Topic: 2000004: How to apply the Win7 and 8.1 Monthly Rollups @ AskWoody

2000004: How to apply the Win7 and 8.1 Monthly Rollups

Posted on woody Comment on the AskWoody Lounge
Home › Forums › Knowledge Base › 2000004: How to apply the Win7 and 8.1 Monthly Rollups
- This topic has 45 replies, 11 voices, and was last updated 1 year, 1 month ago.
Viewing 17 reply threads
- Author
  
  Posts
- - May 20, 2017 at 5:39 pm #116993 Reply
    
    woody
    Da Boss
    
    AKB 2000004: How to apply the Win7 and 8.1 Monthly Rollups
    
    By @woody
    
    Published 29 July 2017 rev 1.12
    
    For those in “Group A” — the ones who want to use Microsoft’s preferred patching method, and aren’t overly concerned about increased telemetry (which is to say, snooping), here’s how to get your monthly rollup going, without succumbing to Automatic Updating.
    
    For those in “Group A” who want to minimize Microsoft’s snooping but still install all of the offered patches, turn off the Customer Experience Improvement Program before you begin.
    Click Start > Control Panel > Action Center. On the left, click the link to Change Action Center settings. Under Related settings, click Customer Experience Improvement Program settings. Choose No, I don’t want to participate in the program. Click Save changes.
    
    Step A1: Get your settings right.
    
    In Win7, click Start > Control Panel. In Win 8.1, press Win-X and choose Control Panel. Click System and Security. Under Windows Update, click the link marked “Turn automatic updating on or off.” Make sure Windows Update is set to “Never check for updates (not recommended),” then check the boxes marked “Give me recommended updates the same way I receive important updates” and “Give me updates for Microsoft products and check for new optional Microsoft software when I update Windows.” Click OK.
    
    Step A2: Check for updates.
    
    Back in the Control Panel, under Windows Update, click the link to Check for Updates. (You may have to click Check for Updates a second time.) If you’ve done a Group A run in previous months, the check should go quickly. If it lingers for hours, follow these steps. Don’t check any unchecked boxes. If you have no intention of updating this machine to Win10 in the near future, look for KB 3150513 and make sure it’s unchecked.
    
    Step A3: Get rid of problematic updates.
    
    The list of problematic updates changes every month, so you’ll have to watch the main AskWoody blog page for details. Look for MS-DEFCON posts; they’re clearly marked. In general, if you have no intention of updating this machine to Win10 in the near future, look for KB 3150513 and uncheck the box.
    
    Step A4: Install the patches.
    
    Click the button marked Install Updates and follow the instructions. You’ll end up with the Security Monthly Quality Rollup; all of your Office patches; maybe some .Net patches; Adobe Flash fixes; the Microsoft Security Essentials update; and the usual MSRT scanner. After the reboot, everything will be set to block automatic updates.
    
    Step A5: Wash, rinse, repeat.
    
    Go through Steps A2 to A4 again, to see if Windows Update picked up any new patches. Repeat until there aren’t any more additional patches. When you’re done, you’re done, but be sure to watch this site next month to see when the unpaid beta testers are done.
    
    You have to update your Windows computer. But you don’t have to update it according to Microsoft’s timetable.
    
    13 users thanked author for this post.
    
    Chessie, deanwmn, Myst, cesmart4125, Microfix, DeWayne12, Morty, MrToad28, Hugo, HiFlyer, ch100, MrBrian
  - May 20, 2017 at 6:54 pm #117019 Reply
    
    MrBrian
    AskWoody_MVP
    
    What is KB3010513?
    
    Also, after completing step A4, I recommend to keep repeating steps A2 to A4 until there are no ticked by default updates remaining after step A3.
    
    1 user thanked author for this post.
    
    cesmart4125
    - May 21, 2017 at 7:00 am #117121 Reply
      
      woody
      Da Boss
      
      Ah, that KB is a…. typo. Ooops. Corrected.
      
      I’ll add the loop, too.
      
      Thanks!
      
      3 users thanked author for this post.
      
      cesmart4125, ZemplinTemplar, MrBrian
  - May 21, 2017 at 3:18 pm #117263 Reply
    
    MrBrian
    AskWoody_MVP
    
    As far as I know, there is no need to avoid KB 3150513.
    - May 21, 2017 at 3:36 pm #117268 Reply
      
      ch100
      AskWoody_MVP
      
      MrBrian wrote:
      
      As far as I know, there is no need to avoid KB 3150513.
      
      KB3150513 does not have any meaning and it cannot be installed on Windows 7 and 8.1 without KB2952664/KB2976978 as pre-requisite. It can be installed on Windows 10 and 2016 because the pre-requisite is already built-in.
      I think we are wasting time with non-sense trying to analyse various patches instead of recommending end-users how to tune and use their computers at their maximum potential.
      
      July 3, 2018 at 6:35 pm #201199 Reply
      
      cesmart4125
      AskWoody Plus
      
      One time I didn’t follow Ms. Susan’s advice, and I wound up with no audio. Simply uninstalling the patch and going back to an earlier restore point didn’t fix the problem. Unfortunately, I didn’t understand how to use Macrium Reflect and hadn’t used it beforehand.
      
      Attachments:
      You must be logged in to access attached files.
  - May 22, 2017 at 9:07 am #117583 Reply
    
    MrToad28
    AskWoody Lounger
    
    Please explain advantage of this “turn off automatic updates” method over “check for updates but let me choose whether to download and install them” option.
    
    I’ve never had an update install without my having initiated it using the “check for updates…let me choose” option. Am I missing something?
    
    1 user thanked author for this post.
    
    ZemplinTemplar
    - May 22, 2017 at 11:34 am #117628 Reply
      
      AlexN
      AskWoody Lounger
      
      Mostly, it saps your computers performance heavily. But it also will eventually auto-install the updates whether you like it or not.
      
      Fortran, C++, R, Python, Java, Matlab, HTML, CSS, etc.... coding is fun!
      A weatherman that can code
      
      4 users thanked author for this post.
      
      HiFlyer, cesmart4125, Lori, MrToad28
      
      May 23, 2017 at 5:17 pm #117914 Reply
      
      MrToad28
      AskWoody Lounger
      
      Prior to the May patches…or more specifically the May .net patch, I wasn’t experiencing system drag, but after that .Net patch CPU cycles went way high…40-50% on several Win7-64 pc’s.
      
      The primary culprit seems to be trusteninstaller.exe I stopped it and then switched to “Never check..” and that seems to have halted the CPU overrun.
      
      May 23, 2017 at 5:28 pm #117915 Reply
      
      PKCano
      Da Boss
      
      MrToad28 wrote:
      
      The primary culprit seems to be trusteninstaller.exe
      
      trustedinstaller.exe is the installer for Windows Update. It sometimes runs high CPU for as much as 10 minutes after update/reboot to complete the install process.
      
      3 users thanked author for this post.
      
      Myst, cesmart4125, Lori
  - May 22, 2017 at 9:15 am #117585 Reply
    
    MrToad28
    AskWoody Lounger
    
    I would add the following cautious options:
    
    If you have multiple similar PC’s with similar configurations, patch the least important one first it see if anything specific to your boxes doesn’t play well with the current patch.
    
    Create one or more restore points before patching.
    
    Apply major patches…the security roll-up and the .net roll-up separately and create a restore point in between.
    
    1 user thanked author for this post.
    
    Lori
  - May 22, 2017 at 11:44 am #117634 Reply
    
    Marty
    AskWoody Plus
    
    I’ve been in Group A for several months, but I have never understood the rationale for accepting ““Give me recommended updates the same way I receive important updates”. I do not check that box, since I don’t want anything but the updates that are designated as “important”. And having followed this procedure for several months, the list of optional/recommended updates has remained, without any of them having been installed.
    - May 22, 2017 at 11:57 am #117640 Reply
      
      PKCano
      Da Boss
      
      Group A follows the above instructions. Guess you must not be in Group A, but somewhere between Group A and Group B (which does not check “Give me recommended updates the same way I receive important updates” box).
      
      May 15, 2019 at 11:15 am #1628321 Reply
      
      Myst
      AskWoody Plus
      
      I’m in the same category then, in between GrpA/B because I have always avoided receiving Recommended Updates the same as Important. In this month’s patching process should I switch back, and as noted by Woody to receive all Recommended Updates the same as Important? Thanks
      
      Win7 SP1 Home x64, MacOS / Chromebook
      
      May 15, 2019 at 11:22 am #1628329 Reply
      
      PKCano
      Da Boss
      
      For now, you should just worry about the May updates. Come back with your question later in the month – get protected from the vulnerability first.
      
      1 user thanked author for this post.
      
      Myst
  - May 22, 2017 at 1:16 pm #117654 Reply
    
    MrToad28
    AskWoody Lounger
    
    May I assume the April recommendation not to install optional roll-up preview patches still stands?
    
    I’m not keen on being an unpaid patch beta tester…
    - May 22, 2017 at 1:18 pm #117655 Reply
      
      PKCano
      Da Boss
      
      Don’t install any “Preview” patches. They are unchecked by default.
      
      1 user thanked author for this post.
      
      MrToad28
  - May 22, 2017 at 7:52 pm #117770 Reply
    
    rb
    AskWoody Lounger
    
    Dummie here and hoping to get some help.
    
    I’m stuck at step one. Not sure when it happened (I suspect it’s when I installed GWX Control Panel back when; it’s since been uninstalled), but I’m not able to change my WU setting to “don’t check”; it’s stuck on “check but let me choose” and any option to change it is grayed out.
    
    Just read from AlexN above that this setting saps my computer’s performance. Could this be a reason why my fan revs so much? That noise irks me to no end.
    
    I believe the settings issue has been addressed before, so I apologize for returning to it, but I missed the solution, or if there is one.
    
    Many thanks for the wealth of knowledge shared here.
    - May 22, 2017 at 9:46 pm #117788 Reply
      
      ch100
      AskWoody_MVP
      
      You have group policy configured.
      If you are not aware of it, then it is possible that other software set it for you.
      Windows Update MiniTool is known to do this.
      If you use WUMT, then configure for Automatic and your settings should become available again.
      
      May 23, 2017 at 9:22 am #117866 Reply
      
      rb
      AskWoody Lounger
      
      Thanks for your reply, ch100. No, I don’t have WUMT. How would I go about determining if group policy is configured, and if it is, how may I reverse it?
      
      Really appreciate your help and patience.
  - May 23, 2017 at 6:11 pm #117916 Reply
    
    BrianL
    AskWoody Lounger
    
    @ PKCano Do I get rid of Trusted Installer, or just find a way to disable it? My Windows update settings have been stuck on “Don’t download or install without permission” and it is grayed out. I can check or un-check the boxes below the selection bar….. In picking the change settings, that is where this is. It has been grayed out since I had the severe blue screen problem on the first of Dec 2016. The computer was cleaned and the original OS was reinstalled. It stopped running correctly again last of March. I used “safe Mode” and changed out of “raid” and checked ‘OK’ and rebooted; blue screen gone and windows came right up. But update setting was still grayed. After reinstall, using RAID, I could not even ask it to look for updates. After changing out of RAID, even with change setting grayed I could look for updates and they would come in. I didn’t loose any files.
    - May 23, 2017 at 6:35 pm #117922 Reply
      
      PKCano
      Da Boss
      
      BrianL wrote:
      
      Do I get rid of Trusted Installer
      
      TrustedInstaller.exe is the installer for Windows Update. You definitely DON’T want to get rid of it.
      
      RAID is sometimes the default BIOS setting (older PCs). I’ve been caught by that myself a couple of time too.
      
      BrianL wrote:
      
      It has been grayed out since I had the severe blue screen problem on the first of Dec 2016
      
      Did you have GWX Control Panel on your computer before the blue screen. It blocked the settings so GWX wouldn’t change it to Auto and install Win10. There is a Registry setting I think will fix it. If you’re not familiar with the Registry, get someone who is to help you. I think 5 may be what you want.
      
      1) Hold WindowsKey + R
      (is hold Start & press R on your keyboard)
      
      2) Type: “regedit”
      Hit Enter
      
      3) Go to:
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      
      Find AUOptions.
      Double Click AUOptions or Right Click Modify
      
      > You can change the values data from 1 through 5 <
      
      1. Install updates automatically (recommended)
      2. Download updates but let me choose whether to install them
      3. Check for updates but let me choose whether to download and install them
      4. Install updates automatically / Never Check For Updates
      5. Enable the option box to choose manually
      
      Edit to correct numbering
      
      3 users thanked author for this post.
      
      HiFlyer, BrianL, rb
      
      May 24, 2017 at 6:16 pm #118050 Reply
      
      rb
      AskWoody Lounger
      
      @PKCano Thank you! Such a simple solution to my problem as well! However, when I changed the value to 5 (enable me to choose option manually), back at the Windows Update Settings page, there were only 3 options to choose from: install updates automatically; download but let me choose; check for updates but let me choose..; NO option to “Never check for updates” listed.
      
      Since the GWX campaign ended and with it my GWX Control Panel, I’ve been in group B. However, seeing that Woody’s recommending those of us with limited computer experience/knowledge to move to Group A, I don’t really understand why it’s best to enable “Never Check for updates”.
      
      Question: On the list of values you provide above for the AUOptions, how would I set it to 4 “Never Check for Updates” vs 4 “Install Updates Automatically”? Is there a toggle button or something that will make it clear what I’ve chosen?
      
      1 user thanked author for this post.
      
      HiFlyer
      
      May 24, 2017 at 6:26 pm #118052 Reply
      
      PKCano
      Da Boss
      
      Unplug your computer from the Internet so you won’t get any surprises and try it. See what 4 does. You can always change it back. It may be 4 gives you what you want. Let us know what you find.
      
      1 user thanked author for this post.
      
      HiFlyer
      
      May 24, 2017 at 7:01 pm #118055 Reply
      
      rb
      AskWoody Lounger
      
      Good news: following my switching the value to 4, the WU settings page simply offered all 4 options, including the one to turn off updates! At long last!
      
      I’m a happy camper, thanks to you.
      
      1 user thanked author for this post.
      
      HiFlyer
      
      May 24, 2017 at 7:10 pm #118056 Reply
      
      PKCano
      Da Boss
      
      🙂 🙂
      
      1 user thanked author for this post.
      
      HiFlyer
  - May 24, 2017 at 10:07 am #117995 Reply
    
    BrianL
    AskWoody Lounger
    
    @ PKCano I have regedit on my bar at bottom of screen along with services, for easy access. I have fiddled with both and am somewhat acquainted with them. Am going to try your suggestions in the next hour. ALSO, I downloaded “WireShark”, but haven’t used it yet. Also downloaded “MS Malicious Software Removal Tool”. So far entering a software screen or web page or changing screens is a little slower than before and but changing within screens is fast as ever.
  - May 24, 2017 at 10:42 am #117996 Reply
    
    BrianL
    AskWoody Lounger
    
    @ PKCano Did as you stated in regedit and it worked perfectly. Thanks to you for your invaluable instructions.
  - May 25, 2017 at 8:10 am #118106 Reply
    
    BrianL
    AskWoody Lounger
    
    @ PKCano till have not use WireShark. Will let you know how it worked>
  - May 27, 2017 at 10:16 am #118322 Reply
    
    BrianL
    AskWoody Lounger
    
    @ PKCano Question? In the windows update settings I have no Red label. In other words the box with “Never check for updates” is not there. The other boxes are. As per your advice I went into regedit and found the correct line and change it to 5. That gave me a choice that was available before. as I had no choices before. I think that back in November/December 2016 I had a collapse of my Windows 7 SP1 x64, the Computer
    Sepecialist that I had reinstall the original OS did as I instructed (I don’t want to install any updates from MS anymore). Could this have causes the update acquiring problem?
    - May 27, 2017 at 10:35 am #118325 Reply
      
      PKCano
      Da Boss
      
      In the Registry setting, try 4. I think it will give you four choices, Never being one of them.
  - July 30, 2017 at 7:07 am #127142 Reply
    
    MrBrian
    AskWoody_MVP
    
    In steps A2 and A3, I recommend removing the sentence mentioning KB 3150513.
    - July 30, 2017 at 8:45 am #127152 Reply
      
      PKCano
      Da Boss
      
      Since Group A is (supposedly) not concerned with telemetry, they probably have installed KB2952664/KB2976978. But if they are not planning to upgrade, is there any reason to need KB3150513?
      
      July 30, 2017 at 10:56 am #127166 Reply
      
      MrBrian
      AskWoody_MVP
      
      Yes, because KB 3150513 contains the latest definitions for KB2952664/KB2976978. I see no good reason for a user with KB2952664/KB2976978 to do extra work to avoid the latest definitions for KB2952664/KB2976978.
      
      1 user thanked author for this post.
      
      ch100
      
      July 30, 2017 at 4:19 pm #127219 Reply
      
      ch100
      AskWoody_MVP
      
      I think this has more to do with uninstalling in the correct order if the patches got installed or if there is a change of mind.
      People should be aware that the installation order is KB2952664 and next KB3150513, while for uninstalling, it should be quite the opposite, first KB3150513 (all patches if multiple) and next KB2952664 (again, all patches, if multiple).
  - July 30, 2017 at 11:02 am #127168 Reply
    
    MrBrian
    AskWoody_MVP
    
    Recommendation: Add a step at the end (for those that care about telemetry) linking to 2000007: Turning off the worst Windows 7 and 8.1 snooping.
    - July 30, 2017 at 11:32 am #127176 Reply
      
      PKCano
      Da Boss
      
      Group A is for people not concerned about telemetry. “Keep it simple, just do it.”
      The part to turn off CEIP is already there.
      
      July 30, 2017 at 12:01 pm #127183 Reply
      
      MrBrian
      AskWoody_MVP
      
      In that case, for the sake of consistency, perhaps the recently added CEIP paragraph should be removed.
      
      July 30, 2017 at 12:25 pm #127189 Reply
      
      MrBrian
      AskWoody_MVP
      
      The presence of the CEIP paragraph without also mentioning AKB2000007 might give users the false impression that doing the CEIP part is sufficient.
      
      July 30, 2017 at 12:48 pm #127193 Reply
      
      PKCano
      Da Boss
      
      Group A people are not inclined to the complexities of removing telemetry in detail. Turning off CEIP can be done easily through the GUI and I believe is sufficient for people who “aren’t overly concerned about increased telemetry” as the topic states.
      
      I am not inclined to make it overly complicated for this group (unless there is overwhelming consensus to do so).
      
      July 30, 2017 at 3:25 pm #127215 Reply
      
      ch100
      AskWoody_MVP
      
      Error Reporting which I mentioned is in the same class.
      In Windows 10 can only be turned off via Group Policy or by direct editing of the registry.
      In Windows 7 and 8.1 it can be configured in GUI.
      It tends to record and send more relevant data back to Microsoft than CEIP, but I turn it off for reasons of space wasted and performance.
      
      1 user thanked author for this post.
      
      HiFlyer
  - October 14, 2017 at 11:09 am #137451 Reply
    
    MrBrian
    AskWoody_MVP
    
    Important: Group A (Win 7 and 8.1) might be missing updates if don’t hide unwanted updates.
    
    2 users thanked author for this post.
    
    stewagreen, walker
  - December 8, 2017 at 9:40 am #150835 Reply
    
    BrianL
    AskWoody Lounger
    
    To rb : I found that the use of so high powered programs might cause the fan(s) to run But a dirty fan will most likely be the culprit. Turn off, unplug and use vacuum to clean all fans. Fans attract dust you can’t see.
    - December 8, 2017 at 12:33 pm #150873 Reply
      
      woody
      Da Boss
      
      The fan may well be the problem, but don’t use a vacuum cleaner to remove the dust.
      
      There’s a good overview from Rudolph Zorn here:
      
      https://superuser.com/questions/1098813/cleaning-laptop-fan-with-a-vacuum-cleaner
  - May 26, 2018 at 12:57 pm #194572 Reply
    
    cesmart4125
    AskWoody Plus
    
    Patch Watch may have been like this previously; however, I didn’t notice it. For kb 4103718, it says this is the monthly roll up and there have been networking issues. There’s no mention of kb4103718 being safe to install. A similar situation exists for kb4099633 and the updates for Office 2010.
    
    Should I wait until next weekend to install May’s updates? Thanks in advance for your advice.
    
    Win 7 32 bit SP1, Office 2010 SP2, Intel Core 2 Duo @ 1.80 GHz, 4.0 GB RAM
    
    Attachments:
    You must be logged in to access attached files.
    
    1 user thanked author for this post.
    
    walker
    - May 26, 2018 at 1:13 pm #194576 Reply
      
      PKCano
      Da Boss
      
      The Master Patch List (see button at top of blog home page) is a guide to whether the patches have problems (or not).
      
      The DEFCON number at the top of the page is a guide to patching. When Woody raises the DEFCON mumber to 3 or above, he also publishes an article in ComputerWorld that contains the cautions and instructions for updating safely.
      
      3 users thanked author for this post.
      
      woody, cesmart4125, walker
- Author
  
  Posts
Viewing 17 reply threads

Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

Reply To: 2000004: How to apply the Win7 and 8.1 Monthly Rollups
You can use BBCodes to format your content.
Your account can't use Advanced BBCodes, they will be stripped before saving.

Cancel

Welcome to our unique respite from the madness.

It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Plus Membership

Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.

AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.