remote access working. I have warned every client that browsing or email from mission critical machines is extremely dangerous and seldom find evidence that they are doing so. Then again, I have a few clients that use the automation computer for regular browsing / gaming / etc... I regularly have to clean gb's of bs off of them when they slow to a crawl.

It is their money...

Thanks for the info.

Regards,
--
Kevin C. Kidd CSRE/AMD
WD4RAT
AM Ground Systems Company
http://www.amgroundsystems.com
KK Broadcast Engineering
http://www.kkbc.com

Post Reply