News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Bringing Group B machines (patched to July 2019) up-to-date

    Posted on KevinTMC Comment on the AskWoody Lounge

    Home Forums AskWoody support Windows Windows 7 Windows 7 patches Bringing Group B machines (patched to July 2019) up-to-date


    Viewing 4 reply threads
    • Author
      • #2265382 Reply
        AskWoody Plus

        For work I have two somewhat current-ish Windows 10 computers–which are just fine these days–but my two home machines are much older (Lenovo laptop with a dual-core T4200 purchased 2009; desktop built around a Phenom II X4 in 2010) and are still running Windows 7. Both time and money are far too short at the moment to make big changes on that front, so my concern is how to get these computers adequately updated for the time being.

        A confirmed member of Group B, I updated my machines manually, with all due control-freakery (and then some), through July 2019. Not long after, there started to be fresh worries about Microsoft smuggling stuff into updates that we Group B-ers had been working hard to avoid all along; security worries on 7 seemed minor and/or overblown; and life got more frantic than ever…and so I haven’t done any patching on those machines since.

        It’s probably time to go about that. But I’m at a loss regarding how to best get back on the train. (And am also unsure just what I’m going to have to give up in terms of privacy and control in doing so.) Instructions and advice from forum boffins would be most appreciated

        Home machines: Windows 7 Home (Group B)
        Work machines: Windows 10 Enterprise (1809)

      • #2265434 Reply
        Da Boss

        There has been a lot posted already about the era of Windows 7 after the end of life at the start of this year.

        From Newsletter 17.7.0:

        The trials and tribulations of Windows 7
        By Susan Bradley

        We’re starting the Windows 7 extended-support era … with more than our fair share of confusion.

        If you’re looking for free Windows 7 updates, you can try the Opatch service. Also, regularly check out the AskWoody forum posts in the “Win7 beyond end-of-life” section. Remember: We’ve got your back.

        Also, from an earlier newsletter:

        Purchasing an ESU for my Win7 PC
        So it’s official: I was able to buy one — and just one — Win7 ESU license.

        Do you have a Win7 ESU?

        1 user thanked author for this post.
      • #2265443 Reply
        Da Boss

        You can patch Group B up to Win7 EOL using AKB2000003. There are notes included to indicate included telemetry (to be avoided?)

        For Win7 EOL, there are several options:
        + You can buy the subscription ESU package that continues MS updates. It requires the installation of a Rollup. Recommended: Harbor Computer Services. See
        + You can buy micropatches from 0patch, a third-party vendor. It has the same prerequisites as the MS ESU, See their website
        + There is a way to obtain post-EOL patches. See
        + You can harden Win7 by keeping anti-malware, browsers, other programs up-to-date and practicing safe Internet surfing.

        3 users thanked author for this post.
      • #2265449 Reply

        (PKCano may have forgotten to add it after his 1st paragraph above(?), but …) With respect to you comment about Telemetry being added to the W7 July 2019 Security Only update (and the W8.1 September Security Only update), the information and script from “abbodi86” at AKB2000012 is useful here 🙂


        2 users thanked author for this post.
      • #2265478 Reply
        AskWoody Plus

        Thank you for the helpful replies. They’ve helped me zero in on the points where I’m a little stuck.

        1: In patching the rest of the way to EOL, is there any point to remaining in Group B if I’m going to need to run abbodi86’s script to deactivate the likes of KB2952664 and KB4493132 anyway? (I went to a lot of trouble to ride Group B all the way to July 2019…but I don’t want to fall victim to the sunk cost fallacy here.)

        2: If the answer to that is yes, is there still a point to Group B if I then secure access to beyond-EOL patches and start installing them? (All those solutions require installing at least one monthly rollup, yes? Or would it be different if I try the standalone installer?)

        3: Would the free version of 0patch do anything for me, post-EOL?

        I’m glad PKCano mentioned the hardening angle. I do have careful and well-worn Internet habits, run regular backups and scans, and use settings and browser plug-ins to operate in what I call “semi-paranoid mode” online. (Including on my Windows 10 machines, as far as I am able.) But even if I’ve done a decent job of minimizing my risk as an effectively “Group W” user these past 10 months, that can’t go on forever, hence this thread.

        Ultimately, I aim to find the time and money to buy or build a solid new computer, setting up a Win 7 virtual machine on it for running programs that won’t work as well on 10. (Mostly games…some of which are old enough that an additional virtual install of Win 98 wouldn’t go amiss either!) The more time I can buy until then, the better.

        The question of how expensive is too expensive, and how dangerous is too dangerous, when it comes to buying that time for my Win 7 machines, I suppose I can only answer for myself, after seeking the best input I can.

        In gathering that info, I’m ever so grateful for the AskWoody website and community. From the earliest days of the “patchocalypse” until now, it has been indispensable in keeping me sane, and my computers running more or less as I’d like them to. Thanks again to those graciously taking the time to read and reply here.

        Home machines: Windows 7 Home (Group B)
        Work machines: Windows 10 Enterprise (1809)

        • #2265480 Reply
          Da Boss

          I did Group B for a while. But I came to the conclusion that it was becoming too complicated. It’s not just about using the SO and IE11 CU. There are other hotfixes, SSUs workarounds, the patches in the non-security part of the Rollups, etc also involved. So I moved to Group A.

          I use @abbodi86 ‘s script to eliminate as much of the telemetry as possible. I have set it up as a Scheduled Task on startup (instructions in the link). You are not going to completely eliminate all of it, but a good part.

          I have 3 Win7 VMs on MacOS hosts. I have been patching them with MS patches since EOL. I have had no technical problems using @abbodi86 ‘s method (also linked). The fourth Win7 VM I have left at EOL. I have at least monthly image backups and I keep the third-party programs up to date. Use ad and script blockers on Firefox. Bitdefender Free or TrendMicro Max with Malwarebites Free as manual double-check. Haven’t had problems there either.

          0patch seems to work well according to reports here. I would recommend the paid version if you go that route as it imitates MS patching for the most part. They also patch other software.

          If you have other questions – ask.

          1 user thanked author for this post.
    Viewing 4 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Bringing Group B machines (patched to July 2019) up-to-date

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.