Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – Microsoft admits the bug (again)

    Posted on March 9th, 2018 at 20:07 Susan Bradley Comment on the AskWoody Lounge

    Susan here… Just spotted the acknowledgement that Woody was right in KB4023814:



    Microsoft is aware that this notification was incorrectly delivered to some Windows 10 Version 1703 devices that had a user-defined feature update deferral period configured. Microsoft mitigated this issue on March 8, 2018.

    Users who were affected by this issue and who upgraded to Windows 10 Version 1709 can revert to an earlier version within 10 days of the upgrade. To do this, open Settings > Update & Security > Recovery, and then select Get started under Go back to the previous version of windows 10.

  • Microsoft releases new version of Win10 patch KB 4023057

    Posted on March 9th, 2018 at 07:17 woody Comment on the AskWoody Lounge

    Many people are blaming the KB 4023057 patch for all of the forced-upgrade-to-1709 woes.

    Guess what? Microsoft released a new version of the KB article last night.

    KB 4023057 — Update to Windows 10 Versions 1507, 1511, 1607, and 1703 for update reliability: March 8, 2018

    Only certain builds of Windows 10 Versions 1507, 1511, 1607, and 1703 require this update. Devices that are running those builds will automatically get the update downloaded and installed through Windows Update… This update is not offered from the Microsoft Update Catalog.

    Anybody want to bet that Microsoft just went through an “Aw, jeeez” experience and pulled whatever was cramming 1709 down customers’ throats?

    Man, I can’t believe this…..

    P.S. Thanks once again to @MrBrian. I found this by looking through this morning’s KBNew list.

    UPDATE: Günter Born has an explanation for the last version of  KB 4023057, dated Feb. 8.

  • Please welcome @Microfix to the realm of the MVPs

    Posted on March 9th, 2018 at 06:15 woody Comment on the AskWoody Lounge

    Ladeeeeees and gentlemen……

    We have a new AskWoody MVP, whom you may know as @Microfix. Now elevated to the lofty heights of AskWoody MVP-dom, @Microfix stands ready to lend a hand. Or two or three.

    Please join me in welcoming @Microfix to the MVP fold.

  • Patch Lady – Defender makes a change

    Posted on March 9th, 2018 at 01:23 Susan Bradley Comment on the AskWoody Lounge

    So earlier I was helping on a thread in the forum about some issues with failing defender updates on Small Business Server 2011 platforms. [For anyone who is interested, SBS 2011 was once a featured small business platform that provide file server and email services for small businesses – this was pre-cloud, you know].  The symptoms that was reported that defender updates were failing.  Well first I was scratching my head because Defender wasn’t installed by default on Server platforms back then. While Server 2016 now ships with Windows Defender enabled, Server 2008 R2 – of which SBS 2011 was based – didn’t have Defender installed.  I realized after doing some searching and confirming with the people in the forum that Defender COULD get on Server 2008 R2 if one enabled the Desktop Experience role.  And that role would be wanted if you wanted to run disk cleanup on Server 2008 R2 (note you also get this on Server 2008 R2 by copying  some files to get it to work as well).

    So the question came up as to what exactly changed in Windows defender to suddenly make the definition updates fail on Server 2008 r2 whereas before it once worked?  And then in the dark recesses of my mind it hit me.  Yes.  Defender HAD made a big change.  And quite recently in fact, thus triggering this failure.

    As noted back in January,

    Starting March 1, 2018, Windows Defender Antivirus and other Microsoft security products will classify programs that display coercive messages as unwanted software, which will be detected and removed. If you’re a software developer and want to validate the detection of your programs, visit the Windows Defender Security Intelligence portal.

    AH HA, that explains the recent change.

    If you happen to be a Small Business Server 2011 admin and notice that defender updates are failing, I would honestly just disable the service and then look for a third party antivirus to install on your server, as I stated in the forum, and I truly mean no disrespect, SBS 2011 is in extended support and defender was not meant in that era to be installed on Server 2008 R2.  Getting a fix would not be what I expect from Microsoft’s support policies for this product.

    For the rest of us on windows 7, 8.1 and 10, be aware that effective March 1, 2018, if you happen to be running Windows defender on Windows 10 or Microsoft Security Essentials, any software that tries to trick you will be detected and removed.

    As defined by Microsoft:

    Software that coerces users may display the following characteristics, among others:

    • Reports errors in an exaggerated or alarming manner about the user’s system and requires the user to pay for fixing the errors or issues monetarily or by performing other actions such as taking a survey, downloading a file, signing up for a newsletter, etc.
    • Suggests that no other actions will correct the reported errors or issues
    • Requires the user to act within a limited period of time to get the purported issue resolved

    So look for more alerts on your system as these software programs get detected.

  • So how DO you block the upgrade to Win10 1709

    Posted on March 9th, 2018 at 00:18 woody Comment on the AskWoody Lounge

    More than a few people have asked, what with Win10 1703’s new-found ability to upgrade to 1709 all by itself — no Windows Update required — what does it take to make sure Microsoft doesn’t change its mind again and pushes you onto whatever version it likes?

    @abbodi86 has an interesting observation:

    Windows Update in Windows 10 is a lost cause without intervention

    some steps are obligatory to keep the current version:
    – set connection to metered
    – set Automatic Update policy to disabled or notification
    – disable UpdateOrchestrator and WindowsUpdate schedule tasks
    – use wushowhide.diagcab or WUMT to check for updates and hide the upgrader-updates

    which seems to be a whole lot of work just to stay with what you have.