• 2000004: How to apply the Win7 and 8.1 Monthly Rollups

    Home » Forums » Knowledge Base » 2000004: How to apply the Win7 and 8.1 Monthly Rollups

    • This topic has 45 replies, 11 voices, and was last updated 4 years ago.
    Author
    Topic
    #116993

    AKB 2000004: How to apply the Win7 and 8.1 Monthly Rollups

    By @woody

    Published 29 July 2017 rev 1.12

    For those in “Group A” — the ones who want to use Microsoft’s preferred patching method, and aren’t overly concerned about increased telemetry (which is to say, snooping), here’s how to get your monthly rollup going, without succumbing to Automatic Updating.

    For those in “Group A” who want to minimize Microsoft’s snooping but still install all of the offered patches, turn off the Customer Experience Improvement Program before you begin.
    Click Start > Control Panel > Action Center. On the left, click the link to Change Action Center settings. Under Related settings, click Customer Experience Improvement Program settings. Choose No, I don’t want to participate in the program. Click Save changes.

    Step A1: Get your settings right.

    In Win7, click Start > Control Panel. In Win 8.1, press Win-X and choose Control Panel. Click System and Security. Under Windows Update, click the link marked “Turn automatic updating on or off.” Make sure Windows Update is set to “Never check for updates (not recommended),” then check the boxes marked “Give me recommended updates the same way I receive important updates” and “Give me updates for Microsoft products and check for new optional Microsoft software when I update Windows.” Click OK.

    Step A2: Check for updates.

    Back in the Control Panel, under Windows Update, click the link to Check for Updates. (You may have to click Check for Updates a second time.) If you’ve done a Group A run in previous months, the check should go quickly. If it lingers for hours, follow these steps. Don’t check any unchecked boxes. If you have no intention of updating this machine to Win10 in the near future, look for KB 3150513 and make sure it’s unchecked.

    Step A3: Get rid of problematic updates.

    The list of problematic updates changes every month, so you’ll have to watch the main AskWoody blog page for details. Look for MS-DEFCON posts; they’re clearly marked. In general, if you have no intention of updating this machine to Win10 in the near future, look for KB 3150513 and uncheck the box.

    Step A4: Install the patches.

    Click the button marked Install Updates and follow the instructions. You’ll end up with the Security Monthly Quality Rollup; all of your Office patches; maybe some .Net patches; Adobe Flash fixes; the Microsoft Security Essentials update; and the usual MSRT scanner. After the reboot, everything will be set to block automatic updates.

    Step A5: Wash, rinse, repeat.

    Go through Steps A2 to A4 again, to see if Windows Update picked up any new patches. Repeat until there aren’t any more additional patches. When you’re done, you’re done, but be sure to watch this site next month to see when the unpaid beta testers are done.

    You have to update your Windows computer. But you don’t have to update it according to Microsoft’s timetable.

    13 users thanked author for this post.
    Viewing 16 reply threads
    Author
    Replies
    • #117019

      What is KB3010513?

      Also, after completing step A4, I recommend to keep repeating steps A2 to A4 until there are no ticked by default updates remaining after step A3.

      1 user thanked author for this post.
    • #117263

      As far as I know, there is no need to avoid KB 3150513.

      • #117268

        As far as I know, there is no need to avoid KB 3150513.

        KB3150513 does not have any meaning and it cannot be installed on Windows 7 and 8.1 without KB2952664/KB2976978 as pre-requisite. It can be installed on Windows 10 and 2016 because the pre-requisite is already built-in.
        I think we are wasting time with non-sense trying to analyse various patches instead of recommending end-users how to tune and use their computers at their maximum potential.

        • #201199

          One time I didn’t follow Ms. Susan’s advice, and I wound up with no audio.  Simply uninstalling the patch and going back to an earlier restore point didn’t fix the problem.  Unfortunately, I didn’t understand how to use Macrium Reflect and hadn’t used it beforehand.

    • #117583

      Please explain advantage of this “turn off automatic updates” method over “check for updates but let me choose whether to download and install them” option.

      I’ve never had an update install without my having initiated it using the “check for updates…let me choose” option. Am I missing something?

      1 user thanked author for this post.
      • #117628

        Mostly, it saps your computers performance heavily.  But it also will eventually auto-install the updates whether you like it or not.

        Fortran, C++, R, Python, Java, Matlab, HTML, CSS, etc.... coding is fun!
        A weatherman that can code

        4 users thanked author for this post.
        • #117914

          Prior to the May patches…or more specifically the May .net patch, I wasn’t experiencing system drag, but after that .Net patch CPU cycles went way high…40-50% on several Win7-64 pc’s.

          The primary culprit seems to be trusteninstaller.exe I stopped it and then switched to “Never check..” and that seems to have halted the CPU overrun.

          • #117915

            The primary culprit seems to be trusteninstaller.exe

            trustedinstaller.exe is the installer for Windows Update. It sometimes runs high CPU for as much as 10 minutes after update/reboot to complete the install process.

            3 users thanked author for this post.
    • #117585

      I would add the following cautious options:

      If you have multiple similar PC’s with similar configurations, patch the least important one first it see if anything specific to your boxes doesn’t play well with the current patch.

      Create one or more restore points before patching.

      Apply major patches…the security roll-up and the .net roll-up separately and create a restore point in between.

      1 user thanked author for this post.
    • #117634

      I’ve been in Group A for several months, but I have never understood the rationale for accepting ““Give me recommended updates the same way I receive important updates”. I do not check that box, since I don’t want anything but the updates that are designated as “important”. And having followed this procedure for several months, the list of optional/recommended updates has remained, without any of them having been installed.

      • #117640

        Group A follows the above instructions. Guess you must not be in Group A, but somewhere between Group A and Group B (which does not check “Give me recommended updates the same way I receive important updates” box).

        • #1628321

          I’m in the same category then, in between GrpA/B because I have always avoided receiving Recommended Updates the same as Important. In this month’s patching process should I switch back, and as noted by Woody to receive all Recommended Updates the same as Important? Thanks

          MacOS, iOS, iPadOS, and SOS at times.

          • #1628329

            For now, you should just worry about the May updates. Come back with your question later in the month – get protected from the vulnerability first.

            1 user thanked author for this post.
    • #117654

      May I assume the April recommendation not to install optional roll-up preview patches still stands?

      I’m not keen on being an unpaid patch beta tester…

    • #117770

      Dummie here and hoping to get some help.

      I’m stuck at step one. Not sure when it happened (I suspect it’s when I installed GWX Control Panel back when; it’s since been uninstalled), but I’m not able to change my WU setting to “don’t check”; it’s stuck on “check but let me choose” and any option to change it is grayed out.

      Just read from AlexN above that this setting saps my computer’s performance. Could this be a reason why my fan revs so much? That noise irks me to no end.

      I believe the settings issue has been addressed before, so I apologize for returning to it, but I missed the solution, or if there is one.

      Many thanks for the wealth of knowledge shared here.

      • #117788

        You have group policy configured.
        If you are not aware of it, then it is possible that other software set it for you.
        Windows Update MiniTool is known to do this.
        If you use WUMT, then configure for Automatic and your settings should become available again.

        • #117866

          Thanks for your reply, ch100.  No, I don’t have WUMT.  How would I go about determining if group policy is configured, and if it is, how may I reverse it?

          Really appreciate your help and patience.

    • #117916

      @ PKCano    Do I get rid of Trusted Installer, or just find a way to disable it?  My Windows  update settings have been stuck on “Don’t download or install without permission” and it is grayed out.  I can check or un-check the boxes below the selection bar….. In picking the change settings, that is where this is.  It has been grayed out since I had the severe blue screen problem on the first of Dec 2016.  The computer was cleaned and the  original OS was reinstalled. It stopped running correctly again last of March.  I used “safe Mode” and changed out of “raid” and checked ‘OK’ and rebooted; blue screen gone and windows came right up.  But update setting was still grayed.  After reinstall, using RAID, I could not even ask it to look for updates.  After changing out of RAID, even with change setting grayed I could look for updates and they would come in. I didn’t loose any  files.

      • #117922

        Do I get rid of Trusted Installer

        TrustedInstaller.exe is the installer for Windows Update. You definitely DON’T want to get rid of it.

        RAID is sometimes the default BIOS setting (older PCs). I’ve been caught by that myself a couple of time too.

        It has been grayed out since I had the severe blue screen problem on the first of Dec 2016

        Did you have GWX Control Panel on your computer before the blue screen. It blocked the settings so GWX wouldn’t change it to Auto and install Win10. There is a Registry setting I think will fix it. If you’re not familiar with the Registry, get someone who is to help you. I think 5 may be what you want.

        1) Hold WindowsKey + R
        (is hold Start & press R on your keyboard)

        2) Type: “regedit”
        Hit Enter

        3) Go to:
        HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

        Find AUOptions.
        Double Click AUOptions or Right Click Modify

        > You can change the values data from 1 through 5 <

        1. Install updates automatically (recommended)
        2. Download updates but let me choose whether to install them
        3. Check for updates but let me choose whether to download and install them
        4. Install updates automatically / Never Check For Updates
        5. Enable the option box to choose manually

         
        Edit to correct numbering

        3 users thanked author for this post.
        • #118050

          @PKCano Thank you! Such a simple solution to my problem as well! However, when I changed the value to 5 (enable me to choose option manually), back at the Windows Update Settings page, there were only 3 options to choose from: install updates automatically; download but let me choose; check for updates but let me choose..; NO option to “Never check for updates” listed.

          Since the GWX campaign ended and with it my GWX Control Panel, I’ve been in group B. However, seeing that Woody’s recommending those of us with limited computer experience/knowledge to move to Group A, I don’t really understand why it’s best to enable “Never Check for updates”.

          Question: On the list of values you provide above for the AUOptions, how would I set it to 4 “Never Check for Updates” vs 4 “Install Updates Automatically”? Is there a toggle button or something that will make it clear what I’ve chosen?

          1 user thanked author for this post.
          • #118052

            Unplug your computer from the Internet so you won’t get any surprises and try it. See what 4 does. You can always change it back. It may be 4 gives you what you want. Let us know what you find.

            1 user thanked author for this post.
            • #118055

              Good news: following my switching the value to 4, the WU settings page simply offered all 4 options, including the one to turn off updates! At long last!

              I’m a happy camper, thanks to you.

              1 user thanked author for this post.
            • #118056

              🙂 🙂

              1 user thanked author for this post.
    • #117995

      @ PKCano  I have regedit on my bar at bottom of screen along with services, for easy access. I have fiddled with both and am somewhat acquainted with them.  Am going to try your  suggestions in the next hour.   ALSO, I downloaded “WireShark”, but haven’t used it yet. Also downloaded “MS Malicious Software  Removal Tool”.  So far entering a software screen or web page or changing screens is a little slower than before and but changing within screens is fast as ever.

    • #117996

      @ PKCano  Did as you stated in regedit and it worked perfectly.  Thanks to you for your invaluable instructions.

    • #118106

      @ PKCano  till have not use WireShark.  Will let you know how it worked>

    • #118322

      @ PKCano  Question?  In the windows update settings I have no Red label. In other words the box with “Never check for updates”  is not there.  The other boxes are.  As per your advice I went into regedit and found the correct line and change it to 5.  That gave me a choice that was available before.  as I had no choices before.   I think that back in November/December 2016 I had a collapse of my Windows 7 SP1 x64, the Computer
      Sepecialist that I had reinstall the original OS did as I instructed (I don’t want to install any updates from MS anymore).  Could this have causes the update acquiring problem?

    • #127142

      In steps A2 and A3, I recommend removing the sentence mentioning KB 3150513.

      • #127152

        Since Group A is (supposedly) not concerned with telemetry, they probably have installed KB2952664/KB2976978. But if they are not planning to upgrade, is there any reason to need KB3150513?

        • #127166

          Yes, because KB 3150513 contains the latest definitions for KB2952664/KB2976978. I see no good reason for a user with KB2952664/KB2976978 to do extra work to avoid the latest definitions for KB2952664/KB2976978.

          1 user thanked author for this post.
          • #127219

            I think this has more to do with uninstalling in the correct order if the patches got installed or if there is a change of mind.
            People should be aware that the installation order is KB2952664 and next KB3150513, while for uninstalling, it should be quite the opposite, first KB3150513 (all patches if multiple) and next KB2952664 (again, all patches, if multiple).

    • #127168

      Recommendation: Add a step at the end (for those that care about telemetry) linking to 2000007: Turning off the worst Windows 7 and 8.1 snooping.

      • #127176

        Group A is for people not concerned about telemetry. “Keep it simple, just do it.”
        The part to turn off CEIP is already there.

        • #127183

          In that case, for the sake of consistency, perhaps the recently added CEIP paragraph should be removed.

          • #127189

            The presence of the CEIP paragraph without also mentioning AKB2000007 might give users the false impression that doing the CEIP part is sufficient.

            • #127193

              Group A people are not inclined to the complexities of removing telemetry in detail. Turning off CEIP can be done easily through the GUI and I believe is sufficient for people who “aren’t overly concerned about increased telemetry” as the topic states.

              I am not inclined to make it overly complicated for this group (unless there is overwhelming consensus to do so).

            • #127215

              Error Reporting which I mentioned is in the same class.
              In Windows 10 can only be turned off via Group Policy or by direct editing of the registry.
              In Windows 7 and 8.1 it can be configured in GUI.
              It tends to record and send more relevant data back to Microsoft than CEIP, but I turn it off for reasons of space wasted and performance.

              1 user thanked author for this post.
    • #137451
      2 users thanked author for this post.
    • #150835

      To rb : I found that the use of so high powered programs might cause the fan(s) to run But a dirty fan will most likely be the culprit. Turn off, unplug and use vacuum to clean all fans. Fans attract dust you can’t see.

    • #194572

      Patch Watch may have been like this previously; however, I didn’t notice it.  For kb 4103718, it says this is the monthly roll up and there have been networking issues.  There’s no mention of kb4103718 being safe to install.  A similar situation exists for kb4099633 and the updates for Office 2010.

      Should I wait until next weekend to install May’s updates?  Thanks in advance for your advice.

      Win 7 32 bit SP1, Office 2010 SP2, Intel Core 2 Duo @ 1.80 GHz, 4.0 GB RAM

      1 user thanked author for this post.
      • #194576

        The Master Patch List (see button at top of blog home page) is a guide to whether the patches have problems (or not).

        The DEFCON number at the top of the page is a guide to patching. When Woody raises the DEFCON mumber to 3 or above, he also publishes an article in ComputerWorld that contains the cautions and instructions for updating safely.

        3 users thanked author for this post.
    Viewing 16 reply threads
    Reply To: 2000004: How to apply the Win7 and 8.1 Monthly Rollups

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: