Comments on Abbodi86’s Win7 ESU Installer Script (2020 Archive)

Topic

When the instructions say to put W7ESUI.CMD “next to” the MSU files, does that mean “in the same directory as”?

Replies

Woody, you’re on board with this?

3 users thanked author for this post.

lanceboil, b, woody

It means: Put it in the same folder.

3 users thanked author for this post.

Lori, Moonbear, Elly

if i decide to install february and march group b patches on win7, is there anything to consider about these patches (bugs or anything else)?

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

See this thread for information, especially the note at the top about the Group B patches. And the similar blogpost about the Feb Patch Tues.

There are also notes in AKB2000003.

3 users thanked author for this post.

Lori, RDRguy, Elly

PKCano wrote:

See this thread for information, especially the note at the top about the Group B patches. And the similar blogpost about the Feb Patch Tues.

There are also notes in AKB2000003.

thx, how can i check, if ssu kb4490628 is installed already? i know i have kb4474419 (because i had to install 3 times kb4474419 last year which i clearly remember) but i can’t find the kb4490628 which is required by march esu patches in windows update (unfortunately there is no search-box in windows update).

and in which order is that new ssu kb4550735 to be installed? after february win7/ie patches?
for example like this?
february kb4537813 (win7)
february kb4537767 (ie)
reboot
ssu kb4550735
( i downloaded the file linked in:
https://www.askwoody.com/forums/topic/initial-impressions-of-patch-tuesday-march-2020/#post-2189166 )
reboot
march kb4541500 (win7)
march kb4540671 (ie)
reboot
office and other non-windows patches
reboot (just to make sure)

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

To see if kb4490628 is installed look in Windows Update. On the lower left corner click on “View installed updates.”
You can sort by any column. Click on the column title to choose the column to sort by. It is a toggle, alternating ascending/descending.
kb4490628 was issued in april 2019, so if you sort by date it will be 3/12/2019 or later. If you sort by title, each category will have the KB number sorted numerically.

4 users thanked author for this post.

Steve, honx, Elly, abbodi86

You can collect the updates and the needed file(s) in one folder.
If you are using @abbodi86 ‘s script, you should follow those instructions.
The Office, MSRT updates are still available through Windows Update for supported versions.

1 user thanked author for this post.

Elly

can’t edit my post anymore, so i have to reply: what do i have to deactivate in order to get rid of this diagtrack thingamajigs in march update? (microsoft are now charging for win7 updates and these to purchase patches still contain spyware – i don’t get it…)

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

See AKB2000012.

5 users thanked author for this post.

Sinclair, SilenceIsG0lden, honx, Elly, woody

PKCano wrote:

You can collect the updates and the needed file(s) in one folder.
If you are using @abbodi86 ‘s script, you should follow those instructions.
The Office, MSRT updates are still available through Windows Update for supported versions.

so all february, march and that ssu in the same folder and that script takes care about the order and installs also that march ssu at the right time?

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Yes

You only need the latest SSU (March KB4550735), and the latest IE11 cumulative (March KB4540671)
in addition to security only update for both February and March

9 users thanked author for this post.

MrChaz, Steve, SueW, Kranium, RDRguy, honx, Elly, woody, PKCano

Just out of curiosity: why? My reason for asking: I have seen other contributors on AskWoody claiming this is illegal.

I myself take a practical approach: I have lost so very many hours (> 100) because of Microsoft’s absence of client focus that I honestly do not care whether it is illegal (normally I do). One example: only informing that Ultimate is also covered by ESU in late November which caused me much stress trying to get my systems on Windows 10 in the months before November 2019, which failed, because of a lack of time and energy on my part caused by insufficient health.

ASRock Beebox J3160 - Win7 Ultimate x64
Asus VivoPC VC62B - Win7 Ultimate x64
Dell Latitude E6430 - Win7 Ultimate x64, Win10 Pro 22H2 x64 (multiboot)
Dell Latitude XT3 - Win7 Ultimate x86
Asus H170 Pro Gaming - Win10 Pro 22H2 x64

1 user thanked author for this post.

PerthMike

Use 0patch or script installer (no ESU, Win 7 group B through Jan patches) or both?

I installed 0patch(free) after the Jan patches, and it’s been doing fine.

Also use the script installer because more is better and it will enhance things missing from 0patch, or is this 0patch tool probably sufficient?

Thanks for opinions..

C.

2 users thanked author for this post.

rontpxz81, gthomas

Does it violate licenses and eulas….. yes …but my morals are slipping.  We are in unusual times where people are using Win7’s to remote in from home.  I’ve sent an email to Satya to ask him to open up 7 patching for all given the circumstances.

Susan Bradley Patch Lady

Total of 23 users thanked author for this post. Here are last 20 listed.

Lori, MrChaz, Microfix, Steve, Endora, Moonbear, Ulti P. Uzzer, Pim, PerthMike, abbodi86, pandarunnerpt, SueW, rontpxz81, Bluetrix, woody, RDRguy, jburk07, satrow, Seff, ch100

Susan Bradley wrote:

Does it violate licenses and eulas….. yes …but my morals are slipping.  We are in unusual times where people are using Win7’s to remote in from home.  I’ve sent an email to Satya to ask him to open up 7 patching for all given the circumstances.

Yes, considering so many must now work from home, it would be good if Microsoft would step up and open up the ESU for some period of time.  I guess this is most applicable to people who have their “home” computer and until now have only used the IT-supported computers at their work place.

Indeed, I saw a report that bad actor’s may have increased their efforts against homes and home users anticipating increased opportunities in these new circumstances.

Win 10 Pro 64-bit 21H2, Office 2019.
Win 7 Pro 64-bit, Office 2010.
Win 11 Pro 21H2.
Nethermost of the technically literate.

2 users thanked author for this post.

Moonbear, woody

abbodi86 wrote:

Yes

You only need the latest SSU (March KB4550735), and the latest IE11 cumulative (March KB4540671)
in addition to security only update for both February and March

thanks, i’ll wait for ms defcon 3 or higher and for some observations by other users here before i try it myself.

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

[Geo]

0patch pro is half the price of ESU and is working just fine.  I’m a home premium user .  Getting a number of micro patches lately.

• This reply was modified 3 years, 2 months ago by Geo.
• This reply was modified 3 years, 2 months ago by Geo.

5 users thanked author for this post.

rontpxz81, analogkid, jburk07, RDRguy, woody

Open Windows Update > click on View Update History (in left navigation) > click on the linked Installed Updates > copy & paste the KB number into the top left search field.

That way you don’t have to waste time sorting and searching by date.

Hope I could help.

1 user thanked author for this post.

abbodi86

Any known issues using this script on a Kaby Lake (intel 7xxx) box running wufuc ?

Every time I think I’ve found a way to outsmart Mother Microsoft re: updating, it usually backfires…or at least causes more anxiety and takes more time than it’s worth.

My gut tells me that this unsanctioned (and per SB , a license violation) approach is not a good option.  I acknowledge that I’m a non-techie home user with a less adventurous spirit than most.  I agree, though, that MS should extend traditional W7 patching due to current circumstances.

 

2 users thanked author for this post.

RDRguy, ch100

Thank you so much for this, abbodi86. This should tide me over until i figure out what i’m going to do long term, with no option being ideal. However, i am a little concerned implementing it because this violates the EULA and i worry microsoft will start deactivating the product keys of genuine installs and then you’re effectively using a pirate copy. Also, it was my understanding that this workaround had been prevented with the latest SSU.

2 users thanked author for this post.

KWGuy, woody

I have just run the script on one of my Win7 Ultimate x64 VMs that was updated through Jan.
There were no problems during the install.
There were two (2) reboots afterward.
Here is the result.

12 users thanked author for this post.

Microfix, Steve, PerthMike, Bluetrix, Kranium, abbodi86, RDRguy, satrow, T, Elly, Cybertooth, woody

Reports I’ve seen about 0patch are uniformly positive.

6 users thanked author for this post.

MrChaz, Steve, Elly, rontpxz81, analogkid, jburk07

OK. I’ll bite. How does running abbodi86’s script violate the Win7 EULA?

[T]

Oh, does it not? Susan upthread seems to agree that it does. My concern is just what microsoft will do to clamp down on obtaining ESUs for free.

Then again, we’re currently living through a period where so many more people are working from home and win7 still has a huge user base.

• This reply was modified 3 years, 2 months ago by T.

2 users thanked author for this post.

MrChaz, KWGuy

No file to download, link gives blank page.

You’re doing it wrong.

woody wrote:

How does running abbodi86’s script violate the Win7 EULA?

8. SCOPE OF LICENSE.
You may not
· work around any technical limitations in the software;

Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

1 user thanked author for this post.

woody

I think Susan’s assessment and subsequent action – to write to Satya asking for a waiver given the times are appropriate. This is a grey area and open to interpretation either way.

I would like to raise a technical issue though, only for clarification.

This script installs SSU first and the relevant update in the second step.

I was under the impression that this order does not matter anymore, because the SSU released in a specific month actually applies to the update released next month, this being done by Microsoft to avoid past issues. There is still a requirement to update regularly because SSU is not released each month.

Is this true about the SSU order, or is only true for Windows 10 or is not true at all?

3 users thanked author for this post.

woody, PKCano, RDRguy

Isn’t this all rather academic at the moment? We’re at DefCon 2 for heaven’s sake.

Volume Z wrote:

You’re doing it wrong.

Got it, thanks.

Hello all. Wanted to share experience and ask a question:

Since FEB2020 updates were cleared for installation, I downloaded kb4537767-x64 and kb4537813-x64 msu from Microsoft Update Catalog. Followed the instructions so kindly provided by abbodi86.

Install ran without a hitch. After successful reboot, I opened Windows Update and selected View Update History. KB4537767 and KB4537813 do not appear.

Checked Control Panel > Installed Updates. KB4537767 and KB4537813 were listed there.

Is there a reason why the FEB2020 updates do not appear in View Update History?

2 users thanked author for this post.

RDRguy, zat_so

italiangm wrote:

Is there a reason why the FEB2020 updates do not appear in View Update History?

Yes, Windows Update History is the history of updates that Windows Update installed. Windows Update didn’t install those updates, you did.  🙂
But to verify that they are installed, they are listed in “Installed Updates.”

7 users thanked author for this post.

Steve, SueW, abbodi86, KWGuy, italiangm, RDRguy, Elly

Are you telling us that any given Security Only Update is impossible to appear in Update History?

[PKCano]

Security-only updates are not released through Windows Update.
I could be wrong, but I believe that would be the case if you do a manual install.
An exception would be if the SO were released through WU.
I don’t think it shows in Update History, but it does in “Installed Updates.”
Also, if you uninstall an update, it doesn’t disappear from Update History. It is still listed in History at the time/date it was installed (but it is no longer in Installed Updates).

Note: This applies to current updates that MS designated as Rollup and Security-only, not to the prior updates that were designated Updates for Windows and Security Updates for Windows (2016 and before)

• This reply was modified 3 years, 2 months ago by PKCano.
• This reply was modified 3 years, 2 months ago by Kirsty.

3 users thanked author for this post.

SueW, Elly, RDRguy

By thinking, any update installed manually – like any given Security-Only – does not appear in Update History, you’re thinking wrong. It should be easy for you to verify in any Windows 7 installation.

I only do Rollups. Can you post a screenshot?
I’m certainly open to stand corrected.

Works for me, after paying attention to abbodi86‘s comments on 20 <span class=”bbp-reply-post-date”>March 2020 at 11:05 am.</span>

Thanks!

Sure. 🙂

1 user thanked author for this post.

RDRguy

Thanks.
Were those manual installs or using WSUS or one of the installers?

@PKC … I’m not sure that’s the case … being Group B since the very beginning, I’ve only manually installed all the monthly SO & IE11 Cum updates downloaded either directly from the MS Update Catalog or AKB2000003 and everyone of them DO appear in the Windows Update History as well as the “Installed Updates” on all of my Win7 systems.

I suspect this may be due to the processes used by @abbodi86’s batch script to incorporate the post ESU Win7 updates into non-ESU Win7 systems.

If so, it’s implementation may not use (or use in the normal way) any or all of the actual Windows Update mechanisms that would normally be used either pre or post ESU to incorporate Win7 updates.

Could/should/would this be changed in a future batch script update … I suspect only @abbodi86 can answer.

Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS

Yes, I was under the wrong impression.
Thanks for the correction.

1 user thanked author for this post.

RDRguy

My goodness – this is the greatest thing since sliced bread.  And since the last time I was in a grocery store there was no bread – that makes this the greatest thing going today!

I downloaded the script and installed per your instructions.  I used to it to install the March Servicing Stack update (KB4550735) and 2020-03 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4540688).  As advertised, the servicing stack was installed first, and then the roll-up.

As other users report, these updates did not appear in my Windows Update history, but they do appear when running, e.g., powershell (get-hotfix -id KB4540688).  They also appear as installed updates in Control Panel.

Thank you so much!

5 users thanked author for this post.

Steve, jburk07, woody, abbodi86, Cybertooth

I don’t feel so guilty. 🙂

Don’t know of any specific EULA or license that says you can’t use freely available patches on a licensed copy of Win7….

Playing devil’s advocate, of course.

15 users thanked author for this post.

Lori, MrChaz, Microfix, Alex5723, Steve, Moonbear, abbodi86, Ulti P. Uzzer, Pim, PerthMike, GoneToPlaid, SueW, Kranium, Elly, Bluetrix

I hear ya but… I’m not so sure that applying updates is working around a technical limitation.

For example, I don’t think 0patch patches violate the EULA.

One could make the argument that running any Win7 utility is working around a technical limitation in the software…. antivirus…

8 users thanked author for this post.

MrChaz, Elly, jburk07, Ulti P. Uzzer, Geo, abbodi86, liamZ, Kranium

Not really, latest SSU first, is still the correct order
if you installed higher stack installer version, it will take precedence and work for all lower versions

– Check required stack installer version for each update

if an update require higher SSU, the script will show error message and skip it

and that’s why for manual installation of ESU updates, you should only download and use latest SSU, even if current updates require previous SSU

8 users thanked author for this post.

georgea, Ed, SueW, KWGuy, alpha128, woody, PKCano, ch100

Windows Update History show the history of updates installed via WU, or via msu file directly (double-click)
but not if the updates are installed via DISM.exe tool (like the script does)

Update History can be reset/wiped easily, but “Installed Updates” will always show the updates

@RDRguy
Windows Update is more like a GUI front-end for CBS (the actual engine that process updates)
DISM.exe is the CLI front-end for CBS

4 users thanked author for this post.

Elly, jburk07, ch100, RDRguy

@abbodi86
My comment was more in relation to this (hypothetical) scenario:

– SSU 2020-01 installed
– Patches for 2020-02 are released
– Install 2020-02 CU first (for whatever reason, see below for an example)
– Install 2020-02 SSU

If 2020-02 CU require minimum 2020-01 SSU, then the previous sequence would still work, while not installing the 2020-02 SSU first.

Same would be repeated next month 2020-03 in this example, if 2020-03 CU require as minimum 2020-02 SSU and not 2020-03 SSU.

This may have practical implications when let’s say 2 patches are pushed simultaneously via WSUS or SCCM and they are installed without a reboot between them. This is a very common scenario in fact and I have seen the SSU is not always installed first due to the sequence having other criteria like randomization, which patch is downloaded first from the update server etc.

Ideally the updates should be installed in 2 steps, SSU first, waiting for it to be deployed everywhere and then the CU for the month. But this is not practical or always possible taking in consideration the operational requirements, except for the smallest of environments and as such it is never done in 2 steps.

Note: In WSUS or SCCM which leverages the same WSUS, SSU and CU are always installed separately and not bundled as it is the case for Windows Update.

3 users thanked author for this post.

woody, PKCano, abbodi86

Hey Woody, good on you.

 

Every little bit helps right now.

Group B for WIN7 w/ ESU, plus trying out Linux builds in dual boot.

1 user thanked author for this post.

woody

Understood 🙂

but like you said, this sequence apply to WU and WSUS

manual installation of updates means to get the latest version of chained updates (SSU, IE11 Cumulative, Monthly Rollup, W10 Cumulative)

5 users thanked author for this post.

KWGuy, alpha128, woody, ch100, PKCano

Used this on Windows 7 x64 Home Premium. Everything went well and after two reboots the computer still works. I did it with the network cable pulled. Once everything was done I ran the W10Tel.cmd After another reboot I replugged the network cable. So far so good.

W10&11 x64 Pro&Home

4 users thanked author for this post.

abbodi86, Kranium, jburk07, woody

It most certainly is academic. But it’s good to have some pioneers leading the way, eh?

(Also absolutely delightful that the old crew is tossing this around.)

2 users thanked author for this post.

cyberSAR, Elly

Sinclair wrote:

Used this on Windows 7 x64 Home Premium. Everything went well and after two reboots the computer still works. I did it with the network cable pulled. Once everything was done I ran the W10Tel.cmd After another reboot I replugged the network cable. So far so good.

According to the Pros above, this new script does “Include the Telemetry neutralize tweaks”.  So you may not need W10Tel.cmd any more.

After running the new script on my system I see:

Directory of C:\ProgramData\Microsoft\Diagnosis

File Not Found

Directory of C:\ProgramData\Microsoft\Diagnosis\ETLLogs

11/15/2016 08:00 PM <DIR> .
11/15/2016 08:00 PM <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
0 File(s) 0 bytes

I did previously have files there, but I had stopped them from being updated.  Now they are gone.

4 users thanked author for this post.

SueW, Elly, Sinclair, jburk07

This Windows 7 Home Premium x64 Computer installation is from 2009. Still in use every day. It has seen its fair bumbs and bobs along the way.

My Directory of C:\ProgramData\Microsoft\Diagnosis contains

User.dat 16-09-2015 0 kb

and 8 Folders

\AsimovUploader 16-01-2017 empty
\DownloadedScenarios 19-05-2015 empty
\DownloadedSettings 16-01-2017
..cfc.flights.json 04-06-2015 1 kb
..telemetry.ASM-WindowsDefault.json 16-01-2017 11 kb
..telemetry.ASM-WindowsDefault.json.bk 15-09-2015 6 kb
..utc.app.json 16-01-2017 38 kb
..utc.app.json.bk 15-09-2015 22 kb
\ETLLogs\AutoLogger 20-03-2020 empty
\ETLLogs\ShutdownLogger 16-01-2017 empty
\LocalTraceStore 16-01-2017 empty
\Sideload 16-01-2017 empty
\SoftLanding 16-01-2017 access denied
\SoftLandingStage 16-01-2017 access denied

W10&11 x64 Pro&Home

After using the script on my Win 7 SP1 PC, I noticed a new file named RunOnce_W10_Telemetry_Tasks.cmd on the desktop.

FYI, I did not place MSUs, zip file, or extracted files on the desktop, nor run W7ESUI.cmd from there.

Can I delete RunOnce_W10_Telemetry_Tasks.cmd from the desktop without causing  problems if I run the script in the future?

I forgot to mention this, sorry

the script is ment to disable the relevant schedule task after installing Monthly Rolup (they only can be disabled after restart)

therefore, you just need to run it as administrator, it will be self-deleted afterwards
or just delete it

3 users thanked author for this post.

jburk07, liamZ, italiangm

Hopefully you have a full system backup and maintain files backup in case Microsoft decides to plug the free patch access hole.

Standalone installer script for Windows 7 ESU, regardless the license.
Dowloaded W7ESU1 files and extracted ok . Then downloaded February and March Group B updates

KB4537767  KB4537813  KB1540671  KB1541500 for my Win 7 X64 Pro Laptop and placed in same folder as advised. Script runs fine however after extracting the cab files it telle me I need :

SSU VERSION 6.1.7601.24544
SSU VERSION 6.1.7601.24548

I already have KB4490628 and KB4474419 installed and all Group B security updates up to and including January installed. Advice please.

Have you been installing the SSUs before EOL?
Try installing KB4536952 Jan SSU manually first before running the script.
Also did you include Mar SSU KB4550735 in the download folder with the script?
You only need the latest IE11 CU b/c they are cumulative.

2 users thanked author for this post.

jburk07, abbodi86

You did not have required or latest SSU
you must include KB4550735 in the download folder with the script, or install it yourself

1 user thanked author for this post.

jburk07

Thank you both for your help. Followed your advice and updates installed OK now. Brilliant!!

1 user thanked author for this post.

jburk07

Right clicked on RunOnce_W10_Telemetry_Tasks.cmd then selected Run as administrator. The process ran and deleted RunOnce_W10_Telemetry_Tasks.cmd at the end as stated. Thanks again!

OK, just to make sure that I understand the process:

Supposing that one installs February’s Security Only patch for Windows 7 by using this script. Come time to install the March updates, would one then manually run the script again?

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Yes, placing March Security Only update (and March SSU) next to it

you don’t need to move the February update, the script should detect it as installed and skip it (after extraction)

3 users thanked author for this post.

jburk07, pandarunnerpt, Cybertooth

@abbodi86… “if you installed higher stack installer version, it will take precedence and work for all lower versions”

I’m questioning my reading comprehension level here… If I’m understanding this statement correctly I only need to to install the latest SSU (KB4550735) FIRST and then I would be able to install all updates available since August 2019 on two Group B systems that haven’t been patched since then?

Put SSU KB4550735, all the Security-only updates, and the latest IE11 CU KB4540671 in the folder with the script. The script will install the SSU first and then the rest of the updates.

Be sure you have SHA2 support updates KB4490628 and KB4474419 already installed beforehand.

I have been using 0Patch since 11/18/19, my husband about a month after. We both are on Win 7 Professional 64 bit SP1 computers, I am i7 6700, he is i3 4130. We both were group B until January when we had to install the rollups in order to assure that 0Patch would work properly.

Acting as guinea pigs for the 0Patch people on the board, and as per this link from 0Patch saying that it was not an issue to use both 0Patch and ESU at the same time  https://0patch.zendesk.com/hc/en-us/articles/360011192299-Can-I-use-0patch-in-parallel-to-Windows-Extended-Security-Updates–   I installed abbodi86‘s script and then the Feb. Security and IE updates today.

Installation went as described and both of us have had no problems at all.  0Patch is still working as expected, too.

Thank you abbodi86 and thank you everyone in this conversation who made it easier for me to give this a try.

Win 7 Professional, 64 bit, was Defiantly Group B, but installed 0Patch and needed to become group A to comply.

1 user thanked author for this post.

jburk07

0patch put out an email today mentioning  only W7 users who HAVEN’T  taken the ESU  downloads are able to use the 0patch micro-patches .  Mentions they are not compatible with the ESU downloads.  Be interesting if some one with ESU and 0patch are having problems as 0patch is mentioning.

1 user thanked author for this post.

jburk07

Yes

1 user thanked author for this post.

MrChaz

[RDRguy]

0patch website FAQ page states they are not needed and won’t be applied but doesn’t state that they’re not compatible and may cause problems in ESU updated systems.

EDITs: typos

Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS

• This reply was modified 3 years, 2 months ago by RDRguy.
• This reply was modified 3 years, 2 months ago by RDRguy.
• This reply was modified 3 years, 2 months ago by RDRguy.

2 users thanked author for this post.

jburk07, woody

I would expect that… it wouldn’t make much sense for 0patch to patch ESU-patched systems, unless a huge zero-day appeared.

2 users thanked author for this post.

RDRguy, jburk07

Tells me I have to run as administrator even when I right click and do just that.

 

Are you logged in with a Standard (non-Administrator) ID?

No, an admin account

[analogkid]

Downloaded the required W7ESUI and then the Feb SO updates.

I made sure I had the SSU necessary installed which I already did way back when as I did installed the Group Jan update prior to buying 0patch subscription.

Well I thought I would try this new ESL and for me it didnt work. I got the cmd window with all of the same script as pictured but when I hit the zero key nothing happened.

 

Just noticed I needed SSU KB4550735 so I went to the Microsoft Update Catalog and downloaded it.

Must admit, I am kind of lost where to go from here but then I am not computer savvy

"An analog kid in a digital world"

Win7 Ultimate home built desktop Running 0patch Pro

Win 8.1 desktop & two 8.1 laptops (just updated to Win 10)

Win 10 Dell desktop

and two very old home built Win XP desktops (offline for use with an old Epsom Photo scanner)

• This reply was modified 3 years, 2 months ago by analogkid.

analogkid wrote:

I made sure I had the SSU necessary installed which I already did way back when as I did installed the Group Jan update prior to buying 0patch subscription.

You can’t have installed the March SSU back in Jan. SSU KB4550735 was just released Mar. 10th. It needs to be in the folder with the Mar Group B updates KB4541500 SO and KB4540671 IE11 CU.

Well it seems that after 3 reboots it is working.  Not sure what was going on.

 

[analogkid]

OK, so I need to skip the Feb SO updates and instead download the March SO updates instead?

I had just figured I would installed the Feb updates as we are still on DefCon 2 with the March updates.

Thanks PK. I may still have to wait until my IT brother visits  and let him do it so he can show me in person. Who knows how long that will be though

I feel so stupid when it comes to this “stuff”

Also what I meant is that I have installed already the two prior SSU’s. I checked my installed updates just to be sure and they are listed.

"An analog kid in a digital world"

Win7 Ultimate home built desktop Running 0patch Pro

Win 8.1 desktop & two 8.1 laptops (just updated to Win 10)

Win 10 Dell desktop

and two very old home built Win XP desktops (offline for use with an old Epsom Photo scanner)

• This reply was modified 3 years, 2 months ago by analogkid.
• This reply was modified 3 years, 2 months ago by analogkid.
• This reply was modified 3 years, 2 months ago by Kirsty.

You need the Feb and Mar SO (KB4537813 and KB4541500).
You need the Mar IE11 CU (KB4540671).
You need the Mar SSU KB4550735
All of them in the folder with the script

3 users thanked author for this post.

pandarunnerpt, abbodi86, analogkid

analogkid wrote:

I feel so stupid when it comes to this “stuff”

From a non-techy who is attempting to embrace tech- you aren’t stupid. You are asking questions, learning the terminology, and applying it to your personal situation. Pretty darn smart, if you ask me!

And the more you hang around here, the more you will learn… and the more it will make sense.

Also, the more you know, the better you can converse with your IT brother… if tech can improve your bonding… so much the better!

Just know that if you follow PKCano’s instructions, it will do what you want it to do… always works for me!

Non-techy Win 10 Pro and Linux Mint experimenter

3 users thanked author for this post.

Steve, abbodi86, analogkid

Finally took the plunge and converted two fully up-to-date non-ESU Win7 “Group B” test systems to “Group A” by first installing KB4534310 (2020-01 Monthly Quality Rollup) then KB4536952 (2020-01 SSU).

After successful reboot, used @abbodi86’s automated batch script to install the following ESU updates:

2020-02 – KB4537829 (Feb SSU)
2020-03 – KB4550735 (Mar SSU)
2020-02 – KB4537820 (Feb Monthly Quality Rollup)
2020-03 – KB4540688 (Mar Monthly Quality Rollup)

ESU batch script processed both SSUs first then both Monthly Rollups successfully.

After reboot, the installed updates (via the control panel) listed both SSUs & the Mar Rollup as installed. As expected, the Feb Rollup was not installed due to supersession by the Mar Rollup. A subsequent Windows Update found only the March 2020 MSRT.

Afterwards, performed a couple of Windows Update offline scans via the Microsoft Baseline Security Analyzer (MBSA) tool using the current wsusscn2.cab file.

As the MBSA tool is no longer available for download as described here, I also performed additional offline scans via Powershell using a .vbs script found here and a .ps1 script found here.

MBSA and both Powershell offline scan scripts indicate the following updates are still missing:

2019-10 – KB4519108 (DST changes for Norfolk Island and Fiji Island)
2020-02 – KB4538483 (ESU Licensing Preparation Package)

Interesting that KB4519108 is found via offline scanning but not via the normal WU scan since it’s pre-ESU, it’s not installed & it’s not hidden. No real concerns about the DST update as I don’t live on Norfolk or Fiji Islands.

But, have a question for @abbodi86 and/or other AskWoody_MVPs in the know concerning KB4538483 …

Should non-ESU Win7 updaters now in “Group ABS” (Abbodi86’s Batch Script) be concerned about the missing ESU Licensing Prep Package KB4538483 on non-ESU systems being patched with ESU updates?

Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS

3 users thanked author for this post.

jburk07, Bluetrix, Elly

Wow, I did it!! I kept trying and then recalled that I did something similar years ago with a file named “pciclearstalecache”.

I surprised myself when I hit the zero key and it began the installation process.

I waited a long time to reboot and then let it sit another good long time before signing in. Just checked the installed updates and I see four listed with today’s date./

I am also using 0patch Pro and so far it is working fine.

WOO HOO

Thank you to everyone in this thread, PK and of course abbodi.

BTW, I have been on askwoody site for many, many years as a devoted Group B’er. I decided to join as a Plus Member recently.

"An analog kid in a digital world"

Win7 Ultimate home built desktop Running 0patch Pro

Win 8.1 desktop & two 8.1 laptops (just updated to Win 10)

Win 10 Dell desktop

and two very old home built Win XP desktops (offline for use with an old Epsom Photo scanner)

5 users thanked author for this post.

Steve, Kranium, jburk07, Elly, Bluetrix

KB4538483 is solely ment for actived ESU-license customers to recieve ESU updates via WU.
no other purpose for non-ESU users, and the update contents are already included in the Monthly Rollup.

now if you installed it and checked wsusscn2.cab again, it will still not show ESU updates (installed or not)
because WU engine check the status of active ESU license before it show the updates

3 users thanked author for this post.

jburk07, Elly, RDRguy

@abbodi86 …

Thanks, I kinda figured that but just had to ask if NOT having the ESU Prep Pkg Update installed could potentially result in unforeseen problems with having the ESU updates installed in non-ESU systems.

Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS

@Woody, with this development, I hope you didn’t buy a ESU license for 7 Semper Fi. Are you still using that machine? I also know personally that abbodi86’s other script that brings 7 ESUs through WU also works magnificently.

Win7 Home Premium 64-bit. Group B.

I just used abbodi86’s .cmd script to install the February Win7 64-bit security-only updates.

SHA2 support updates KB4490628 and KB4474419 had already been installed on my PC (in April and September, respectively, of 2019).

I put four files in an otherwise-empty folder: (1) abbodi86’s .cmd file, (2) the Feb. SSU (KB 4537829), (3) the Feb. Win7 SO update (KB 4537813), and (4) the Feb. IE SO update (KB 4537767).

Then I right-clicked on the .cmd file, chose Run as Administrator, and hit 0 in response to the opening menu.

The process took just about exactly 30 minutes. Then I rebooted, and then I ran (as Administrator) the RunOnce anti-telemetry file that the .cmd script had deposited on my desktop.

Everything seems fine, I thank abbodi86 for his assistance, and I plan to do the March updates the same way (when their time has come).

5 users thanked author for this post.

pandarunnerpt, Cybertooth, SueW, jburk07, Elly

At first:  To abbodie, many thanks for your tool !

A question:
I use the Group A scenario with rollups.
And I want to know, if I don’t update for many months,
can I restart the updates from the most recent month rollup ?
Skipping all the months in between ?

Thanks
Frankie

anonymous wrote:

And I want to know, if I don’t update for many months, can I restart the updates from the most recent month rollup ? Skipping all the months in between ?

Technically, and in normal circumstances, the answer would be Yes, since Group A Rollups are cumulative.
BUT:
+ There is no guarantee that @abbodi86 ‘s script will work next month, or the month after. Microsoft may put another roadblock in the works. They won’t be happy with people getting for free, what they are charging subscription fees for.
+ There will probably be other qualifying installs, like the SSU changing.

As long as things stay like they are, skipping monthly patches may work. But who knows??

1 user thanked author for this post.

abbodi86

Thanks PKCano,

I should have said:  “if I DIDNT update for many months” for the lasts months.
So I will update my others PCs rapidly!

Frankie

 

Be sure you have the prerequisites installed – listed above.

I have already installed the SHA2 support updates KB4490628 and KB4474419  since the time of their release (more or less). Today, I have followed the advice of PKCano in #2210327 above. After rebooting, the four new updates are now listed in my “installed updates” and everything seems to work fine up to now.

System: Win7 x64 Ultimate and “Group B”.

Note: “RunOnce_W10_Telemetry_Tasks.cmd” did not appear, probably because I have already set the script “W10Tel.cmd” to run on startup as a scheduled task. No additional telemetry related tasks or services have shown.

Many thanks to abbodi86 for the scripts he provides and the people in this forum offering their knowledge.

Tryfonas

1 user thanked author for this post.

jburk07

How does this script work with the Group A rollups?

I didn’t think you could use the rollups with the script since they aren’t individually downloaded files. Or is there another way to get the rollups besides Windows Update?

You can download the Rollups from the MS Update Catalog. Enter the KB number without the “KB” (just the numerical part) and download the one that is right for your OS version and bitedness.

Or you could use one of the download managers WUMgr, Sledghammer, etc.

[Moonbear]

Thanks, @PKcano

I didn’t realize you could get the rollups from the update catalog.

So I would need to download 4540688 and 4550735?

• This reply was modified 3 years, 2 months ago by Moonbear.

Hi, I used the script to install updates for Windows 7 and internet explorer, and I noticed two side effects:

1. after restarting, I got prompted to wait when Windows applies updates (obvious). When it ended, PC rebooted itself… and hang on black screen. Not even Bios was initiated.
   yuck… why? This is the first occurrence of such misbehaviour in 4-years lifespan of this machine… After another reset, PC booted as usually.
2. i was offered KB3118401 update. It was purposedly not-installed and hidden due to potential connection with M$ snooping, as listed in: https://msfn.org/board/topic/173752-how-to-avoid-being-upgraded-to-win-10-against-your-will/?tab=comments#comment-1097746

Did you have the prerequisites (KB4490628 and KB4474419) installed first?
Did you include the required Servicing Stack KB4550735?

KB3118401 is an update for Universal C Runtime. The MS pages say:

The Windows 10 Universal CRT is a Windows operating system component that enables CRT functionality on the Windows operating system. This update allows Windows desktop applications that depend on the Windows 10 Universal CRT release to run on earlier Windows operating systems

Servicing stack was applied, following the readme script should recognize it and install before other updates, right?

Prequisites were installed, I checked using powershell’s get-hotfix.

KB3118401 do not look like a necessary prequisite. However, if you think it should not be considered part of microsoft snoopware, I will inform original thread author from MSFN to remove it from the list.

PS past post is mine… you took me by suprise, I have never ever used forum where one can comment as a guest 🙂

Just wanted to join to say a big thank you to aboddi86 & PKcano especially for the creation of this and the help supplied to various people.

Just so Im clear, I dont use Windows 7 much anymore but do have a few boxes that its on, my old man however does still use it and I want to get him up to date. I think group A is the way I`ll go. So Ive checked the prerequisites KB4490628 and KB4474419 installed, Jan SSU [KB4531786] installed, everything done until EOL.

Downloaded the March CU [KB4540688] and the latest SSU [KB4550735] and placed them in the same folder as the extracted W7ESUI.cmd [as picture]

Now it should be a case of right click W7ESUI.cmd and “run as administrator”? I don`t need the February CU [KB4537820] or any other SSU?

Cheers

 

Mattchu wrote:

Now it should be a case of right click W7ESUI.cmd and “run as administrator”? I don`t need the February CU [KB4537820] or any other SSU?

That’s correct.
After the reboot, if it asks for one, run the RunOnce_W10_Telemetry_Tasks.cmd if it appears on your desktop to eliminate the telemetry.

Cheers PKCano, much appreciated I`ll post back with the results, just doing the first test box now 🙂

[maisy2]

I didn’t know if it was good or bad, but I too thought Rollups were better at the EOL era after being strictly security-only all these years.
Foldered: W7ESUI.cmd / KB4550735 March SSU / KB4537820 (Feb Monthly Quality Rollup)

Everything purposefully disabled in task scheduler was untouched after the Rollup install.
– or was it the Telemetry neutralize tweaks?:)
So nothing changed, although, the Installed Updates window got a clean-up albeit for a load of Microsoft .Net Frameworks; but comforting to find you can find old security-only numbers and older ssu’s if you place what you’re looking for in the upper corner search.

I hope the coming month will still allow theW7ESUI, SSU & March rollup combo to install through this brilliant development.
The ReadMe has’# for offline integration’; I had disabled WU and didn’t go offline, # for offline integration meant for the desktop RunOnce_W10_Telemetry_Tasks.cmd but was too hasty to take this into account – I shall do it offline if i get to install again next month.

Thanks to Creator of this, and wonderful and educational to read the poster’s questions and results on here. Big thank you.

• This reply was modified 3 years, 2 months ago by maisy2.
• This reply was modified 3 years, 2 months ago by Kirsty.

1 user thanked author for this post.

jburk07

@Mcinwwl
Universal C Runtime (KB3118401 or KB2999226) is part of VC++ 2015-2019 redistributable, which is used by Office 2016 and later, Firefox, Edge Chromium and others

while most of them bundle it locally, it’s best practice to have it globally installed
and it has nothing to do with telemetry or snooping

Windows 7 Home Group A

March SSU and March SMQ rollup installed with no issues

@abbodi86’s script works like a dream.

This was undoubtedly the smoothest update cycle I’ve ever done on a Windows system.

3 users thanked author for this post.

MrChaz, jburk07, Cybertooth

Hi,

I have been installing the monthly roll-ups, the last updates I see when checking for updates with WU, is the 01-2020 monthly preview.

So I understand I only need the latest march monthly roll-up and SSU, but what about the security roll-up for .NET, is that no longer being updated?

Thanks

It will be updated when .NET need security fixes

after January, all .NET updates (for other Windows) were non-security

1 user thanked author for this post.

KP

I might have missed something, for sure. But we are now in April and the MS-defcon for the March updates is still at 2 but I can’t see the reason, at least for Win 7.  After almost one month patch reliability is still unclear? Maybe now MS-defcon applies only to Win 10 updates.

Frangar non flectar

Defcon applies to all versions, but individual advice is provided for each version.

cheers, Paul

1 user thanked author for this post.

HanJohnJo

Win7 ult x64 updated normally via WU, last update 3 updates were:
Windows Malicious Software Removal Tool x64 – February 2020 (KB890830)
2020-01 Servicing Stack Update for Windows 7 for x64-based Systems (KB4536952)
2020-01 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4534310)

I have extracted W7ESUI zip into a folder, along with the following files:
windows6.1-kb4550735-x64_18117664b4a0482c3d34a2f05f70c6819296240f
windows6.1-kb4540688-x64_70ad29faea4602dfa5c3159350afe6ec86e87e52

I ran the cmd as admin, and it detected the files.

It installed kb4550735, but it didnt prompt for restart, it just said “finished” and I had to press 9 and then manually restarted.
I checked installed updates after restart and kb4550735 was there.

I then did the same again, it extracted the kb4540688 cab, but then it finished stating ” All applicable updates are detected as installed”

I tried also with the Feb SSU and Monthly rollup, but same thing.

I did install the first SSU kb4550735 while the internet was disabled, but when installing the rollup the net was enabled, would that have anything to do with it?

Also, just a note, would it be possible to not auto delete the extracted cab file or an prompt, as I tried many times, and each time it had to extract again.

thanks.

Did you have the prerequisites (KB4490628 and KB4474419) installed first?

The cab and temporary files are extracted to randomly-named temporary folder
they cannot be preserved for later usage

are you sure kb4540688 is not already installed?
did you verify the integrity of downloaded msu file?

I am a Win7 x64 Pro Group B user. I just finished using the script to install the March updates, KB4540671 and KB4541500. Everything seemed to run fine. It reported both installs were 100% successful.

However, just before it started removing the temporary files and asking me to press 9, it gave me the following message:

==== Error ====
Windows6.1-KB4541500-x64 require SSU version 6.1.7601.24548

Is that the servicing stack update KB4550735 that is also a March ESU-only update? I restarted and everything seems to be running just fine. But should I also download that update and use the script to install it?

Thank you.

KB4540671 is the IE11 Cumulative Update.
KB4541500 is the Security-only Update

You need to install the Servicing Stack KB4550735, which is REQUIRED. That must also be in the folder with the other updates.

Should I rerun the script with all 3 in the folder, or would it be okay with just KB4550735?

Thanks.

I’d put all three there just to be sure.
It’s supposed to install the SSU first.

1 user thanked author for this post.

Douglas

since we’re on defcon 3 now, do we already know if it’s “safe” to install esu updates using this script (without paid license)? or will windows 7 be not activated/”pirated” at some point in the future? i read something like this, so i’d rather ask before doing anything.

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

PKCano wrote:

Did you have the prerequisites (KB4490628 and KB4474419) installed first?

I went into installed updates and found both of them:
Update for Microsoft Windows (KB4490628)  Installed 21/03/2019
Security Update for Microsoft Windows ( KB4474419 ) Installed on 19/09/2019

abbodi86 wrote:

The cab and temporary files are extracted to randomly-named temporary folder
they cannot be preserved for later usage

are you sure kb4540688 is not already installed?
did you verify the integrity of downloaded msu file?

Just checking Installed updates again.
kb4550735 is there and also kb4537829, so the Feb ssu seems to have installed. But the rollups aren’t installing.

windows6.1-kb4540688-x64_70ad29faea4602dfa5c3159350afe6ec86e87e52.msu
sha512: D10FCB521D406564DBE2BFCA78BE9E0D95E22998A57EF204A02DE03CDF64619D3B210694F15CA351C89C39D3E992E0DB80E0C2B6AD3963395E0498D856ED5468

windows6.1-kb4537820-x64_3ee2a66a320dfe4eea2bda70bf9b5471b014f2a3.msu
sha512: F5ABF6072C73ECAD556F83F90778A04469785B5365B4941115FA8EEB76455189E550750361A239FB13AA9E7C3D1D8F5DA3CD6A1A5270B3038E9BDD934CB44FE1

BTW, windows update is still popping up showing me updates to install:
Windows Malicious Software Removal Tool x64 – March 2020 (KB890830)
2020-01 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4539601)

thanks again.

After checking the AV and other things that might be interfering, I tried again and it still gave the message “All applicable updates are detected as installed”.

So I looked over the readme a few more times, and thought I had better double check the storage space.  It was low, but I wasn’t sure how much space the final extracted files took, so I deleted some files to meet the recommended 10gb free space.

After trying once more, it finally worked, and the installation completed and the update was visible in the Installed Updates list.

Is there maybe a way to alert that there wasn’t enough storage when extracting the files during installation?  Because at the moment, even though it seems all the files were not successfully extracted, the final message was simply no update was necessary.

Shortly (~45 sec.) after running the script for the February patch batch, Bit Defender popped up an alert:

False positive? Unrelated coincidence?

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

BD is looking for activities that change Windows itself and that is exactly what the script does, so the report is correct. You can safely ignore the warning because you want Windows changed.

cheers, Paul

2 users thanked author for this post.

abbodi86, Cybertooth

Cybertooth wrote:

Shortly (~45 sec.) after running the script for the February patch batch, Bit Defender popped up an alert:

False positive? Unrelated coincidence?

 

add the script to “exclusion” or Ignore list in BitDefender

1 user thanked author for this post.

Cybertooth

You.Are.Ah.Toyyyyy wrote:

PKCano wrote:

Did you have the prerequisites (KB4490628 and KB4474419) installed first?

I went into installed updates and found both of them:
Update for Microsoft Windows (KB4490628)  Installed 21/03/2019
Security Update for Microsoft Windows ( KB4474419 ) Installed on 19/09/2019

abbodi86 wrote:

The cab and temporary files are extracted to randomly-named temporary folder
they cannot be preserved for later usage

are you sure kb4540688 is not already installed?
did you verify the integrity of downloaded msu file?

Just checking Installed updates again.
kb4550735 is there and also kb4537829, so the Feb ssu seems to have installed. But the rollups aren’t installing.

windows6.1-kb4540688-x64_70ad29faea4602dfa5c3159350afe6ec86e87e52.msu
sha512: D10FCB521D406564DBE2BFCA78BE9E0D95E22998A57EF204A02DE03CDF64619D3B210694F15CA351C89C39D3E992E0DB80E0C2B6AD3963395E0498D856ED5468

windows6.1-kb4537820-x64_3ee2a66a320dfe4eea2bda70bf9b5471b014f2a3.msu
sha512: F5ABF6072C73ECAD556F83F90778A04469785B5365B4941115FA8EEB76455189E550750361A239FB13AA9E7C3D1D8F5DA3CD6A1A5270B3038E9BDD934CB44FE1

BTW, windows update is still popping up showing me updates to install:
Windows Malicious Software Removal Tool x64 – March 2020 (KB890830)
2020-01 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4539601)

thanks again.

install the KB4539601 rollup first.

Jan. 2020 rollups (either KB4534310 or KB4539601) are also required before installing any new ESU based updates from Feb. 2020 and later

Neither KB4539601 or kb4537820 are needed, March rollup kb4540688 is enough

@You.Are.Ah.Toyyyyy
the numbers/letters before .msu extension are SHA1 hash, you should verify against that

[You.Are.Ah.Toyyyyy]

I already posted an update yesterday a few posts up, thanks.

• This reply was modified 3 years, 2 months ago by You.Are.Ah.Toyyyyy.

1 user thanked author for this post.

abbodi86

Grateful I got to install the March rollup too now that it’s April.😊 In a roundabout way this is great as I’ve finally found that the new rollup does immediately overwrite the previous month’s rollup in the Update history. – it’s no more, gone even in searching for it at the top corner. I’ve been unsure of this in updating my reset win 8.1 laptop since the start of the year. I wasn’t sure rollups overwrite instantly after new updates. This fact couldn’t be found online, leaving me wondering if my pc was malfunctioning. And it did not help that I find Ms Mvp saying in a slightly older MS answer forum that if it’s not in the Update history opposed to the Windows history that it is not installed.
Sorry for my long-windedness but I wish there was a written notation by MS to affirm this. All this for being new to cumulative rollups.😌
The Update history that was thought to be cleaned-up has reappeared whole again as well. So glad I got to do this in two parts. Thank you.

Rollups are CUMULATIVE. That means the later one contains the one(s) before. SO, once the March Rollup is installed it would be redundant to have the Fem also listed b/c it is contained in the Mar Rollup. So the Feb, Jan, Dec, Nov…. Rollups are no longer listed.

1 user thanked author for this post.

maisy2

I have 3 Win 7 laptops I have been keeping up to date. I used this wonderful script on two of them, and it went without a hitch. I moved onto the 3rd today with full confidence…

I have also been venturing into win7/kubuntu dual boot territory because of  the online implications of using win 7 for important things. This 3rd machine is the dual boot machine and my guess is that is why the update try went awry.

The cmd file displays a line about a “patchable module etc.” and then exits. Opening up a cmd window as admin and executing the script yields the same start and an exit with “syntax of the command is incorrect.” I edited the cmd file, turned of echo, and turned on debug, but my capability with command files is limited and quite rusty.

I fear this is a very lot to ask, but I was hoping that after a quick look (it doesn’t take long to exit) you might be able to suggest something simple that might help the script to get on it’s way.

Or a simple answer (understandably) is that my situation is beyond the scope of the original design intent, and is not worth the time and effort.

Thanks in advance,

Chris

Oh yes that line of thought always made sense, but checking successful installs of many, many security patches on a new laptop produced confusion, especially reference to this pre-2016 answer made it worse. Thank you so much, one less worry for sure.😊

The same thing is happening on my Windows 7 system. The command window opens, indicates that “Patchable module found: C:\Windows\system32\GDI32.dll with hash 4dd319b1e6b8a09d121ad669dbcbab95bacad64e”, and then closes. February updates ran as expected, and I have the March SSU installed, but I can’t get it to work with the March updates (security only).

[abbodi86]

Are you using 0patch?
https://0patch.zendesk.com/hc/en-us/articles/360012826660–Patchable-module-found-string-appears-in-console-based-applications

you don’t really need W7ESUI.ini for live os installation, so just delete it and try again

for some reason, the script fail to set the required variables correctly because of W7ESUI.ini presence
so it error and exit before doing anything

• This reply was modified 3 years, 2 months ago by abbodi86.
• This reply was modified 3 years, 2 months ago by abbodi86.
• This reply was modified 3 years, 2 months ago by abbodi86.

2 users thanked author for this post.

jburk07, davinci953

[abbodi86]

abbodi86 wrote:

Are you using 0patch?
https://0patch.zendesk.com/hc/en-us/articles/360012826660–Patchable-module-found-string-appears-in-console-based-applications

you don’t really need W7ESUI.ini for live os installation, so just delete it and try again

for some reason, the script fail to set the required variables correctly because of W7ESUI.ini presence
so it error and exit before doing anything

• This reply was modified 3 years, 2 months ago by abbodi86.
• This reply was modified 3 years, 2 months ago by abbodi86.
• This reply was modified 3 years, 2 months ago by abbodi86.

I (of the 3 Win 7 laptops above) AM using 0patch. A study of running them together via this thread and 0patch lead me to conclude it would probably be ok, and I tried 0patch on the 3 machines first.

Anyway, got rid of the .ini file, and the script is running and chugging along right now. Thanks for your help.

(NB: I did NOT remove the ini file on the other 2 laptops, and the script ran fine. They also have 0patch. Also the “patchable module” message was gone on the latest one — 0patch probably updated. I saw a note to that effect.)

Chris

I deleted the ini file, and the script ran as expected. Thank you much. I have 0patch installed on the system, but it’s not active. That’s probably the reason the fix didn’t get installed.

1 user thanked author for this post.

jburk07

abbodi’s suspicion that 0patch had a tie in to the script erroring out was right on.

I circled back (out of curiosity) and put the ini file back in with the cmd script, and with 0patch now fixed (according to the link posted above from 0patch.zendesk), the script runs through to asking to proceed or exit, which is past where the problem was occuring.

You are truly a wizard, sir!

Thanks for all you do.

Chris

3 users thanked author for this post.

davinci953, abbodi86, jburk07

I just downloaded W7ESUI and the March Cumulative Update (KB4540688).  I assume I do not need to install the February Cumulative Update first.

Do I need to install Service Stack Updates?

If I will need SSIs, how do I find out which ones I need?

 

You need the Servicing Stack for March.
If you read through this thread you will find the information you need.
You should also read @abbodi86 ‘s ReadMe file.

The script said it installed

KB4537828 – Feb SSU

KB4550735 – Mar SSU

KB4537820 – Feb Monthly and

KB4540688 – Mar Monthly in that order

But KB4537820 – Feb Monthly does not show up as installed in Windows Update?

The other three are there.

Monthly Rollups are CUMULATIVE.
By definition, Mar Rollup KB4540688 contains Feb Rollup KB4537820 and the preceding Rollups from Jan, Dec, Nov, etc, So it is no longer necessary to list the older Rollups (it would be redundant).

[KP]

On one PC I run and installed successfully

KB4550735 – Mar SSU
KB4540688 – Mar Monthly

in that order. There was no need to install the Feb SSU or Feb Monthly Rollup.

• This reply was modified 3 years, 2 months ago by KP.

Thanks much for all the help you give to me and everyone.

[KP]

0x800f081f – solution if this helps someone.

First, thanks to @abbodi86 for the 5-star W7ESUI.cmd .

This came about, installing patches in this order:
2020-02 Service Stack Update – KB4537829
2020-02 Monthly Rollup – KB4537820
2020-03 Service Stack Update – KB4550735
2020-03 Monthly Rollup – KB4540688

(I know I did not need to run the February SSU and February Monthly Rollup, but I did it as an experiment.)

You can see it failed on the 2020-03 Monthly Rollup – KB4540688 {Failed 0x800f081f(1).PNG}

I let Windows Update run and you can see, it installed:
.NET 4.8 KB4503548
Windows 7 Update KB2952664
2019-07 Windows 7 Update KB4493132

{WindowsUpdates for W7ESUI.PNG}

The last two are Telemetry
KB2952664 – see AKB2000004, AKB2000007
KB4493132 – see AKB2000003

My guess is that .NET 4.8 (KB4503575) allowed KB4540688 (2020-03 Monthly Rollup) to succeed using W7ESUI. This you can see in the Program&Features picture{Program&Features.PNG}.

oddities:
1) .NET 4.8 shows up as KB4503548 in Windows Update and as KB4503575 in Program&Features
2) KB4537820 (2020-02 Monthly Rollup) is missing in the Program&Features listing, as noted in previous posts.

After you get the March patches installed, you can remove the Telemetry in the following order (or not install them in the first place):

KB4493132

KB2952664

 

• This reply was modified 3 years, 2 months ago by KP.
• This reply was modified 3 years, 2 months ago by KP.
• This reply was modified 3 years, 2 months ago by KP.
• This reply was modified 3 years, 1 month ago by Kirsty.

2 users thanked author for this post.

MrChaz, Cybertooth

Just wanted to confirm the April updates installed 🙂

2 users thanked author for this post.

alpha128, abbodi86

You also need the SSU KB4550738

[Mattchu]

Cheers bud, didnt know there was an SSU update this month…

p.s. They installed fine without it anyway.

p.p.s. Installed now on 2 boxes 🙂

• This reply was modified 3 years, 1 month ago by Mattchu.
• This reply was modified 3 years, 1 month ago by Mattchu.

1 user thanked author for this post.

KP

I am on Windows 7 Home Premium 32 bit. I successfully installed SSU KB4550738 with the script and rebooted. Then I successfully installed the April 14, 2020 rollup—KB4550964. What’s weird is it did not ask me to reboot the system after installing the rollup. I checked installed updates and KB4550964 was listed. I rebooted anyway and my machine simply rebooted without configuring updates. This KB includes kernel updates so how could this install without configuring on a reboot?

just to let folks know that there’s an 0.2 version of the script available several days ago from here

(in case the very 1st post can’t be updated to point out the newest version)

3 users thanked author for this post.

MrChaz, RDRguy, Moonbear

[RDRguy]

Can anybody comment on what/why it was changed (e.g. bug fixes, new capability, etc) and whether or not we should now be using the updated 0.2 version vs the original 0.1 version?

Edit: Answered my own question …
Opened the Changelog contained in the “W7ESUI-ReadMe” file which states …

– 0.2:
added support to install SHA2 updates KB4490628 and KB4474419 if detected

That answers that 🙂

Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS

• This reply was modified 3 years, 1 month ago by RDRguy.

I was waiting to confirm that the procedure is still working with April updates, before announcing v.0.2 🙂

the second version simply add support to install SHA2 support updates, if not already installed
meaning, put msu files for KB4490628 and KB4474419 along with ESU updates msu files, and the script will install them for you first

5 users thanked author for this post.

MrChaz, KP, Mattchu, RDRguy, Cybertooth

[Moonbear]

Does that mean we don’t need the 0.2 version if we already have the SHA2 updates installed?

Or would be a good idea to go ahead and download the newer script anyway?

• This reply was modified 3 years, 1 month ago by Moonbear.

1 user thanked author for this post.

RDRguy

No urgent need
but it’s best to use the latest version, no installation needed 🙂

2 users thanked author for this post.

Moonbear, RDRguy

Any urgent need to install the April ESU updates?

No emergencies at this point. You can wait for DEFCON-3 or above (or whenever you decide to do it).

Rollups include the Security-only updates, the IE11 Cumulative update and the non-security patches.
.NET updates are not included in the Rollups.

1 user thanked author for this post.

Elly

Do Monthly Rollups include updates to IE?  How about .NET Framework?  If I remember correctly .NET Framework were separate updates in Windows Update.

How does the script W7ESUI.cmd  get added to “exclusions” in BitDefender?  No matter how I try to enter it I get an “Invalid Path” message.

So will .NET updates continue to show up in Windows Update if they are needed?

1 user thanked author for this post.

MrChaz

See the “* How to use on live OS:” section in”#2209020 above.
You should read the instructions (and the ReadMe file too).

To do this, open Settings in the BitDefender window (it’s the cog wheel at top right), then in the drop-down menu select Exclusions. From there, click on Add Exclusion and navigate to the file/folder that you want to exclude, and select it.

That’s it!

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

I got it to add but it looks like this w7esui[1].cmd.  Where did the [1] come from and what is it doing there?  Is it OK that way?

That suggests that you’ve ended up with two copies of that .CMD file in the same folder. For example, if you have a file called baberuth.jpg in your Downloads folder, and then from a USB flash drive you copy a file called baberuth.jpg onto the same Downloads folder, the file that you just copied over will have that “[1]” added to its file name so that you can tell it apart from the one you already had.

Look for the folder(s) where you’re storing the files w7esui.cmd and w7esui[1].cmd. You should discover that you have a copy of each in the same folder somewhere.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

It says I need these items

a) if you are Group A user, you need:
latest Servicing Stack Update
latest Security Monthly Rollup
latest .NET rollup

I see the SSUs that are needed listed in the docs for the Monthly Rollup.  But I can’t find anything on what .NET rollups (latest?) are needed.  Nor do I have any idea on where to find .NET rollups.

Please excuse my lack of knowledge.

 

latest .NET Rollup for Windows 7 is KB4535102 from Jan 2020 – nothing higher than that:
https://support.microsoft.com/help/4535102/

2 users thanked author for this post.

RDRguy, abbodi86

only if you have not installed the latest one

latest .NET rollup for Win7 is KB4535102 (as I said below) before “free” support for Win7 ended in mid-January 2020

Confused.  KB4535102 shows as successfully installed 1/24/2020 in update history,  but comes up as “No items match your search.” in Installed Updates.  Of course it does not come up in Windows Update.

Is it installed or is it not installed?

Should I pull it from the catalog and try installing it using W7ESUI?

Look on the MS pages for KB4535102.
KB4535102 is a .NET Rollup composed of a bundle of individual patches for each of the versions of .NET
The Rollup’s KB number will not show up in Installed Updates, but any of the individual patches that were installed will be listed.
Look under the section “Additional information about this update.” If any of those KB numbers show in Installed Updates, those are the version(s) of .NET installed on your computer that received updates.

1 user thanked author for this post.

RDRguy

KB4532945 shows in installed updates.  Now I can stop being concerned about this. Thank you.

You are very good at explaining things in a way that even I can understand.  Thank you.

1 user thanked author for this post.

Cybertooth

It’s April 27.  Is this still working?  Thanks,

The script and instructions were revised for the April updates.

PKCano – what would we do without you?  What is Defcon for the April updates for Win 7 Pro 64-bit?

The DEFCON number displayed at the top of the site applies to ALL versions of WIndows. Current month = April

Hi,
May be I am actually a dim person but I can’t work out from the instructions for th Stand alone script for Win7 ESU.

No problem with downloading the W7ESUI.cmd and W7ESUI.ini, the next part is where I fail. . . . .   what exactly does place W7ESUI.cmd next to the download files mean?
Put them all in a new folder?
I tried that and nothing happened. So I tried entering the Windows 7 update file location in  2] select updates location in the command window and the returned message is ‘specified location is not valid’.
The update is in a folder on the C: drive –  c:\win7sp1_esu\Win7SP1-kb4550964-x86

Any advice, suggestion, instruction would be most welcome.

Many thanks.

anonymous wrote:

what exactly does place W7ESUI.cmd next to the download files mean? Put them all in a new folder?

Yes, everything in the same folder then execute the script.

Yes, and I already did that to no avail. Does it not need me to enter the location of the update at line 2] of the script. But when I do that it doesn’t accept the location of the Windows7 update file, as I pointed out in the previous post (please refer back to it).

Any other suggestions?

Thank you and best regards,
Gordon

– Extract W7ESUI.cmd from the zip file, or extract the whole zip file

– Copy or move W7ESUI.cmd and place it next to (in the same folder as) the downloaded msu files
ini file W7ESUI.ini is not really necessary in this case

– Right-click on W7ESUI.cmd and “Run as administrator”

– If all goes well, you should get cmd window

– Now press the zero 0 number on keyboard to start the process

– At the end, restart the system if prompted

The wording about placing the CMD file “next to” the MSU files has generated more than one question. (I would have been added to the list had I not seen the first time it was posed.) It may help to edit the original instructions to direct the user to place the CMD file in the same folder as the MSU files; that way you won’t have to keep explaining what “next to” means.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

2 users thanked author for this post.

RDRguy, PKCano

I’m a home user with Win7 x64 pro. Just using a workgroup for the household. Am I a “Group A” user?

Thank you much!

If you have been installing the Monthly Rollups through Windows Update, you are a Group A user.

If you have been downloading from the MS Catalog and manually installing the Security-only Updates and the IE11 Cumulative Updates, you are a Group B user.

Problem solved.

Because I had changed the name of the update slightly the script was not happy with the new name.

I binned the first update file that I renamed and another original and left it as is, put it in the folder with the  W7ESUI enabler pressed the button and hey-ho it all works.

(Moral of that saga is don’t mess with stuff unecessarily)

Thank you me.

As Windows 7 and Windows Server 2008 R2 are on the same software base, is it possible to use this on Server 2008 R2 ? Any suggestions?

Is W7ESUI_0.2.ZIP the revised script for April?  Thanks.

Yes. script and instructions updated for April.

Quick questions: for Group B, can I use an earlier version of the script + instructions to apply the April updates? Or, conversely, can I use the April version of the script to apply updates for March?

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

The April version works for March and April.

1 user thanked author for this post.

Cybertooth

I just installed the March update by following your instruction “Put SSU KB4550735, all the Security-only updates, and the latest IE11 CU KB4540671 in the folder with the script. The script will install the SSU first and then the rest of the updates.”  dated March 22, 2020.

A big THANK YOU.

Yes, it will work for Server too

1 user thanked author for this post.

PKCano

Nope, the Seven Semper Fi machine is, and will continue to be, completely clean. Unless MS releases patches for the unwashed (and unpaying) masses, of course.

2 users thanked author for this post.

Kirsty, Elly

i still haven’t installed any post esu-group b windows 7 and ie patches (february, march, april) and that ssu kb4550734. if i decide to risk it this month, will that new script work through all these patches in the right order (including that ssu)?.

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

See here and here and here.
Be sure you have the prerequsites installed (see instructions at the top).
Put the script .cmd file, the latest SSU (April), the latest IE11 CU, and all SOs (Feb-April) in a folder. See #2257497.
Right-click and run the .cmd file as Admin.
Press 0 (zero) to install.
Wait till it finishes and reboot.

2 users thanked author for this post.

RDRguy, jburk07

thx, according to wmic qfe | find “…” both prerequsites kb4490628 and kb4474419 are both installed.

do we already know if there will be some disadvantages in future if we i go this route inofficially installing post-esu-patches without paying. something like os not “genuine” any more or other shenanigans this kind? i really fear installing these updates!

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

So far no problems on mine.
I’m sure @abbodi86 will handle whatever comes up 🙂

2 users thanked author for this post.

vandermeer, SueW

speaking of KB4538483, it got a recent revision this May 2020

expand the “file information” sections for all supported X86 and X64 versions to see updated files from MS support article 4538483:
https://support.microsoft.com/help/4538483/

Win7 Home Premium 64-bit. Group B.

I just used abbodi86’s .cmd script to install the April Win7 64-bit security-only updates — having previously used it for February (as described in a previous post) and March.

SHA2 support updates KB4490628 and KB4474419 had already been installed on my PC (in 2019), and I’m helping another Group B-er to install each month’s updates, so I kept things simple and stuck with the original version of the script.

I put four files in an otherwise-empty folder: (1) abbodi86’s .cmd file, (2) the April SSU (KB 4550738), (3) the April Win7 SO update (KB 4550965), and (4) the April IE SO update (KB 4550905).

Then I right-clicked on the .cmd file, chose Run as Administrator, and hit 0 in response to the opening menu.

The script took just under 30 minutes to complete, and I hit 9 at the end (as instructed) to exit.

Then I restarted Windows (also per the script’s instructions), and it was the usual more involved (“Configuring Windows updates…”) post-updates restart, and it took around 10 minutes.

Everything seems normal, and I once again thank abbodi86 for his script.

5 users thanked author for this post.

MrChaz, RDRguy, vandermeer, jburk07, SueW

[glnz]

 

WOW – IT WORKED!

Now I can update the old 7 machine in my wife’s SOHO.

THIS IS GREAT!!!

Will this work again in a month when Woody gives us Defcon 3 for the May updates?

Thanks to abbodi86 and PKCano for translating some of the details!!!

 

• This reply was modified 3 years ago by glnz.

1 user thanked author for this post.

vandermeer

glnz wrote:

Will this work again in a month

No guarantee MS won’t try to plug this gap, but details will be provided here.

cheers, Paul

[honx]

i just read about another ssu kb4550738 (april). is this covered by the 0.2 script or will it be only subject for future script version (may)?

if latter i think it’s better to wait until defcon 3 or higher for may to install all missing post-esu-updates and corresponding ssu using that script…

and will i still need march ssu as well (both ssu in same folder with that script) or only newer one?

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

• This reply was modified 3 years ago by honx.

The 2 script covers all updates to date.
The list of updates you need is in #2260529.

[Qnu]

Paul T wrote:

glnz wrote:

Will this work again in a month

No guarantee MS won’t try to plug this gap, but details will be provided here.

cheers, Paul

I think the chances are slim to none, how many people use this? A couple hundred? Not really worth the trouble to go out of your way to plug it. Also, the majority of us are using it on HOME PCs, so they are not losing money simply because we can’t even buy it. We “steal” updates we can’t pay for anyway. And Win10 is still for free as far as I know if you have a Win7 key. Correct me if I am wrong. 🙂

It’s an issue that costs MS money to fix, but gains them 0 money. Almost all business would not bother with this.

• This reply was modified 3 years ago by Qnu.

1 user thanked author for this post.

SilenceIsG0lden

Just to confirm that the May Windows 7 updates have installed using the v2 script on:

Windows 7 x64 Cumulative and Security.

Windows 7 x32 Cumulative [will be trying security layer]

Cheers…

4 users thanked author for this post.

RDRguy, alpha128, Qnu, PKCano

[Qnu]

I am on March ESU updates.

I skipped April ESU update, now with May I wanna get up to date again.

All I need is the v.02 Installer, the April SSU and the May monthly rollup, right? I am group A.

• This reply was modified 3 years ago by Qnu.

You better go ahead with May SSU KB4555449

4 users thanked author for this post.

RDRguy, alpha128, Qnu, A1ex

I installed the May SSU ok, are there some update files I need.

I would appreciate a monthly list of the required kb files for each months updating process, if that’s possible.

A1ex

See the top post in this thread.

There is also a list on the Win7 Update History site. If you click on the support pages, the SSU is listed there.

2 users thanked author for this post.

RDRguy, A1ex

Group A:
get the latest Monthly Rollup from Win7 update history
https://support.microsoft.com/en-us/help/4009469

it should also contain reference to latest SSU

Group B:
you need latest SSU, latest IE11 Cumulative, and each month Security Only update
https://www.askwoody.com/forums/topic/2000003-ongoing-list-of-group-b-monthly-updates-for-win7-and-8-1/

for .NET updates, you can foloow the blog:
https://devblogs.microsoft.com/dotnet/net-framework-may-2020-security-and-quality-rollup-updates/

5 users thanked author for this post.

RDRguy, jburk07, alpha128, A1ex, Pim

So as folks may by now know there was an “issue” with the .Net update for May, Abbodi86 has posted a solution but there was another [not sure if posted] which is easy and worked for me.

All credit to vinzf and pesho_georgiev from mdl.

Here’s how to successfully install the infamous .NET May Update:
1. Download this:
http://download.windowsupdate.com/d/msdownload/update/software/secu/2020/05/ndp48-kb4552921-x86_608b67e4011b9e103ca18deadbfc013d1c328508.exe (x86)
http://download.windowsupdate.com/d/msdownload/update/software/secu/2020/05/ndp48-kb4552921-x64_6912af0422fc16a14f4f398fda98117f1e2f01b8.exe (x64)
2. Create a shortcut of the executable.
3. Right click on the shortcut and go to Properties.
4. On the Target box, add this: /msioptions “ESU_LOCK=2D40812E-974C-4EA2-8DCC-63C992D505B9” (make sure to add a space before adding it)
5. Click Apply and OK.
6. Run the shortcut and proceed with the installation.

On the “Properties Box” of the right clicked shortcut, make sure you add the /msioptions, etc line from number 4. after the .exe that is already in the box [dont overwrite the lot].

Cheers…

4 users thanked author for this post.

pandarunnerpt, Silenus, Moonbear, RDRguy

abbodi86 wrote:

You better go ahead with May SSU KB4555449

Do I need to install the April SSU before installing the May SSU?

You need the April SSU preinstalled before you can install the May Rollup or SO/IE11 if you don’t install the May SSU at the same time as the May patches.
The May SSU will be necessary for the June patches.
But if you install the May SSU along with the May Rollup or SO/IE11, you do not need to install the April SSU first.

3 users thanked author for this post.

RDRguy, jburk07, Qnu

Thanks, so basically, May SSU, May Rollup and then run the script and it will install the SSU prior to the Rollup automatically.

[Qnu]

Reporting that I installed May Rollup, May SSU as well as NET. Framework 3.5.1 and 4.7.2 update with aforementioned methods. No issues and everything works smoothly. Thanks for all the help and assistance, as usual. 🙂

Out of curiosity: What would happen if you try to install a NET. Framework update version that you don’t have installed on your windows? I used a tool to determine which I had, it showed 3.5 and 4.7.2 so I only installed those two.

• This reply was modified 3 years ago by Qnu.
• This reply was modified 3 years ago by Qnu.

2 users thanked author for this post.

RDRguy, alpha128

It give you error message about blocked or mismatched situation

[RDRguy]

Referencing @Mattchu’s post above #2262363, a word of warning … if you copy & paste:

/msioptions “ESU_LOCK=2D40812E-974C-4EA2-8DCC-63C992D505B9”

… the ESU .NET update will fail to install & you’ll get the 643 error.

But, if you copy & paste:

/msioptions "ESU_LOCK=2D40812E-974C-4EA2-8DCC-63C992D505B9"

… from @abbodi86’s post #2262211, the ESU .NET update should install correctly.

Though both look the same, the difference is the “” marks … “” (fails) vs “” (works)

This is true for both @abbodi86’s command prompt method or @Mattchu’s shortcut method.

EDIT: when this reply is submitted for posting, both “” marks end up looking the same – probably due to @Mattchu’s post being originally submitted using “visual” text while @abbodi86’s post was submitted using plain “text” mode and now because my post contains @Mattchu’s “visual” quote marks, even though I’m submitting this post in plain text mode, after processing, it’s being posted as “visual” text so everyone’s “” marks in my post look exactly the same.

You need to actually look at both @Mattchu’s & @abbodi86’s posts to see the difference in their “” marks. Again, @Mattchu’s fails & @abbodi86’s works.

Moderator note: I’ve fixed the “correct” post so it copies correctly.

Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS

• This reply was modified 3 years ago by RDRguy.
• This reply was modified 3 years ago by Kirsty.

4 users thanked author for this post.

Microfix, Mattchu, zat_so, abbodi86

Can confirm, that happened to me too. Only abbodi86 works.

1 user thanked author for this post.

RDRguy

First of all, a sincere thank you to everyone for your informative contributions to this topic which allow us to continue staying safe while using Windows 7.

This has given me both a revelation and resulted in a few additional .NET related questions:

I have both 4.5.2 and 3.5.1 installed on my system but I ignorantly and erroneously assumed that by keeping 4.5.2 continually updated with 4.5.2 security fixes that 3.5.1 would also be updated. Oops. After checking my Windows Update history I have learned that the last time a security update to 3.5.1 was applied was with KB3163425 on July 12, 2016. (Did I say Oops?) I immediately went ahead and successfully installed 3.5.1 security only update KB4552965.

Here are my questions:

1. I assume .NET security and quality rollup updates are cumulative while .NET security only updates have to be applied successfully to get the full benefit of their intended protection, correct? While I’m OK with 4.5.2, I’m obviously way out of sync with 3.5.1.

2. What is the risk of installing the .NET security and quality rollups? Is there telemetry hidden in these updates like the regular Windows 7 security and quality rollups? I have always been a Group B user and I prefer to remain that way but I’m obviously concerned what risks are posed by not taking the appropriate sooner-than-later steps to plug the holes that are still present in 3.5.1.

Finally, rhetorically, why does Microsoft have to have such disdain towards Windows 7 users?

1 user thanked author for this post.

RDRguy

.NET rollups are free from telemetry, and they hardly cause any issues

2 users thanked author for this post.

RDRguy, 7ProSP1

.NET has never been included in Group B patching. The telemetry Group B is avoiding is in the Windows Security and Quality Monthly Rollup and in the individual telemetry patches like KB2952664.
There is no problem with installing the .NET Rollup.

2 users thanked author for this post.

RDRguy, 7ProSP1

I have updated one of my WIn7 Ultimate VMs with the MAY patches on May 17, 2020.
It have .NET 3.5.1 and 4.7 installed.

I put KB4556836 (Rollup), KB4555449 (SSU) and KB4552940 (the .msu patch for .NET 3.5.1) in a folder with @abbodi86 ‘s script. Then executed the script as admin.
I executed (as admin) the .exe patch for .NET 4.7 KB4552919 with the Bypass switches as per @abbodi86 in #2262211.

Everything installed correctly.

Update: Two more done (same versions of .NET) without problems.

5 users thanked author for this post.

alpha128, Cybertooth, RDRguy, jburk07, abbodi86

I know AKB 2000003 has never included .NET updates when there were some issued but I erroneously assumed they included telemetry of some sort.

It’s a rather unusual feeling when a Windows 7 user realizes that Microsoft is issuing quality updates that actually only include quality updates.

 

1 user thanked author for this post.

Cybertooth

I’m also running .NET 4.7, so the procedure you outlined above is exactly what I plan to do.  Glad to learn it works!

Just a question for us 0patch users….

I purchase 0patch pro in March after my one month trial. I have also installed the Win 7 ESU updates through April using the “abbodi86” method and everything seems to be running well.

The AskWoody PLUS Newsletter that arrived this morning in my inbox had and article entitled  “.NET Framework oddities and ESU issues highlight May patching”.

In it there is the recommendation to purchase an ESL key but what about those of us who have purchase 0patch pro? Are we still vulnerable?

 

"An analog kid in a digital world"

Win7 Ultimate home built desktop Running 0patch Pro

Win 8.1 desktop & two 8.1 laptops (just updated to Win 10)

Win 10 Dell desktop

and two very old home built Win XP desktops (offline for use with an old Epsom Photo scanner)

0patch would say “no, you are not vulnerable”, which is the whole point of switching to an alternative update mechanism. If 0patch misses stuff I’m sure we’ll hear about it, but in the meantime, continue to backup regularly.

cheers, Paul

1 user thanked author for this post.

analogkid

Hello,

I would really love to install the W7 ESUs, but have seen a report that they break Sandboxie.

htxxs://community.sophos.com/products/sandboxie/f/forum/119455/can-t-install-any-version-on-win7-with-windows-7-extended-security-updates-esu

Any help would be very much appreciated.

Many thanks 🙂 .

contact Sophos about the problem between Sandboxie & Win7 ESU

Hi @EP. Thanks for the reply.

Unfortunately, Sophos are no longer supporting Sandboxie. Thought I’d take a chance there might be a Sandboxie user or two hereabouts, that might be able to confirm if it works with the W7 ESUs, or not.

[glnz]

So I have now run the APRIL updates on my wife’s Win 7 Pro 64-bit PC in her SOHO.

BUT … normal Windows Update is now prompting me to install this update from 2014:

System Update Readiness Tool for Windows 7 for x64-based Systems (KB947821) [May 2014]

This tool is being offered because an inconsistency was found in the Windows servicing store which may prevent the successful installation of future updates, service packs, and software. This tool checks your computer for such inconsistencies and tries to resolve issues if found.

More information:   https://support.microsoft.com/kb/947821

I do not recall seeing anything like this when I ran the last normal Group A rollup update in January.

ALSO … just now, when I used this tool to install the April updates (KB4550738 and KB4550964), I was NOT prompted to reboot.  Is that expected?  I rebooted anyway.

Any thoughts about these two?  Thanks.

• This reply was modified 3 years ago by glnz.
• This reply was modified 2 years, 7 months ago by Kirsty.

Hide KB947821, you don’t need it.

glnz wrote:

ALSO … just now, when I used this tool to install the April updates (KB4550738 and KB4550964), I was NOT prompted to reboot. Is that expected? I rebooted anyway.

The prompt to reboot is not the one you used to see when using regular updates. It is only a line at the bottom of the Command Prompt when it finishes install telling you a reboot is necessary for the changes to take place.

PKCano – thanks again.

Just to be clear, when this special ESU tool finished installing KB4550738 and KB4550964, I did not get ANY prompt to reboot, including in the cmd window.  But since I thought these two included the April Group A rollup, I had expected a prompt somewhere to reboot.

So – was NO prompt to reboot expected for the April Group A rollup?  Or did I have the Group B security-only update only (which would be wrong for me)?

KB4550964 is the Rollup and KB4550738 is the correct SSU for April.
You did good to reboot.
Check Installed Updates to be sure both installed correctly. If so, you should be fine.

PKCano – yes – both are listed in Installed Updates.  So I feel fine!  Thanks!!!

New question – when Woody gives us the Defcon3 “go ahead” for the May updates, should we use this special tool also to install

4538483    5/9/2020   SPECIAL ESU UPDATE  (from Susan Bradley’s patch list)

Or does abbodi86’s special tool NOT need that?

KB4538483 is not needed for manual installation of ESU updates, until now at least

but it will not hurt to install it

2 users thanked author for this post.

Elly, PKCano

Cheers RDRguy, never knew the board formatted quotation marks differently in visual or plain, I will remember to do plain next time if there are any “” 🙂  It even messes up when you put 2 single quotation marks in sentences, like I`m, etc…

1 user thanked author for this post.

KP

[glnz]

Finished using this on our third and final Win 7 Pro 64-bit PC, a slow Dell Optiplex 3010.

Two odd small consequences —

1) In Belarc Advisor, the long list of installed updates to Win 7 is gone.

2) Normal Windows Update is now showing me “Update for Windows 7 for x64-based Systems (KB2952664),” whose MS article is captioned “Compatibility update for keeping Windows up-to-date in Windows 7”, and whose WUD Details say it has been superseded by numerous Monthly Security Quality Updates (rollups), including the 04-20 one I just installed using this tool.

Just a bit of static, I suppose.

• This reply was modified 3 years ago by glnz.

KB2952664 functionality has been included in the Win7 Rollup since Sept or Oct of 2018 (I think). That would supersede the any older copy of the stand-alone patch.

PKCano – I am guessing that KB2952664 has shown up because something in the special tool or the 04-2020 update deleted the long historic list of past updates, so the PC is not picking up that the superseding Monthly Security Quality Updates were installed.

Is there a way to get the old list restored to wherever it used to be?

Can you link me to the post, I don’t see it. 😮

W7ESUI don’t clean or remove any update history 🙂

KB2952664 show up in WU because of missing metadata for ESU updates

meaning, on metadata level, WU has knowledge only for 2020-01 Monthly Rollup KB4534310, but now 4534310 is superseded by the manually installed 2020-05 Monthly Rollup KB4556836
which lead to WU thinking that KB2952664 is not superseded

3 users thanked author for this post.

MrChaz, glnz, PKCano

[glnz]

abbodi86 – you are correct, and I owe you an apology.  I rechecked, and in Belarc Advisor, the long Win 7 update history has returned.

Thanks for your explanation, and thanks with BIG KISSES WITH NO SOCIAL DISTANCE for your update tool.

… And let me add that this thread is a great reason for everyone reading this to donate a little something to Askwoody, as I have.  A little something multiplied by each of us would let Woody and PKCano have a much-deserved vacation (as long as they don’t take breaks at the same time).

• This reply was modified 3 years ago by glnz.

Keep getting error 1188 “Element not found”.  KB4490628 and KB4474419 are both installed.  I tried to install kb4550738-x64 and kb4550964-x64 using the script.

Create a folder.
Put kb4550738 April SSU, kb4550964 April Rollup in the folder.
Extract W7ESUI.cmd from the zip file, or extract the whole zip file.
Copy or move W7ESUI.cmd and place it in the same folder.
Right-click on W7ESUI.cmd and “Run as administrator”
In the cmd window press 0 (zero) and wait for the script to run.
When it is finished, press 9 to exit.
Reboot the computer.

All of those were in a folder I was running from a USB drive.  I will try putting that folder on my HDD, not sure if that will make a difference.

Putting the same folder from my USB drive on my HDD did the trick.  On another PC I installed this from another partition on the same HDD with no issues, but a USB drive with >26GB of free space would not work.

Where do I need to put the bypass switch to get 4.7 to install?

Do I need to run the switch in a command prompt?

You do it the same way you do “sfc /scannow”
You run “filename /bypass”
One easy way is to make a shortcut to the file, right click on the shortcut, choose properties.
In the “target” box where it shows the file name, add the bypass switch to the end of the string.
Click OK and double click on the shortcut.

See @mattchu in #2262363.

1 user thanked author for this post.

Moonbear

Cheers, PK

You are a life saver!

The easier thing to do is pay about $25 for 0patch pro.

Sanboxie user here and I can report no problems with the latest Sbie [5.33.3] and windows 7 updates up to May, x32 and x64 using the above script. Not sure about the official ESU way though!

Good luck.

1 user thanked author for this post.

JimBean

So now that we are Defcon 4 for the May patches, I am running this installer script for KB4555449 and KB4556836 on one of my Win 7 Pro 64-bit machines.

However, Susan B also recommends
>>>>  4556399   5/12/2020   Install   .NET Framework security/quality update

When I went to download that from MS Update Catalog, the subwindow that popped up showed me at least ten sub-files, and I don’t know which one(s) to pick.  The dotnet.exe tool says I have these versions of .NET on my machine:  2.0,  3.0,  3.5 and 4.8.

So, what should I do?  Thanks.

You need KB4552940 (3.5) and KB4252921 (4.8).

KB 4556399 is a Rollup – it is a bundle of updates for the different versions of .NET.
When you go to the Catalog, instead of clicking on “Download,” click on the Namd of the update. In the popup choose “More Information.”
That will take you to the MS Support page for that Rollup and an explanation of which patch is for which version.

Thank you, PKCano.  I see what you mean.

Now, should I put those two KBs into abbodi86’s Standalone ESU tool on this thread and run it again, or should I go to the other thread about .NET and follow those odd instructions?  (And where is that again?)

See #2263345. The only difference, you will be using 4.8 in place of 4.7.

[glnz]

Just FYI that, after running abbodi86’s tool for the May updates in my third Win 7 Pro 64-bit machine (a Dell Optiplex 3010 with 8GB RAM), the May updates show in Installed Updates, but the long list of historic updates in Belarc Advisor is now mostly gone – none of the Win 7 updates show, from 2014 to now.  This has continued after a reboot, etc.

The last time, they came back after a while.  But not yet this time.

• This reply was modified 3 years ago by glnz.

Update – checked that machine again, and Belarc Advisor got back its long list of Windows 7 updates.

abbodi86 and PKCano – curious whether you might have a guess as to why this happens.

But I’m super-happy about doing these updates – many thanks again.

Hello to all member of AskWoody.com! This is my first post here, though I’ve been following this site from long ago.

I wanted to thank everyone who made and refine this tool to let us keep using our beloved OS.

I’ve never update my system since ESU came in, so here’s what I did. I put the following files in the same folder as the installer:

• February SO Update – KB4537813
• March SO Update – KB4541500
• April SO Update – KB4550965
• May SO Update – KB4556843
• May IE Update – KB4556798
• .NET 3.5.1 Update – KB4552940
• May SSU – KB4555449

then ran it as administrator. Everything went super smooth, and these updates appear on the installed list in Windows Update.

Then I’ve installed .NET 4.7 Update (KB4552919) as explained here.

Again, everything was good, and my PC seems to run perfectly fine.

I did not install March and April SSU. Do I need them?

Is there any other important update that I miss?

Thanks again!

1 user thanked author for this post.

Elly

You only need the latest (May) SSU.
Looks like you are up to date.

1 user thanked author for this post.

Silenus

[Cybertooth]

May I suggest a KB-style article that lists all of the files needed each month to keep a Windows 7 system up to date with @abbodi86’s method? This would include not only Windows and IE11 patches, but also any new .NET patches and whatever else comes down the chute–especially the SSU for the corresponding month and any new versions of the installation script.

Having everything (or at least the links for it) together in one place would save considerable time hunting around for this bit “here” and that bit “over there.” A thread such as this one that’s currently running to 257 replies may not be the most practical method for listing new files, as they inevitably get buried in an avalanche of new comments and questions.

At the very least, it would be helpful to formally and regularly post availability of, and links for, the new SSU in a predictable place. The reason I’m asking is that two days ago, I installed the May patches on a Win7 laptop without problems. But today I used the same folder containing the same files (copied over, of course) on a different Win7 machine, and the installation kept failing. Eventually, I discovered somehow that another new SSU had been released, and put that in the folder for May, and then the installation worked. But then, why did the installation of the same set of patches (minus the May SSU) work just fine on the first laptop?

The greatest benefit IMO would come from posting announcements and links to each month’s new SSU in a fixed location. If this is already taking place, please let me know the page so that I can bookmark it.

Thank you.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

• This reply was modified 3 years ago by Cybertooth.

4 users thanked author for this post.

Pierre77, A1ex, jburk07, Moonbear

Any help here would be appreciated – I have been able to install all updates up to May 2020 on Win7 x86  ( old machine ) However now when I run W7ESUI.cmd ( 0.2 version) it won’t accept the 0 to proceed with install ( but it will accept 9 to exit )….I am running 0patch (free) as well – I have tried disabling it to run the command with the same result…any ideas would be very appreciated ( the keyboard works fine )

Thanks

[PKCano]

You need to wait on the installation of the June patches until @abbodi86 has a chance to evaluate the situation. DO NOT try to install the June patches yet.

UPDATE: It appears that W7ESUI_0.2 still works for June patches.

• This reply was modified 2 years, 12 months ago by PKCano.
• This reply was modified 2 years, 12 months ago by Kirsty.

2 users thanked author for this post.

MrChaz, WSandrewcee

The script won’t proceed if required options are not met, specially “updates location”

can you post screenshoot of cmd window?

1 user thanked author for this post.

WSandrewcee

[EP]

Here from MS Update Catalog, Qnu. KB4538483 is only available from the MS Catalog site & WSUS and not available thru Windows Update

manually download the 5-5-2020 version of KB4538483 for your Win7 system, install it and reboot

• This reply was modified 2 years, 12 months ago by EP.
• This reply was modified 2 years, 12 months ago by EP.

see if this helps, Larry B

[alpha128]

“May I suggest a KB-style article that lists all of the files needed each month to keep a Windows 7 system up to date with @abbodi86‘s method? This would include not only Windows and IE11 patches, but also any new .NET patches and whatever else comes down the chute–especially the SSU for the corresponding month… – Cybertooth”

Plus Members like us can use Susan Bradley’s month-end master patch list for this purpose, e.g., 2020-05-29-Pre-Win10-Updates-.pdf

Susan’s file includes links to the Microsoft support pages for all the various patches.  That’s what I used to locate and download the appropriate 2020-05 updates from the Microsoft Update catalog.

• This reply was modified 2 years, 12 months ago by alpha128.
• This reply was modified 2 years, 12 months ago by alpha128.
• This reply was modified 2 years, 12 months ago by alpha128.

1 user thanked author for this post.

Cybertooth

Thanks @alpha128, the Master Patch List does give all the MS patches for the month, and that’s good. However, note that using this method involves:

1. Visiting the Master Patch List page, from where one then
2. Clicks on the link for the PDF list, which contains links that
3. Lead one to a MS Support page that still doesn’t provide a download link to the actual patches (example). You need to look around the page to locate the link for the listings to that patch on the MS Update Catalog, then
4. Click on that link, and then finally once on the Update Catalog listings
5. Click on the download link for the patch.

This is a rather more cumbersome process than, for example, the AKB2000003 page for Group W patchers, which not only lists the patches but also provides direct links to the patches on the MS Update Catalog. Relative to the Master Patch List procedure, this saves three steps (clicking on a PDF, then clicking on a MS Support page, then clicking to reach the Update Catalog list).

And of course, the Master Patch List doesn’t mention updated versions of the W7ESUI script, of which there have now been two versions and doubtlessly will be more in the future. So this still involves looking in a variety of places for all the parts.

Remember, the suggestion is to have a single place listing everything that’s needed to keep Windows 7 patched. Basically, a page that combines the completeness of the Master Patch List with the simplicity of the AKB system–and throws in the W7ESUI to boot.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

When I try that ( shift+right click ” copy as path ” to the folder ) it says “specified location is not valid”

Have any of you looked at the first post in the Patch Tuesday Main Blog thread?
Most of what you need is listed there with download links.

That happens every month, thank you very much.

2 users thanked author for this post.

Elly, SueW

All the update files need to be in the same folder as W7ESUI. If not you need to specify the location of the update files.

cheers, Paul

Just wanted to confirm the June updates worked for me using the V2 script [not tried the V1].

Win7 x64 and x32 Security + cumulative all installed fine 🙂

Couldn`t find a June SSU for Windows 7

Matt

1 user thanked author for this post.

KP

See https://www.askwoody.com/forums/topic/june-2020-patch-tuesday-rolls-out/#post-2270882

2 users thanked author for this post.

KP, Mattchu

“Remember, the suggestion is to have a single place listing everything that’s needed to keep Windows 7 patched. Basically, a page that combines the completeness of the Master Patch List with the simplicity of the AKB system–and throws in the W7ESUI to boot.” – Cybertooth

The procedure I outlined above isn’t that onerous.  A find for the word “catalog” on each support page takes you right to the updates you need.

For April, I just searched the Update Catalog for “2020-04 Windows 7 x64” and was able to easily find the needed patches.  But a search for “2020-05 Windows 7 x64” produced a long confusing list, and I discovered that using the Master Patch list for this purpose is much easier.

About the only thing the Master Patch list lacks is info about the W7ESUI script itself, so I just check the opening post of this thread for updates to the script.

Cheers bud, I did a search but couldn`t see any after May…Got to run the script several times again now, but hey ho… 🙂

https://www.askwoody.com/forums/topic/june-2020-patch-tuesday-rolls-out/#post-2270882

1 user thanked author for this post.

SueW

https://www.askwoody.com/forums/topic/june-2020-patch-tuesday-rolls-out/#post-2270882

1 user thanked author for this post.

SueW

https://www.askwoody.com/forums/topic/june-2020-patch-tuesday-rolls-out/#post-2270882

1 user thanked author for this post.

SueW

Paul T wrote:

All the update files need to be in the same folder as W7ESUI. If not you need to specify the location of the update files.

cheers, Paul

They are – there are 2 update files and the installer .cmd in that folder ( and only that )

PKCano wrote:

Have any of you looked at the first post in the Patch Tuesday Main Blog thread? Most of what you need is listed there with download links.

The answer to the question is, “No.”  🙂  Reason is, I wait for Woody to set the MS-DEFCON level above 2. But then, by the time that happens, the blog post announcing the patches, and its associated discussion thread, are long since buried in the silt of newer posts.

And one would still have to find out if there is an updated W7ESUI script.

That’s why it would be preferable to have a single place that puts all of this together. Heck, I’d even be willing to do the work myself, to save others the effort of gathering the parts every month. But again, like an AKB it would have to be a singular, fixed location where users know they can go to each month for the needed information.

The idea is to make it as easy and convenient as possible for the user to get this done.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Do you have the May SSU KB4555449 installed? It is a prereq for the June patches.
If all are in the same folder, in an elevated Command Prompt, all you have to do is press 0 (zero). You don’t have to change any of the other settings.

The updated script is always HERE.
The patches for the month are released on Patch Tuesday.
If you want a list of the patches, look on the Patch Tuesday for the month you want the patches.
As a matter of fact, you could even download them and save them (in the folder you intend to use for the updates) on Patch Tuesday, then wait for the DEFCON to change.

[SueW]

@Mattchu, PK included the link in her response to you as it contains the June SSU download links. Just download whichever ‘bittedness’ you need and add it to the folder along with your script.

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

• This reply was modified 2 years, 12 months ago by SueW.

1 user thanked author for this post.

Mattchu

Whew.
A big ‘thank you’ to abbodi86 for this installer.
One of the major disruptions of the COVID-19 pandemic was that the “Stay at home” command meant I could not go to a venue to download these Windows® 7 ESU patches. Yes people, the only connection from the abode here to the Internet is a v.92 one.
No way I could download all of these patches (or for that matter, the newest versions of Firefox and TorBrowser) in any semblance of reasonable time.
The pandemic even shut down the Chicago Public Library branch where I could (and have) do this.
I’m keenly considering writing my Aldercritter. Yes, he has a few more crucial items now on his list, but I will allege that broadband internet connectivity is a utility, necessary as much as electricity and home heating. It is pathetic that the choices for broadband connectivity here is limited to corporations earning windfall profits for their abysmal product; laden with impossible to avoid fees, requiring two-year contracts, and dramatically escalating monthly charges with ‘cancellation‘ fees equal to the cost of the service if the contract was not cancelled.
I was without broadband internet access for 90 days. This past week, the Library finally reopened. Thankfully, it was not vandalized. However, due to its closed-air circulation, a patron is limited to one hour inside.
Downloading all these updates via the Library’s wi-fi network (onto a flash drive inserted into my Windows® 8.1 laptop) took 57:36. Yikes.
Bringing it back here and setting it up to execute was simple to follow. I have put prior updates from Microsoft into a specified folder, and that is where abbodi86’s script and the seventeen patches (February [Win7], March, April, May) went. I would have downloaded June’s, but owing to how little time I had left, did not.
The program ran exactly as described. (I also enjoyed the magenta text.)
Here is the picture of the patches installed on this Windows® 7 computer
(I also installed the regular patches on Windows® 8.1; but they are not shown in this picture.) This computer is finally caught up.

Mod edit: Pic now removed as external link target has changed.

Important links you can use, without the monetization pitch = https://pqrs-ltd.xyz/bookmark4.html

4 users thanked author for this post.

MrChaz, Microfix, abbodi86, Bill C.

That’s a good idea, I did just that because I usually wait 1 month before installing. 🙂

After an image backup, I gave this a try..
RESULT! x86Pro Test

Note for @abbodi86; close attention to screenshot above – minor really, Telemetry script didn’t appear on desktop upon douuble restart (no biggie) using the sandscript 😉

May the force AND your god be with you always!

Keeping IT Lean, Clean and Mean!

2 users thanked author for this post.

MrChaz, abbodi86

Hi,

W7 HP x64, W7ESUI_0.2.

Installed:

• Jun Service Stack update
• Jun IE cumulative update
• Feb – Jun SO updates
• May .NET 3.5.1 SO update

Everything ran super smooth, took about 25 mins. After reboot, ran  the Telemetry script.

No problems to report. Very happy 🙂 .

A thousand thanks, @abbodi86.

-JB

1 user thanked author for this post.

MrChaz

Is the a way to tell if we need any of the .NET patches every month?

I ask since it seems highly likely that going forward we won’t be able to simply install the ESU script anymore, so if at all possible I’d dearly love the option to just skip them.

If the updates are optional non-Security patches, it probably is not necessary to install them.

If the updates are rated important = Security patches, I would recommend installing them.

1 user thanked author for this post.

Moonbear

That’s exactly what I’m talking about.

How do you tell if the update is recommended or not?

It should have “Security” in the title if that’s what it is. Like “Security Rollup.” You can also look at the MS Support pages for information.

2 users thanked author for this post.

Microfix, Moonbear

Have a look at Susan Bradley’s Master Patch list.
For instance: the last security/quality .net was in May kb4556399 and with this KB you can go directly to it in the catalog to download.
Listings of just May updates excel/pdf/html
Listings for that particular month shows what you need.

Keeping IT Lean, Clean and Mean!

1 user thanked author for this post.

Moonbear

I’m intrigued now, our trusty Windows 7 Pro 32bit is patched up to the end of january 2020 running with a third party antivirus avira. Would it be advisable to disconnect from the internet and disable the antivirus before attempting this to avoid any security interference?

I would image the system before attempting as a keeper for the future.

illegitimi Non Carborundum

Disconnecting from the Internet is OK after you download the updates from the Catalog. Be sure you have either 1. all Security-only updates plus the latest IE11 CU (see AKB2000003) or 2. the latest Rollup. You will also need the latest Servicing Stack.

Disabling the AV is probably not necessary if it hasn’t given you any problems with updating in the past. But it certainly wouldn’t hurt to do it.

There is no point disconnecting as you are not turning off your standard protections.
Turning off AV for the duration doesn’t mean your machine will rush off to download a bunch of bad files, unless you tell it to. 🙂

cheers, Paul

1 user thanked author for this post.

abbodi86

 

All – Happy and relentlessly safe Fourth!

I imagine we’ll soon see Woody’s DefCon “Go Ahead” for the June updates to Win 7.  Susan Bradley has already indicated corporate users can go ahead.

Will aboddi86’s fabulous method work again?  Also the .NET method?

Thanks!

 

1 user thanked author for this post.

SueW

@abbodi66 ‘s script work with the June updates. We’re just waiting on the DEFCON go-ahead from Woody.

2 users thanked author for this post.

jburk07, SueW

Susan Bradley’s latest Master Patch list already gave the go-ahead on the June updates.  So, on July 2nd, I used the script to install 2020-06 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4561643) and 2020-06 Servicing stack update (KB4562030).

No problems with either the script or the updates it installed.

 

1 user thanked author for this post.

jburk07

alpha128 wrote:

Susan Bradley’s latest Master Patch list already gave the go-ahead on the June updates.

Susan Bradley’s OK is aimed at Businesses which have an IT department to thoroughly test monthly patches.
Woody’s DefCon is aimed at small SMBs, home users…and June updates are still at Defcon = 2.

The MS DEFCON rating is one size fits all, while Susan’s Master Patch List is version and patch specific.

You can wait if you want.

But after waiting for almost a month, with Susan’s recommendation, and a three day holiday weekend, I went ahead.

 

On our spare (test) Win 7 Pro 64-bit machine, I have just now installed KB4562030, KB4561603 and KB4561643.

Thank you again abbodi86 and PKCano!!!  And Woody for making this all possible.  And Woody’s mom for making Woody possible !!!

Reminder to all to donate!!!  I did, and it’s certainly worth it.

 

2 users thanked author for this post.

jburk07, SueW

glnz wrote:
On our spare (test) Win 7 Pro 64-bit machine, I have just now installed KB4562030, KB4561603 and KB4561643.

KB4561603 is Jun’20 Cumulative Security Update for IE.
KB4561643 is Jun’20 Cumulative Update/Monthly Rollup for Win7.

Unless I’m mistaken, if you installed (or planned to install) KB4561643, then KB4561603 should be redundant and so shouldn’t need to be installed.

Hope this helps.

You are correct. The IE11 CU is included in the Rollup. You only need it if you install the Security-only Updates following Group B.

Win7 Home Premium 64-bit. Group B.

I neglected to report on the May updates, which I successfully installed using abbodi86’s script. That install also included the May .NET update — as a two-part task, with the script updating the older .NET versions and the separate .exe file we were linked to updating the bigger-than-4 .NET version. Or maybe it was the other way round; it’s been a month. In any case, I’m glad there isn’t a recommended .NET update every month.

In fresher news, I have just installed the June SSU, Win7 update and IE update using abbodi86’s script — Version 1! (I’m old fashioned) — and all seems normal. Including the post-installation reboot, the whole process took around 35 minutes.

The one little burp that’s maybe worth mentioning is that, as part of that post-installation reboot, I got a black screen that hung in there for quite a while, and for most (I think) of that time, there was a small message box in the upper left that said, “Setting up personalized settings for Windows Desktop Update.” I don’t recall ever seeing that message before, in any context — but in any case, the black screen yielded to my desktop after two or three minutes. And a while later I did another reboot, and it was completely normal.

And I once again thank abbodi86 for his script.

3 users thanked author for this post.

pandarunnerpt, SueW, jburk07

Are there a June updates to NET Framework?  Specifically version(s) 3.5 and/or 4.8.

No .NET updates for June.

1 user thanked author for this post.

jburk07

While planning to do the June updates for my Windows 7 system, I have just noticed that W7ESUI_0.2 is available. Hitherto, ever since the February updates, I have been using W7ESUI_0.1.

I presume that there is no problem switching to use W7ESUI_0.2 for the June updates instead of using W7ESUI_0.1?

And I apologise if this is a daft question but is there any way of being informed when a new version of W7ESUI.cmd becomes available? Or is it simply a matter of inspecting this topic every month before doing my updates?

Use W7ESUI_0.2 – it is not updated every month, only when necessary. So you have to keep watching.
I think W7ESUI_0.2 covers .NET 3.5, but you have to install the later .NETs manually using the switch after the file. See @Mattchu ‘s post #2262363 for an easy way to do this.

2 users thanked author for this post.

abbodi86, TonyC

Thank you for the reply.

My Windows 7 system has only .NET 3.5.1 and, last month (for the May updates), W7ESUI_0.1 installed KB4552940 (the Security and Quality Rollup for .NET 3.5.1) without any problem. So I don’t need to worry about the later versions of .NET.

Anyway, for the June updates, I will use W7ESUI_0.2.

Results for June 2020 Windows 7 patching:

Win7 Home Premium x64:

After the regular image backup, used abbodi86’s script to install the June Rollup KB4561643 and June SSU KB4562030. Took about 10 minutes including the restart and both patches are showing up in Installed Updates.

I’m using primarily Linux Mint these days but I still occasionally need to use Windows 7 online. It’s great to be as up-to-date as possible. Thanks to abbodi86 and PKCano for all your help on this!

Linux Mint Cinnamon 19.3
Group A:
Win7 Pro x64 SP1 Haswell, 0patch Pro, dual boot with Linux, mostly offline
Win7 Home Premium x64 SP1 Ivy Bridge, 0patch Pro, mostly offline
Win 10 Pro x64 v22H2 Ivy Bridge, dual boot with Linux

2 users thanked author for this post.

Microfix, SueW

Feedback: Downloaded respective kb’s for my system from the catalog and disconnected from the internet. I then disabled the AV and other security measures and continued to carried out the whole procedure as instructed above by abbodi86. (May) SSU and dotnet security patch, (June) monthly security and quality patch and SSU

Thank you sir, my reliable and trusty windows 7 lives on until hardware or MS decides.

illegitimi Non Carborundum

1 user thanked author for this post.

Cybertooth

July updates installed successfully with the script. x64 Security [KB4565479 + KB4565539] and Cumulative [KB4565524] and x86 Cumalitive [KB4565524] done so far with no issues.

Latest SSU [KB4565354] installed as well.

Just the .net one to do now.

6 users thanked author for this post.

A1ex, jburk07, Qnu, KP, PKCano, Microfix

The 3.5.1 should work with the script again, right? Can someone post the “code” again to install the update for the 4.7.2 .net framework?

July patches KB4566466 for security only (askwoody group B)
and KB4566517 for Security and monthly quality (askwoody Group A) 4.7.2 dotnet
Remember to download the one that matches your OS x64 for 64bit or x86 for 32bit.

Keeping IT Lean, Clean and Mean!

filename.exe /msioptions "ESU_LOCK=2D40812E-974C-4EA2-8DCC-63C992D505B9"

UPDATE: See post #2280539 below:

The ESU_LOCK workaround is removed and no longer working

4 users thanked author for this post.

alpha128, jburk07, 7ProSP1, Moonbear

[Qnu]

Do you know why there are 2 versions for it in the KB4566517?

windows6.1-kb4019990-x64_35cc310e81ef23439ba0ec1f11d7b71dd34adfe5.msu

windows6.1-kb4565612-v2-x64_0b0093d044fe0b7bd96f45a9653be0375c7b7e97.msu

The bottom one has “v2”.

• This reply was modified 2 years, 10 months ago by Qnu.

KB4019990 is D3DCompiler_47.dll component update companion for .NET 4.8/4.7.2

it should already be installed with .NET 4.8/4.7.2

2 users thanked author for this post.

Elly, PKCano

Is anyone having issues installing the Security Only update for .NET Framework v4.5.2?

I have followed the above instructions to the T (just like when the May Security Only .NET update for v4.5.2 was installed) but this time I keep getting a fatal error during installation message stating installation failed with error code: (0x80070643).

If it makes any difference, I successfully installed the Security Only .NET update for v3.5.1 just prior to this.

The ESU_LOCK workaround is removed and no longer working

2 users thanked author for this post.

jburk07, 7ProSP1

A-ha. It’s been driving me nuts trying to figure out what the problem might be, so this explains everything.

I am confident, as I type this, there are great minds working on a fix to allow for the continued successful installation of security only .NET updates that relied on the previous ESU_WORKAROUND.

Oops, I meant ESU_LOCK workaround (not ESU_WORKAROUND) above.

Also, I noticed when downloading the Security Only .NET update for v4.5.2 (KB4565583) that a file named 32114089_6572f8ca4563143988d5e724d4632a35703c0975.cab was also presented. Is it necessary to download this as well and, if so, what does it do?

those cab files are WU metadata, not needed for us, they accidentally included them in MU catalog download

—

there is no alternative for ESU_LOCK workaround, except using BypassESU v7
not to be discussed here 🙂

1 user thanked author for this post.

pandarunnerpt

Can you give any possible insight into why MS is targeting the ..NET updates as the ones to mess with?

Just to be sure: The 3.5.1 update should still work with your script since it didn’t rely on the workaround before, right?

I believe the 3.5.1 .NET (.msu file) should install with the CU and SSU. The later versions of .NET (.exe files) will not install.

2 users thanked author for this post.

Microfix, Qnu

I have 3.5.1 and 4.7.2, so having one update is better than none I guess. But seems like I have to switch to Win10 soon, if I can’t get the 4.7.2 update to work. 🙁

0Patch is an alternative to Microsoft updating. Check it out.

1 user thanked author for this post.

Pierre77

[7ProSP1]

Yes indeed, that is my experience exactly as the v3.5.1 .NET Security Only (.msu file) installed successfully while the later version of .NET (.exe file, v4.5.2 Security Only in my case) would not install.

Interestingly, I had neither the June nor July SSU installed and the v3.5.1 .NET Security Only update installed just fine using the May SSU.

YMMV, I suppose.

• This reply was modified 2 years, 10 months ago by 7ProSP1.

It’s not targeting particularly
they put same effort to validate ESU licenses in both Windows and .NET 4 updates

but the design of Windows updates and WinSxS component store, allowed us to find a way to suppress the validation check
that’s cannot be done with .NET 4 updates

there are two ways to bypass the validation for .NET 4
1- use external BypassESU hook
2- create administrative installation including the updates

the first one allow to install .NET 4 updates directly
while the second way require uninstalling .NET 4 Framework, then reinstall the created updated pack

3 users thanked author for this post.

Microfix, Moonbear, PKCano

Option 2 sounds like it’d be way above my pay-grade.

The thought of uninstalling anything as deep in the system as a .NET package makes me very nervous.

I thought the ESU bypass for the .NET updates wasn’t working anymore?

The built-in workaround in May .NET 4 updates is the one not working anymore

.NET 4 ESU Bypass is external tool, was and still working

1 user thanked author for this post.

Moonbear

Is there any chance of a new workaround like the one for the May updates?

I already listed the only two ways

2 users thanked author for this post.

Moonbear, Microfix

If I were to begin using 0patch PRO, will I still need to install the monthly updates?

No. 0Patch pro takes care of any Windows 7 and even 3rd party software, updates.

1 user thanked author for this post.

Moonbear

[Microfix]

Using the external BypassESU hook works for x86 with all pre-requesits 🙂
however, on x64 with all pre-requesits, it fails 🙁
screenshot of x86 post unhook:

EDIT 21st July: Winx64 .NET update succesful on 2 devices over the w/end, happy days!

Keeping IT Lean, Clean and Mean!

• This reply was modified 2 years, 10 months ago by Microfix.
• This reply was modified 2 years, 10 months ago by Microfix.

1 user thanked author for this post.

jburk07

Thank you for this script.

Well written also as I had Malwarebytes block it as ransomware (had to exclude it) when it was nearly complete (during the cleanup stage) so I had to run it again. It was much faster the second go around as it recognized what was previously installed so basically just double checked everything and then picked up where it left off.

I did notice for me, that the neutralize telemetry run once file didn’t catch everything so did some additional cleanup based on the other thread here and the other wintel file also.

One question, I noticed in Event Viewer a couple of listings for the following. These are as expected for some of the patches (I hadn’t updated since February)?

Reservation for namespace identified by URL prefix http://+:80/Temporary_Listen_Addresses/ was successfully added.
Reservation for namespace identified by URL prefix http://*:2869/ was successfully added.

It seems normal events
https://kb.eventtracker.com/evtpass/evtpages/EventId_15007_Microsoft-Windows-HttpEvent_61955.asp

1 user thanked author for this post.

Guest

[PKCano]

Successfully installed the Rollup, the SSU, .NET 3.5 on both 32-bit and 64-bit Win7 Pro SP1 using W7ESUI_0.2.
Successfully installed .NET 4.7 (KB4565623 v4.6-4.7.2) on both 32-bit and 64-bit Win7 Pro SP1 using dotNetFx4_ESU_Installer.

I created two folders in the root of the C: drive, one for the OS and .NET 3.5 updates, one for the .NET 4.7.2 updates, along with the .cmd that was applicable.
I installed the Rollup, SSU, and .NET 3.5 first, then without rebooting, installed .NET 4.7.2.
After the install completed, I rebooted and verified the successful install.
Removed the install folders from the C: drive.

Correction: I was mistaken. On a second inspection, I realize the 64-bit KB4565623 for .NET 4.6-4.7.2 did NOT install.

• This reply was modified 2 years, 10 months ago by PKCano.
• This reply was modified 2 years, 10 months ago by Kirsty.

3 users thanked author for this post.

SueW, Elly, KP

I did not know about dotNetFx4_ESU_Installer. Here is a link to it:

https://host-a.net/f/247682-dotnetfx4esuinstallerzip . You can also find it via a Google search.

1 user thanked author for this post.

SueW

dotNetFx4_ESU_Installer is just automated script for the ESU_LOCK workaround, which no longer works for July updates

As mentioned previously, this has been my experience exactly.

How were you able to get your .NET 4.7.2 update to install using the dotNetFx4_ESU_Installer on 64 bit Windows 7 as you described above, @PKCano?

As I understand it, there’s no issue installing the July .NET 4.x updates on 32 bit versions of Windows 7, only the 64 bit variety, correct?

ok, I managed to get the x64 .NET 4.5.2 in for July on two devices.
How I done it was:
Restarted the device and do absolutely nothing other than:
go to services, stop BITS, Cryptographic Services and WU whilst offline.
then use the dotNetFx4_ESU_Installer and do everything in the readme file as admin
even install the .exe as admin.
Worked a treat here 🙂

Keeping IT Lean, Clean and Mean!

@Microfix:

Using Windows 7 x64, I followed your steps exactly as you listed them and after the dotNetFx4_ESU_Installer finished doing its thing, it said “done”; however, upon going to Windows Update → View update history → Installed Updates, the .NET update for 4.x is, in fact, NOT listed.

Thinking I did something wrong, I rebooted and re-did the steps with the same result but this time I noticed the word “rollback” flashed very quickly in the bottom left corner of the Microsoft .NET framework installer screen.

An error screen is not shown using the dotNetFx4_ESU_Installer script (as when you try to install the .NET 4.x updates manually using the filename.exe /msioptions “ESU_LOCK=2D40812E-974C-4EA2-8DCC-63C992D505B9” command), so anyone would conclude the installation was successful; unfortunately, this is not the case and, as @abbodi86 stated above, “dotNetFx4_ESU_Installer… no longer works for July updates.”

Microsoft is supposedly working on a fix to allow for the successful installation of the July .NET 4.x updates on Windows 7 x64 systems as they are failing on all of them at the moment. Maybe @abbodi86 will beat them to the punch. 🙂

Looks like you checked the wrong thing as WU isn’t reliable for checking updates installed.
check control panel> Programs Features> Installed updates instead.
The ESU_Lock no longer works for July, it’s stated further up this thread but the dotNetFx4_ESU_Installer does work! see #2282005 🙂

Keeping IT Lean, Clean and Mean!

[7ProSP1]

In my above post, I went into Control Panel → Windows Update → View update history → Installed Updates (which brings me to the same screen as Control Panel → Programs Features → Installed updates) and Under Microsoft .NET Framework, and after following all your helpful steps and advice, the July update is still NOT listed.

I don’t understand where I’m going wrong or what I’m doing wrong. If you don’t mind, could you please check your Installed Updates and/or provide a screenshot of your successful July .NET update install?

• This reply was modified 2 years, 10 months ago by 7ProSP1. Reason: fixed typo
• This reply was modified 2 years, 10 months ago by 7ProSP1.

Happily 🙂

Keeping IT Lean, Clean and Mean!

[7ProSP1]

I notice in your screenshot that you installed the Security and Quality Rollups for all your installed .NET updates, while I have only installed and am trying to install the Security Only .NET update for July (KB4565583).

I wonder if this difference is what may be causing my issue?

It would be helpful if someone else here could try to duplicate the same result.

• This reply was modified 2 years, 10 months ago by 7ProSP1.

Go into Control Panel click Windows Update then look at the bottom and click Installed Updates.

That will show you the list @Microfix is talking about.

Hope this helps.

I did what you said @Moonbear and the last .NET update I have installed is the Security Update for Microsoft .NET Framework 4.5.2 (KB4552952) on 05/14/2020.

The July Security Update for Microsoft .NET Framework 4.5.2 (KB4565583) did not/will not install for me using the dotNetFx4_ESU_Installer.

Microfix wrote:

check control panel> Programs Features> Installed updates instead.

really! lol

@PKCano will be along shortly to verify my findings and methodology 🙂

Keeping IT Lean, Clean and Mean!

OK, I have checked this three ways now:

Control Panel → Windows Update → View update history → Installed Updates

Control Panel → Programs Features → Installed Updates

Control Panel → Windows Update → Installed Updates (in the bottom left corner)

The results, after following @Microfix ‘s steps, all tell me the exact same thing:

The last .NET update I have installed is the Security Update for Microsoft .NET Framework 4.5.2 (KB4552952) on 05/14/2020.

Hi to all.

7ProSP1, I have your same problem while using the script.

I tried to apply Microfix’s advice, but the installation log file still report error 1603.

I’m on a 32 bit machine.

1 user thanked author for this post.

7ProSP1

On July 23, 2020, update KB4565583 v2 was released to replace v1 for .NET Framework 4.5.2 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and Windows Server 2008 SP2. The v1 update did not install for customers who had certain ESU configurations. The v2 update corrects the issue for customers who could not install the v1 update.

Source: https://support.microsoft.com/en-us/help/4565583/kb4565583

Remember, v1 needed some workarounds v2 may not??
so you’re on your own here at MS-Defcon2

Keeping IT Lean, Clean and Mean!

1 user thanked author for this post.

abbodi86

There were version-2 for all the Win7 .NET updates (Rollup and Security-only, 4.5.2 to 4.8) released on 7/23/2020.

1 user thanked author for this post.

Microfix

Yes, that was only an example of what the MS support document states across all versions so that everyone could quickly view it.

Keeping IT Lean, Clean and Mean!

Despite MS re-issuing all July .NET 4.x patches and following all steps and instructions here:

Installation Did Not Succeed.

Software update KB4565583 has not been installed because:

Fatal error during installation.

MSI returned 0x643
Entering Function: MspInstallerT >::Rollback

I would appreciate it if anyone else could report their results.

I don’t know how you managed to get your July .NET update to install successfully, @Microfix, but I’m sure glad you were able to. 🙂

Non-ESU users cannot install the .NET updates without external bypass

3 users thanked author for this post.

SueW, Elly, Microfix

[7ProSP1]

I finally got the original version 1 of KB4565583 to successfully install using your revised dotNetFx4_ESU_Installer.

• This reply was modified 2 years, 10 months ago by 7ProSP1. Reason: fixed typo
• This reply was modified 2 years, 10 months ago by 7ProSP1.

Link for the revised dotNetFx4_ESU_Installer please.

A browser search will find it.

anonymous wrote:

A browser search will find it.

Typed in “revised dotNetFx4_ESU_Installer”

found 3 links with nothing of help.

Search on “dotNetFx4_ESU_Installer”
The name of the file is dotNetFx4_ESU_Installer_r

2 users thanked author for this post.

jburk07, alpha128

I found it.

The ReadMe.txt says, “Extract the zip file contents to a folder with simple path.”  What constitutes a simple path?  Is something like “2020-07-DotNet4” simple enough?

alpha128 wrote:
What constitutes a simple path?

Maybe something like this?
c:\temp\

Or maybe this?
c:\dnfx4\

Hope this helps.

A simple path would be any folder 1 or 2 levels deep in the drive’s root directory like c:\DotNet4 or maybe even c:\ESU\DotNet4 but c:\2020-07-DotNet4 would work just fine.

A not so simple path might be a folder several levels deep and include spaces in the folders or sub-folders name(s) like c:\folder name 1\sub-folder name 1\sub-sub-folder name 2\etc-1\etc_2\etc~3

In reality though, a complex folder path will still work just fine only it’ll require a lot more typing setting the administrators command prompt path to the location of the folder containing the extracted “.bat” command file in order to execute it.

4 users thanked author for this post.

jburk07, SueW, Elly, abbodi86

I found it ok and downloaded the zip file, but it’s password protected!

A1ex

“A simple path would be any folder 1 or 2 levels deep in the drive’s root directory like c:\DotNet4 or maybe even c:\ESU\DotNet4 but c:\2020-07-DotNet4 would work just fine.”

Actually, the full path  of the folder I created is “C:\W7ESUI\2020-07-DotNet4”.  So I’ll leave it that way.  Thanks!

I downloaded the zip linked in #2281924 above and didn’t need a password to open it.

cheers, Paul

Without verifying checksums that were issued with the original?
If there is no zip password, it’s not the original file.

Keeping IT Lean, Clean and Mean!

The correct file needs a password.

1 user thanked author for this post.

Microfix

PKCano wrote:

The correct file needs a password.

The version I found does not have a password.

 

[alpha128]

Here is the checksum information for the version I downloaded.  Do I have the correct version?  Please let me know!  Thank you.

Name: dotNetFx4_ESU_Installer_r.zip
Size: 8126 bytes (7 KiB)
CRC32: 4A837AD0
CRC64: 7BECD50A61C1CC9A
SHA256: 3E1F48478404CC3FC372D4B8D00CC5E5B532BEE64AB9D78F5ECF2DDDA49E1227
SHA1: 574937759D3DFACE77AA91082D80808EF093D65F
BLAKE2sp: 732BB16B10CF115C13362624FBB42A1D6C1BACFD5B70E98B309AE867B48120F2

• This reply was modified 2 years, 10 months ago by alpha128.

1 user thanked author for this post.

jburk07

[Microfix]

ORIGINAL zip file contains a password with an SHA-256 checksum as follows:
3e1f48478404cc3fc372d4b8d00cc5e5b532bee64ab9d78f5ecf2ddda49e1227

Keeping IT Lean, Clean and Mean!

• This reply was modified 2 years, 10 months ago by Microfix. Reason: wrong checksum

1 user thanked author for this post.

jburk07

I’m certainly confused.

I found: https://host-a.net/u/abbodi86

and:

dotNetFx4_ESU_Installer_r.zip

which certainly seems legitimate (has abbodi86 ref), and yields the SHA256 checksum displayed in #2283411, but extracts just fine with NO password.

Is there another REAL file somewhere else?

(BTW the CMD in this file runs and installs the 7/23 .Net updates for Net 4.6 for x32 and Net 4.7 for x64; does it do something else I should worry about?)

Thanks.

Perhaps the password has been removed by @abbodi86?

Perhaps…

The same named file in the other abbodi86 repository from the initial post in this thread is an exact binary compare, and it too extracts with no password.

Why are people being cryptic about locations etc.? Are we giving up secrets we shouldn’t? I mean if we’re participating in this thread, and doing the operations mentioned, then we’ve already given consideration to all the implications, and we’re “in”. In for a penny, in for a pound, no?

Chris

More confused …

Verifying newly downloaded files and those that I used the past couple days … (all the same by the way)

It comes to mind that the hash for a PW protected zipped fileset would be different than for the same fileset without a password. Wouldn’t it? (The password would need to be stored inside the zip file I would think.)

My head is starting to hurt.

 

[old proverb: “one fool can ask more questions than 20 wise men can answer”]

Just curious if the checksum info you posted was for a PW protected zip file or did it just extract without a password? Did you find a .zip with a PW? (The ones I found match yours and have the same SHA256 checksum, no password.)

1 user thanked author for this post.

jburk07

Correction, my error, (copied from wrong folder on my PC)
The original password locked dotNetFx4_ESU_Bypass.7z
size 3455bytes (3kb)
SHA256:
0EA25AE5023145BE8C1D8B1836F4AF5A2C36E7D93538429B05EF1ECFF1C5F3F1
sincere apologies for the confusion.
It is impossible to change any file without affecting checksums.

Keeping IT Lean, Clean and Mean!

Thank you very much for this!

The .ZIP file is NOT password protected; in the one repository there is also a .7z file that IS password protected.

Not having the password, I cannot check the actual file contents to see if they are the same …

But since they are (as near as I can tell) abbodi86’s repositories, and I’ve been happily using the main ESU script from his repository for months, I’m confident all is good.

Chris

I don’t have a pony in this race, but could a summary and clarification be provided on what to download, where, and if a password is necessary.

Carpe Diem {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox115.0b2 MicrosoftDefender

[RDRguy]

All, I think everyone’s talking apples & oranges here. @abbodi86 has 4 different dotNetFx4 scripts posted and some are password protected and some are not.

The 2 “installer” scripts (dotNetFx4_ESU_Installer) don’t seem to be password protected and the 2 “bypass” scripts (dotNetFx4_ESU_Bypass) are.

2 scripts (1 bypass & 1 installer) are pre-Jul and the 2 other (1 bypass & 1 installer) were revised in Jul after the Jul .Net updates were released as noted by the “_r” at end of file name (before the “.” file extension).

As I’m not @abbodi86, I can only surmise that both the latest “installer” and the latest “bypass” scripts will install the Jul .Net (ver 4.5 & up) updates in non-ESU systems – one will do it via ESU “bypass” method requiring 1st installing the ESU bypass, then installing the .Net update then removing the ESU bypass while the “installer” method essentially does all this (or something very similar) automatically.

Hope this helps.

Edit: typos

Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS

• This reply was modified 2 years, 10 months ago by RDRguy.

7 users thanked author for this post.

pandarunnerpt, KP, Moonbear, SueW, jburk07, Chriski, abbodi86

You pretty much covered it all correctly 🙂

2 users thanked author for this post.

RDRguy, jburk07

How do you decide whether to use the “bypass” or “installer” versions?

cheers, Paul

1 user thanked author for this post.

Moonbear

The bypass is mainly ment for installing .NET 4 updates through WU, manual installation works too
but it has compatibility issue and cause other MSI programs to fail (including KIS 2020 or Office C2R)

the first installer was merely a simple script for installing .NET 4 updates manually using the ESU_LOCK workaround
the revived version include temporary self-bypass to work with July updates

dotNetFx4_ESU_Installer_r.zip is the safest approach so far

9 users thanked author for this post.

pandarunnerpt, KP, Moonbear, alpha128, jburk07, SueW, Microfix, Paul T, PKCano

[Paul T]

The correct file to use is available at this link, but it is a password protected 7z file.
https://host-a.net/f/252519-dotnetfx4esubypassr7z
https://host-a.net/f/252903-dotnetfx4esuinstallerrzip

cheers, Paul

• This reply was modified 2 years, 10 months ago by Paul T.
• This reply was modified 2 years, 10 months ago by Kirsty.

abbodi86 wrote:

dotNetFx4_ESU_Installer_r.zip is the safest approach so far

This one is not password protected.

2 users thanked author for this post.

KP, Paul T

I’m sticking with the dotNetFx4_ESU_Bypass.7z (password protected)
Why? ’cause I don’t, nor am I likely to use MS Office and my method works with no SFC errors. Done the trials and errors, earlier this month and sticking to it until MS issue busted patches again. YMMV

Keeping IT Lean, Clean and Mean!

abbodi86 wrote:

The bypass is mainly ment for installing .NET 4 updates through WU, manual installation works too
but it has compatibility issue and cause other MSI programs to fail (including KIS 2020 or Office C2R)

the first installer was merely a simple script for installing .NET 4 updates manually using the ESU_LOCK workaround
the revived version include temporary self-bypass to work with July updates

dotNetFx4_ESU_Installer_r.zip is the safest approach so far

I do use Office Click to Run so I will be trying out this one when the time comes.

Heads up folks:
https://www.catalog.update.microsoft.com/Search.aspx?q=2020-07
2020-07 Extended Security Updates (ESU) Licensing Preparation Packages for Windows 7/server 2008R2
click [last updated] released 7/29/2020

Keeping IT Lean, Clean and Mean!

1 user thanked author for this post.

abbodi86

I think this new version adds support for activating ESU licenses via KMS

of course, the required GVLK/CSVLK are unknown yet

1 user thanked author for this post.

Microfix

The KB4538483 ESU Licensing Preparation Package has been recently superseded by a new ESU Preparation package – KB4575903

https://support.microsoft.com/help/4575903/

https://www.catalog.update.microsoft.com/Search.aspx?q=kb4575903

How do you find the checksums for the non password protected dotNetFx4_ESU_Installer_r.zip?

right click on the file/zip. There should be a menu choice the shows the checksum. It’s 256, I think.

I don’t see an option to see the checksum when I right click on the zip.

    File: dotNetFx4_ESU_Installer_r.zip  

   SHA-1: 574937759d3dface77aa91082d80808ef093d65f  

 SHA-256: 3e1f48478404cc3fc372d4b8d00cc5e5b532bee64ab9d78f5ecf2ddda49e1227

1 user thanked author for this post.

jburk07

OK, the reason I had the menu selection is because I have 7zip installed. It puts the selection in the context menu.
See the information on 7zip here, as well as the command line you can use.

Or hashmyfiles from Nirsofe.

1 user thanked author for this post.

Moonbear

Easier to just pay $25 dollars and get 0patch pro.

1 user thanked author for this post.

Cybertooth

After some careful consideration, I’ve decided that I’ll just install 7-zip. Is this the right site? https://www.7-zip.org/

That looks right

1 user thanked author for this post.

Moonbear

[Moonbear]

My admin password prompt is saying my 7-zip download is from an unverified publisher, maybe I won’t be using this after-all.

• This reply was modified 2 years, 10 months ago by Moonbear.

Try downloading from MajorGeeks

Ok will do, sorry for taking up so much of your time with this.

Still showing as an unverified publisher even though Majorgeeks. I’m assuming that isn’t normal?

A lot of people here use 7zip. Guess it’s your choice. There are other ways to get the checksum, mentioned in the links above.

1 user thanked author for this post.

Moonbear

Are there multiple .NET 4.7 files that I’ll need to download when I install july’s patches or am I just reading the update catalog wrong?

For .NET 4.7 you need KB4565623 (Rollup) OR KB4565586 (security-only) – not both

Ok, I also see where I was reading wrong before as well.

I forgot that the .net patches were re-released.

Thanks again @PKCano

[Moonbear]

When I went to download the exe for KB4565623 I got the new mixed content warning in Google Chrome saying this file couldn’t be securely downloaded.

Has anyone else seen this when trying to download the exe for KB4565623 on Chrome?

It let me choose to keep downloading the file but why did that mixed content warning only kick off with the exe file?

• This reply was modified 2 years, 10 months ago by Moonbear.

download.windowsupdate.com links are http

that does not mean the files (or links) are not safe

Yes, I had the same issue when I tried to download ndp47-kb4565623-v2-x64 with Chrome.  So I downloaded it with SeaMonkey instead!

1 user thanked author for this post.

Moonbear

[alpha128]

I successfully installed kb4565354-x64, kb4565524-x64, and kb4565612-v2-x64 with W7ESUI.cmd, and successfully installed ndp47-kb4565623-v2-x64 with dotNetFx4_ESU_Installer.cmd.

Thanks @abbodi86

• This reply was modified 2 years, 10 months ago by alpha128.
• This reply was modified 2 years, 10 months ago by Kirsty.

2 users thanked author for this post.

jburk07, SueW

Ok, I did see that the download links were in http.

But why would that not give the same warning with the .msu files as with the .exe?

Probably because viruses are usually exe files

[Moonbear]

Ok, let me see if I’m understanding everything.

The warning triggered on the exe because the download link was for an executable with an http link on a https site.

The warning won’t trigger on the msu files because they don’t register as an executable.

Even with the warning the download should be safe since it was the insecure link and not what was being downloaded that triggered the warning.

Did I miss anything?

• This reply was modified 2 years, 10 months ago by Moonbear.

1 user thanked author for this post.

jburk07

I think you got it.

1 user thanked author for this post.

Moonbear

What do I do with the Run_Once_W10_Telemitry_Tasks.cmd left on my WIN 7 SP1 desktop.

 

I had the same problem when I trying to download ndp47-kb4565623-v2-x64 with Chrome.  So I downloaded it with Firefox instead!

I believe you right-click on it and run as administrator.  IIRC, the script runs once and then deletes itself.

I had already disabled telemetry on my system before I ran W7ESUI.cmd for the first time, so the second script was never created for me.

 

Also, opening a command window and using:

certutil -hashfile <file_of_interest> SHA256

will give the hash for the file of interest, for the algorithm, in this case SHA256.

It will do: MD2 MD4 MD5 SHA1 SHA256 SHA384 SHA512

Win 7 and later I believe. Supposedly case sensitive; is on my win 7 version.

2 users thanked author for this post.

abbodi86, Moonbear

[glnz]

Hey, everyone – now that Woody has gone to DefCon 3, I want to install the July updates on our three (3) Win 7 Pro 64-bit machines, one of which is the production PC in my wife’s SOHO.   (I start with the other two to see whether they survive.)

There has been a LOT of traffic here the last three weeks, and I haven’t followed.

First – is the # W7ESUI # script at the very top of this thread still good for Windows updates (and I’m in Group A)?  (Not .NET.)
If not, where is the shortlist of new steps?

Second – we have .NET 4.8.  What exactly should I do to install any updates?  I’ve seen emails of the posts here about password and not password and don’t know where to start.

Thanks.

• This reply was modified 2 years, 10 months ago by glnz.

Use this script. https://host-a.net/f/252903-dotnetfx4esuinstallerrzip for the .NET 4.
You need KB4565636-v2 issued 7/23 for .NET 4.8

W7EUSI_0.2.zip for the rest KB4565524 Rollup, KB4565354 SSU, and KB4565612 .NET 3.5

1 user thanked author for this post.

pandarunnerpt

Win7 Home Premium 64-bit. Group B.

I have just installed all (I think) of the appropriate (I hope) July Windows updates.

I prepared two folders, the first with the W7ESUI.cmd script (I’m still using the first version of that) and the Win7 64-bit versions of four files: kb4565354 (the July SSU); kb4565539 (Win7 security-only); kb4565479 (IE security-only); and kb4565579-v2, that last file being the corrected (v2) version of the .NET update that the W7ESUI script can effectively use for .NET versions lower than 4.

As always, I right-clicked on the .cmd file and chose “Run as administrator,” and the whole process took a little over half an hour (including the post-installation restart).

The second folder was set up to install the updates for installed NET versions starting with 4 (4.8 in my case). It had the revised (i.e., July 23) version of the dotNetFx4_ESU_Installer.cmd file (linked here), and the corrected version (v2) of the July security-only update that was appropriate for NET 4.8 (an .exe file, the name of which started with “ndp48-kb4565589-v2-x64_”); and it also had a folder named “bin” with four other files that were included in the same .zip as the installer.cmd file: two ending in .manifest, and two ending in .dll.

(I went into that detail partly because my initial unpack of the .zip file had the four files that should have been in the bin folder in the parent folder instead, probably due to a bad unzip choice on my part — which I discovered when the script started to run and immediately pointed out that it couldn’t find one of those files in the bin folder, and aborted.)

I right-clicked on the .cmd file and chose “Run as administrator,” and the installation took very little time. There was no indication that a restart was required, but I restarted anyway.

Everything seems normal at this point, and I checked the Installed Updates list in Windows Update, and it shows all five updates as successfully installed.

Thanks again to abbodi86.

1 user thanked author for this post.

jburk07

[glnz]

PKCano – I first ran W7EUSI_0.2.zip for KB4565524 Rollup, KB4565354 SSU and KB4565612 .NET 3.5.

However, for KB4565524-x64 (the last of the three),
after the last “The operation completed successfully.” and “Removing temporary extracted files…” and
just before “Finished” ,
I get

C:\W7ESUItemp_2012\WINDOW~2.1-K\WO1E08~1.240\racpldlg.dll.mui – The process cannot access the file because it is being used by another process.

What should I do?  Have not rebooted yet.  Thanks.

EDIT – I went to that folder C:\W7ESUItemp_2012\WINDOW~2.1-K\WO1E08~1.240\
and the ONLY file in that folder is  racpldlg.dll.mui.

Maybe for some reason the W7EUSI could not delete that file after the updates were finished?  Ignore for now, reboot, and go delete it after?

• This reply was modified 2 years, 10 months ago by glnz.
• This reply was modified 2 years, 10 months ago by glnz.

If you followed all the instructions in the Readme file, try that. Check in Installed Updates to be sure the updates installed.

All seems OK on first of three machines.  Thanks again.

And now all seems OK on the other two machines, including wife’s SOHO production machine!

abbodi86 and PKCano – you guys are GREAT!

And – another noodge – those benefiting from these install techniques – please donate to AskWoody.  Even small amounts because there are many of us.

2 users thanked author for this post.

Elly, PKCano

abbodi86 wrote:

dotNetFx4_ESU_Installer_r.zip is the safest approach so far

This is the one you need for August .NET4 and later installations.

https://host-a.net/f/252903-dotnetfx4esuinstallerrzip

3 users thanked author for this post.

jburk07, abbodi86, SueW

Little question about installing .NET patches with dotNetFx4_ESU_Installer_r.zip. I installed KB4565636-v2 for .NET 4.8.

I am trying to install ndp45-kb4565616-v2 and ndp47-kb4565623-v2. These do not install, the script do not see them as patches to work on. From posts above I understand that those are not mandatory… but this in nowhere explicitly written?

Should these got installed or are they somehow bundled into KB4565636-v2 and I should worry not? Or do I misunderstand something badly?

You only need the patches for the version(s) or .NET that is installed on your machine.
You do not need all of the .NET4 patches unless you have all of the versions installed.
Do you know what versions are installed on your computer?
If the version is not there, the patch won’t install.

.NET 4.x versions are upgrades to each other

4.8 is the latest and you only need its patch

It’s August 20, and in maybe two weeks Woody will give DefCon 3 for the August updates.  I have Win 7 Pro 64-bit, with .NET 4.8, and I am Group A.

Are the two methods here still good for getting and installing the August updates?
(I mean (a) the method at top of this page — W7ESUI — for Updates and
(b) dotNetFx4_ESU_Installer_r.zip  for any .NET 4.8 update.)

Cheers!