Disabling Windows Features Updates

Want to know how something works? Harness the power of the Brainiacs!
NECRAT
Site Admin
Posts: 3220
Joined: Sat Nov 17, 2007 9:13 pm
Location: Taunton, MA
Contact:

Re: Disabling Windows Features Updates

Post by NECRAT »

dbuckley wrote: Fri Sep 11, 2020 8:52 pm The only official answer is the LTSC branch, but only if you are an enterprise customer.

You need to get your head around the concept that Windows at a retail level is not an operating system as one used to purchase, but a service that operates as Microsoft likes it to operate, and thus updates are a fact of life, and any way that you might think that they can be avoided is, at best, a temporary, and unsafe reprieve, and Microsoft tries quite hard to make sure they will come back, so you need to learn to not just live with them, but embrace them.

One possible alternative to add to the list of unacceptable solutions is Reactos, an Xp clone, which runs some Windows applications "well enough".
The problem isn't Microsoft per se, as much as it's the other manufacturers of software that break when Windows "fixes" a patch, but also performs a "feature update" that breaks their software, and they lag behind in keeping up. There are some companies that their software seems to never break with Windows updates. Then there is software like Google Earth which doesn't like the latest features update.
Mike Fitzpatrick
Broadcast Engineer/Tower Photographer
Boston area.
https://www.necrat.us, https://www.scan-ne.net/

"If you don’t think you’re good, nobody else will" - Tom Laun (RIP)."
dbuckley
Posts: 122
Joined: Mon Jun 16, 2014 4:18 pm
Location: North Canterbury, New Zealand

Re: Disabling Windows Features Updates

Post by dbuckley »

You''re right, and here's the thing - if you write software according to the rules Microsoft sets, your software won't break. If you don't, well, bad stuff happens. The principle of "once bitten, twice shy" applies here. One should vote with the wallet. The ironic thing, of course, is that Microsoft has been caught with their trousers down on more than one occasion...
User avatar
Bill DeFelice
Posts: 296
Joined: Wed May 18, 2011 6:29 pm
Location: Fairfield County, CT
Contact:

Re: Disabling Windows Features Updates

Post by Bill DeFelice »

I know at my office we set the ethernet connections as "metered" so that will slow down updates, supposedly preventing unexpected reboots. We also run a local WSUS so we only push updates we want to control.

If you have a copy of Win 10 build 1903 you can grab the instructions here to aggressively rip things out by the roots. I would suggest archiving the page(s) fast as I hear there's a C&D coming down the pike due to being profiled on a popular YouTube channel.

I've heard of people ripping out or replacing the Windows Update Service to prevent updates too, but I like the ability to rip all the telemetry out of the sucka. I don't need M$ knowing what my machines are doing or any additional useless traffic on our networks.
Webmaster
History of Westport Connecticut Radio
The WMMM Tribute Site

CampusBroadcaster.net
Legal, low power, license-free broadcasting for educational institutions
dbuckley
Posts: 122
Joined: Mon Jun 16, 2014 4:18 pm
Location: North Canterbury, New Zealand

Re: Disabling Windows Features Updates

Post by dbuckley »

I've downloaded and saved those instructions, man they're rude. I'd never use them, but it's interesting to see the lengths people will go, or perhaps the depths to which they will sink, to disable these updates that attempt to keep Windows "safe". Of course, there is no such thing as "safe", I keep telling people this, life is an exercise in risk management. I'm happy my station is now asking the right questions about cyber security.
TPT
Posts: 989
Joined: Mon Dec 03, 2007 3:18 pm
Location: St. Marys, WV

Re: Disabling Windows Features Updates

Post by TPT »

Nothing like getting a silence sense alert in the middle of the night, only to find a Windows update has uninstalled your sound card.

Yes, I know, not supposed to have the air computer on the internet. But with three stations--sound to be four, two studio locations, and staff scattered all over...especially with our ops manager having to take care of his kids & doing shifts from home this plague season--remote access is a necessity.
dbuckley
Posts: 122
Joined: Mon Jun 16, 2014 4:18 pm
Location: North Canterbury, New Zealand

Re: Disabling Windows Features Updates

Post by dbuckley »

What are you using for remote access?
User avatar
Shane
Posts: 926
Joined: Fri Feb 01, 2008 12:08 am
Location: Omaha
Contact:

Re: Disabling Windows Features Updates

Post by Shane »

Having a separate VPN for the studio systems should help keep things safe. The extra security is worth the trouble.
Mike Shane, CBRE
— — Omaha — —
TPT
Posts: 989
Joined: Mon Dec 03, 2007 3:18 pm
Location: St. Marys, WV

Re: Disabling Windows Features Updates

Post by TPT »

Using Team Viewer
dbuckley
Posts: 122
Joined: Mon Jun 16, 2014 4:18 pm
Location: North Canterbury, New Zealand

Re: Disabling Windows Features Updates

Post by dbuckley »

Yeah, TV is a "better-ish" remote access solution, in that there are no incoming connections through the firewall, it's all outbound, but it does mean one is reliant on TV doing it right, and so far, they've been fairly up to snuff in terms of remote access, but not in terms of keeping their account databases safe. As ever, its a balance of risk.

A VPN with something like VNC is an alternative approach that keeps the whole network "in house", but then you're relying on what the remote client looks like, if Joe is using the home PC, it may be totally rancid with stuff the kids have downloaded, and then you're going to VPN that onto the station LAN? If you use something like Fortinet firewalls, and Forticlient VPN and use the Forticlient to keep the clients clean as well, then you might be onto something that looks fairly good from a risk perspective.
User avatar
davek
Posts: 194
Joined: Sun Aug 02, 2009 7:28 pm
Location: Sydney, Australia

Re: Disabling Windows Features Updates

Post by davek »

Yikes, I remember once upon a time dialing into various Wizard for Windows systems using a modem and pcAnywhere...
User avatar
radiowave911
Posts: 152
Joined: Wed Mar 10, 2010 5:41 pm
Location: Middletown, PA
Contact:

Re: Disabling Windows Features Updates

Post by radiowave911 »

VPN is my remote access solution. I have a pfSense firewall running at the station, which has OpenVPN in it. Pretty easy to set up a 'road warrior' VPN connection (one with only a single fixed endpoint - the station end), there is even a module you can install that will export the full OpenVPN configuration for you to use on your PC - installer included.

Since I have a pfSense box at home as well, I just set up a site-to-site VPN between the two, so I can easily get to the station systems from home. Internally at the station, I use TightVNC for Windows remote access. Linux, I just use SSH - who needs a GUI on a server? :D
Meddle not in the affairs of dragons, for thou art crunchy and taste good with ketchup.

http://www.wmssfm.com
http://www.sbe41.org
grich
Posts: 475
Joined: Fri Sep 02, 2011 11:19 am
Location: MP89.5, Mason City Subdivision

Re: Disabling Windows Features Updates

Post by grich »

davek wrote: Wed Sep 23, 2020 5:54 am Yikes, I remember once upon a time dialing into various Wizard for Windows systems using a modem and pcAnywhere...
I just recycled the Multitech modem I used to use with pCAnywhere for getting into station systems...

Playing with Google Remote Desktop at a couple of sites. Another client of mine is installing Peplink routers at their sites and will be setting up VPN, so that's a good thing.
Post Reply