|
MS-DEFCON 2:
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it.
|
-
2000004: How to apply the Win7 and 8.1 Monthly Rollups
Posted on Comment on the AskWoody LoungeThis topic contains 45 replies, has 11 voices, and was last updated by
PKCano 3 months, 1 week ago.
-
AKB 2000004: How to apply the Win7 and 8.1 Monthly Rollups
By @woody
Published 29 July 2017 rev 1.12
For those in “Group A” — the ones who want to use Microsoft’s preferred patching method, and aren’t overly concerned about increased telemetry (which is to say, snooping), here’s how to get your monthly rollup going, without succumbing to Automatic Updating.
For those in “Group A” who want to minimize Microsoft’s snooping but still install all of the offered patches, turn off the Customer Experience Improvement Program before you begin.
Click Start > Control Panel > Action Center. On the left, click the link to Change Action Center settings. Under Related settings, click Customer Experience Improvement Program settings. Choose No, I don’t want to participate in the program. Click Save changes.Step A1: Get your settings right.
In Win7, click Start > Control Panel. In Win 8.1, press Win-X and choose Control Panel. Click System and Security. Under Windows Update, click the link marked “Turn automatic updating on or off.” Make sure Windows Update is set to “Never check for updates (not recommended),” then check the boxes marked “Give me recommended updates the same way I receive important updates” and “Give me updates for Microsoft products and check for new optional Microsoft software when I update Windows.” Click OK.
Step A2: Check for updates.
Back in the Control Panel, under Windows Update, click the link to Check for Updates. (You may have to click Check for Updates a second time.) If you’ve done a Group A run in previous months, the check should go quickly. If it lingers for hours, follow these steps. Don’t check any unchecked boxes. If you have no intention of updating this machine to Win10 in the near future, look for KB 3150513 and make sure it’s unchecked.
Step A3: Get rid of problematic updates.
The list of problematic updates changes every month, so you’ll have to watch the main AskWoody blog page for details. Look for MS-DEFCON posts; they’re clearly marked. In general, if you have no intention of updating this machine to Win10 in the near future, look for KB 3150513 and uncheck the box.
Step A4: Install the patches.
Click the button marked Install Updates and follow the instructions. You’ll end up with the Security Monthly Quality Rollup; all of your Office patches; maybe some .Net patches; Adobe Flash fixes; the Microsoft Security Essentials update; and the usual MSRT scanner. After the reboot, everything will be set to block automatic updates.
Step A5: Wash, rinse, repeat.
Go through Steps A2 to A4 again, to see if Windows Update picked up any new patches. Repeat until there aren’t any more additional patches. When you’re done, you’re done, but be sure to watch this site next month to see when the unpaid beta testers are done.
You have to update your Windows computer. But you don’t have to update it according to Microsoft’s timetable.
-
What is KB3010513?
Also, after completing step A4, I recommend to keep repeating steps A2 to A4 until there are no ticked by default updates remaining after step A3.
1 user thanked author for this post.
-
Ah, that KB is a…. typo. Ooops. Corrected.
I’ll add the loop, too.
Thanks!
3 users thanked author for this post.
-
-
-
-
Please explain advantage of this “turn off automatic updates” method over “check for updates but let me choose whether to download and install them” option.
I’ve never had an update install without my having initiated it using the “check for updates…let me choose” option. Am I missing something?
1 user thanked author for this post.
-
Mostly, it saps your computers performance heavily. But it also will eventually auto-install the updates whether you like it or not.
Fortran, C++, R, Python, Java, Matlab, HTML, CSS, etc.... coding is fun!
A weatherman that can code3 users thanked author for this post.
-
-
The primary culprit seems to be trusteninstaller.exe
trustedinstaller.exe is the installer for Windows Update. It sometimes runs high CPU for as much as 10 minutes after update/reboot to complete the install process.
3 users thanked author for this post.
-
-
-
-
I would add the following cautious options:
If you have multiple similar PC’s with similar configurations, patch the least important one first it see if anything specific to your boxes doesn’t play well with the current patch.
Create one or more restore points before patching.
Apply major patches…the security roll-up and the .net roll-up separately and create a restore point in between.
1 user thanked author for this post.
-
-
-
-
-
-
-
Do I get rid of Trusted Installer
TrustedInstaller.exe is the installer for Windows Update. You definitely DON’T want to get rid of it.
RAID is sometimes the default BIOS setting (older PCs). I’ve been caught by that myself a couple of time too.
It has been grayed out since I had the severe blue screen problem on the first of Dec 2016
Did you have GWX Control Panel on your computer before the blue screen. It blocked the settings so GWX wouldn’t change it to Auto and install Win10. There is a Registry setting I think will fix it. If you’re not familiar with the Registry, get someone who is to help you. I think 5 may be what you want.
1) Hold WindowsKey + R
(is hold Start & press R on your keyboard)2) Type: “regedit”
Hit Enter3) Go to:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AUFind AUOptions.
Double Click AUOptions or Right Click Modify> You can change the values data from 1 through 5 <
1. Install updates automatically (recommended)
2. Download updates but let me choose whether to install them
3. Check for updates but let me choose whether to download and install them
4. Install updates automatically / Never Check For Updates
5. Enable the option box to choose manually
Edit to correct numbering-
@pkcano Thank you! Such a simple solution to my problem as well! However, when I changed the value to 5 (enable me to choose option manually), back at the Windows Update Settings page, there were only 3 options to choose from: install updates automatically; download but let me choose; check for updates but let me choose..; NO option to “Never check for updates” listed.
Since the GWX campaign ended and with it my GWX Control Panel, I’ve been in group B. However, seeing that Woody’s recommending those of us with limited computer experience/knowledge to move to Group A, I don’t really understand why it’s best to enable “Never Check for updates”.
Question: On the list of values you provide above for the AUOptions, how would I set it to 4 “Never Check for Updates” vs 4 “Install Updates Automatically”? Is there a toggle button or something that will make it clear what I’ve chosen?
1 user thanked author for this post.
-
Unplug your computer from the Internet so you won’t get any surprises and try it. See what 4 does. You can always change it back. It may be 4 gives you what you want. Let us know what you find.
1 user thanked author for this post.
-
-
-
-
-
-
-
Yes, because KB 3150513 contains the latest definitions for KB2952664/KB2976978. I see no good reason for a user with KB2952664/KB2976978 to do extra work to avoid the latest definitions for KB2952664/KB2976978.
1 user thanked author for this post.
-
-
-
-
-
-
-
Error Reporting which I mentioned is in the same class.
In Windows 10 can only be turned off via Group Policy or by direct editing of the registry.
In Windows 7 and 8.1 it can be configured in GUI.
It tends to record and send more relevant data back to Microsoft than CEIP, but I turn it off for reasons of space wasted and performance.1 user thanked author for this post.
-
-
-
-
Important: Group A (Win 7 and 8.1) might be missing updates if don’t hide unwanted updates.
1 user thanked author for this post.
-
-
Patch Watch may have been like this previously; however, I didn’t notice it. For kb 4103718, it says this is the monthly roll up and there have been networking issues. There’s no mention of kb4103718 being safe to install. A similar situation exists for kb4099633 and the updates for Office 2010.
Should I wait until next weekend to install May’s updates? Thanks in advance for your advice.
Win 7 32 bit SP1, Office 2010 SP2, Intel Core 2 Duo @ 1.80 GHz, 4.0 GB RAM
1 user thanked author for this post.
-
The Master Patch List (see button at top of blog home page) is a guide to whether the patches have problems (or not).
The DEFCON number at the top of the page is a guide to patching. When Woody raises the DEFCON mumber to 3 or above, he also publishes an article in ComputerWorld that contains the cautions and instructions for updating safely.
2 users thanked author for this post.
-
Recent Replies
Razz on August 2019 Security patches: It’s a biiiiiiiiig month
5 minutes agoMicrofix on AVG Free Upgrade in 2019
10 minutes agocmptrgy on Discounted Windows 10 vendors
14 minutes agoMark on Another re-release of the Win10 1809 installation fix KB 4506578 – appears to be metadata related
16 minutes agosouthieguy on How do I enable VBScript?
43 minutes ago- 46 minutes ago
- 48 minutes ago
- 51 minutes ago
- 55 minutes ago
Alex5723 on Glacially slow at low resource utilization
1 hour, 4 minutes agoLars220 on Another re-release of the Win10 1809 installation fix KB 4506578 – appears to be metadata related
1 hour, 18 minutes agoEP on August 2019 Security patches: It’s a biiiiiiiiig month
1 hour, 19 minutes agowoody on Discounted Windows 10 vendors
1 hour, 26 minutes ago- 1 hour, 28 minutes ago
- 1 hour, 29 minutes ago
- 1 hour, 31 minutes ago
- 1 hour, 36 minutes ago
- 1 hour, 39 minutes ago
anonymous on How do I enable VBScript?
2 hours, Just nowMrJimPhelps on After 6 months I've weeded it down to 2, Tell me which one is the Winner.
2 hours, 8 minutes ago