News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Comments on Abbodi86’s Win7 ESU Installer Script (2020 Archive)

    Home Forums AskWoody support Windows Windows 7 Win7 beyond End-of-life Comments on Abbodi86’s Win7 ESU Installer Script (2020 Archive)

    Topic Resolution: Resolved
    • This topic is empty.
    Viewing 577 reply threads
    • Author
      Posts
      • #2209123
        anonymous
        Guest

        When the instructions say to put W7ESUI.CMD “next to” the MSU files, does that mean “in the same directory as”?

      • #2209122
        jabeattyauditor
        AskWoody Lounger

        Woody, you’re on board with this?

        3 users thanked author for this post.
      • #2209127
        PKCano
        Manager

        It means: Put it in the same folder.

        3 users thanked author for this post.
      • #2209128
        honx
        AskWoody Lounger

        if i decide to install february and march group b patches on win7, is there anything to consider about these patches (bugs or anything else)?

        PC: Windows 7 Ultimate, 64bit, Group B
        Notebook: Windows 8.1, 64bit, Group B

      • #2209137
        PKCano
        Manager

        See this thread for information, especially the note at the top about the Group B patches. And the similar blogpost about the Feb Patch Tues.

        There are also notes in AKB2000003.

        3 users thanked author for this post.
      • #2209146
        honx
        AskWoody Lounger

        See this thread for information, especially the note at the top about the Group B patches. And the similar blogpost about the Feb Patch Tues.

        There are also notes in AKB2000003.

        thx, how can i check, if ssu kb4490628 is installed already? i know i have kb4474419 (because i had to install 3 times kb4474419 last year which i clearly remember) but i can’t find the kb4490628 which is required by march esu patches in windows update (unfortunately there is no search-box in windows update).

        and in which order is that new ssu kb4550735 to be installed? after february win7/ie patches?
        for example like this?
        february kb4537813 (win7)
        february kb4537767 (ie)
        reboot
        ssu kb4550735
        ( i downloaded the file linked in:
        https://www.askwoody.com/forums/topic/initial-impressions-of-patch-tuesday-march-2020/#post-2189166 )
        reboot
        march kb4541500 (win7)
        march kb4540671 (ie)
        reboot
        office and other non-windows patches
        reboot (just to make sure)

        PC: Windows 7 Ultimate, 64bit, Group B
        Notebook: Windows 8.1, 64bit, Group B

      • #2209151
        PKCano
        Manager

        To see if kb4490628 is installed look in Windows Update. On the lower left corner click on “View installed updates.”
        You can sort by any column. Click on the column title to choose the column to sort by. It is a toggle, alternating ascending/descending.
        kb4490628 was issued in april 2019, so if you sort by date it will be 3/12/2019 or later. If you sort by title, each category will have the KB number sorted numerically.

        4 users thanked author for this post.
      • #2209153
        PKCano
        Manager

        You can collect the updates and the needed file(s) in one folder.
        If you are using @abbodi86 ‘s script, you should follow those instructions.
        The Office, MSRT updates are still available through Windows Update for supported versions.

        1 user thanked author for this post.
      • #2209154
        honx
        AskWoody Lounger

        can’t edit my post anymore, so i have to reply: what do i have to deactivate in order to get rid of this diagtrack thingamajigs in march update? (microsoft are now charging for win7 updates and these to purchase patches still contain spyware – i don’t get it…)

        PC: Windows 7 Ultimate, 64bit, Group B
        Notebook: Windows 8.1, 64bit, Group B

      • #2209157
        PKCano
        Manager
        5 users thanked author for this post.
      • #2209158
        honx
        AskWoody Lounger

        You can collect the updates and the needed file(s) in one folder.
        If you are using @abbodi86 ‘s script, you should follow those instructions.
        The Office, MSRT updates are still available through Windows Update for supported versions.

        so all february, march and that ssu in the same folder and that script takes care about the order and installs also that march ssu at the right time?

        PC: Windows 7 Ultimate, 64bit, Group B
        Notebook: Windows 8.1, 64bit, Group B

      • #2209161
        abbodi86
        AskWoody_MVP

        Yes

        You only need the latest SSU (March KB4550735), and the latest IE11 cumulative (March KB4540671)
        in addition to security only update for both February and March

        9 users thanked author for this post.
      • #2209166
        Pim
        AskWoody Plus

        Just out of curiosity: why? My reason for asking: I have seen other contributors on AskWoody claiming this is illegal.

        I myself take a practical approach: I have lost so very many hours (> 100) because of Microsoft’s absence of client focus that I honestly do not care whether it is illegal (normally I do). One example: only informing that Ultimate is also covered by ESU in late November which caused me much stress trying to get my systems on Windows 10 in the months before November 2019, which failed, because of a lack of time and energy on my part caused by insufficient health.

        ASRock Beebox J3160 - Win7 Ultimate x64
        Asus VivoPC VC62B - Win7 Ultimate x64
        Dell Latitude E6430 - Win7 Ultimate x64
        Dell Latitude XT3 - Vista Ultimate x86 (still...)
        Asus H170 Pro Gaming - Win10 Pro 1809 x64

        1 user thanked author for this post.
      • #2209167
        Chriski
        AskWoody Lounger

        Use 0patch or script installer (no ESU, Win 7 group B through Jan patches) or both?

        I installed 0patch(free) after the Jan patches, and it’s been doing fine.

        Also use the script installer because more is better and it will enhance things missing from 0patch, or is this 0patch tool probably sufficient?

        Thanks for opinions..

        C.

        2 users thanked author for this post.
      • #2209178
        Susan Bradley
        Manager

        Does it violate licenses and eulas….. yes …but my morals are slipping.  We are in unusual times where people are using Win7’s to remote in from home.  I’ve sent an email to Satya to ask him to open up 7 patching for all given the circumstances.

        Susan Bradley Patch Lady

        Total of 23 users thanked author for this post. Here are last 20 listed.
      • #2209184
        Melvin
        AskWoody Plus

        Does it violate licenses and eulas….. yes …but my morals are slipping.  We are in unusual times where people are using Win7’s to remote in from home.  I’ve sent an email to Satya to ask him to open up 7 patching for all given the circumstances.

        Yes, considering so many must now work from home, it would be good if Microsoft would step up and open up the ESU for some period of time.  I guess this is most applicable to people who have their “home” computer and until now have only used the IT-supported computers at their work place.

        Indeed, I saw a report that bad actor’s may have increased their efforts against homes and home users anticipating increased opportunities in these new circumstances.

        Win 10, Win 7 Pro 64-bit, Office 2010.
        Nethermost of the technically literate.

        2 users thanked author for this post.
      • #2209188
        honx
        AskWoody Lounger

        Yes

        You only need the latest SSU (March KB4550735), and the latest IE11 cumulative (March KB4540671)
        in addition to security only update for both February and March

        thanks, i’ll wait for ms defcon 3 or higher and for some observations by other users here before i try it myself.

        PC: Windows 7 Ultimate, 64bit, Group B
        Notebook: Windows 8.1, 64bit, Group B

      • #2209193
        Geo
        AskWoody Plus

        0patch pro is half the price of ESU and is working just fine.  I’m a home premium user .  Getting a number of micro patches lately.

        • This reply was modified 10 months ago by Geo.
        • This reply was modified 10 months ago by Geo.
        5 users thanked author for this post.
      • #2209189
        anonymous
        Guest

        Open Windows Update > click on View Update History (in left navigation) > click on the linked Installed Updates > copy & paste the KB number into the top left search field.

        That way you don’t have to waste time sorting and searching by date.

        Hope I could help.

        1 user thanked author for this post.
      • #2209192
        anonymous
        Guest

        Any known issues using this script on a Kaby Lake (intel 7xxx) box running wufuc ?

      • #2209199
        KWGuy
        AskWoody Plus

        Every time I think I’ve found a way to outsmart Mother Microsoft re: updating, it usually backfires…or at least causes more anxiety and takes more time than it’s worth.

        My gut tells me that this unsanctioned (and per SB , a license violation) approach is not a good option.  I acknowledge that I’m a non-techie home user with a less adventurous spirit than most.  I agree, though, that MS should extend traditional W7 patching due to current circumstances.

         

        2 users thanked author for this post.
      • #2209203
        T
        AskWoody Plus

        Thank you so much for this, abbodi86. This should tide me over until i figure out what i’m going to do long term, with no option being ideal. However, i am a little concerned implementing it because this violates the EULA and i worry microsoft will start deactivating the product keys of genuine installs and then you’re effectively using a pirate copy. Also, it was my understanding that this workaround had been prevented with the latest SSU.

        2 users thanked author for this post.
      • #2209212
        PKCano
        Manager

        I have just run the script on one of my Win7 Ultimate x64 VMs that was updated through Jan.
        There were no problems during the install.
        There were two (2) reboots afterward.
        Here is the result.

        Screen-Shot-2020-03-20-at-2.30.50-PM

        Attachments:
        12 users thanked author for this post.
      • #2209224
        woody
        Manager

        Reports I’ve seen about 0patch are uniformly positive.

        6 users thanked author for this post.
      • #2209225
        woody
        Manager

        OK. I’ll bite. How does running abbodi86’s script violate the Win7 EULA?

      • #2209226
        T
        AskWoody Plus

        Oh, does it not? Susan upthread seems to agree that it does. My concern is just what microsoft will do to clamp down on obtaining ESUs for free.

        Then again, we’re currently living through a period where so many more people are working from home and win7 still has a huge user base.

        • This reply was modified 10 months ago by T.
        2 users thanked author for this post.
      • #2209262
        alkhall
        AskWoody Lounger

        No file to download, link gives blank page.

      • #2209270
        Volume Z
        AskWoody Lounger

        You’re doing it wrong.

        Download

        Attachments:
      • #2209281
        b
        AskWoody Plus

        How does running abbodi86’s script violate the Win7 EULA?

        8. SCOPE OF LICENSE.
        You may not
        · work around any technical limitations in the software;

        1 user thanked author for this post.
      • #2209283
        ch100
        AskWoody_MVP

        I think Susan’s assessment and subsequent action – to write to Satya asking for a waiver given the times are appropriate. This is a grey area and open to interpretation either way.

        I would like to raise a technical issue though, only for clarification.

        This script installs SSU first and the relevant update in the second step.

        I was under the impression that this order does not matter anymore, because the SSU released in a specific month actually applies to the update released next month, this being done by Microsoft to avoid past issues. There is still a requirement to update regularly because SSU is not released each month.

        Is this true about the SSU order, or is only true for Windows 10 or is not true at all?

        3 users thanked author for this post.
      • #2209284
        Seff
        AskWoody Plus

        Isn’t this all rather academic at the moment? We’re at DefCon 2 for heaven’s sake.

      • #2209286
        alkhall
        AskWoody Lounger

        You’re doing it wrong.

        Download

        Got it, thanks.

      • #2209292
        italiangm
        AskWoody Plus

        Hello all. Wanted to share experience and ask a question:

        Since FEB2020 updates were cleared for installation, I downloaded kb4537767-x64 and kb4537813-x64 msu from Microsoft Update Catalog. Followed the instructions so kindly provided by abbodi86.

        Install ran without a hitch. After successful reboot, I opened Windows Update and selected View Update History. KB4537767 and KB4537813 do not appear.

        Checked Control Panel > Installed Updates. KB4537767 and KB4537813 were listed there.

        Is there a reason why the FEB2020 updates do not appear in View Update History?

        2 users thanked author for this post.
      • #2209300
        PKCano
        Manager

        Is there a reason why the FEB2020 updates do not appear in View Update History?

        Yes, Windows Update History is the history of updates that Windows Update installed. Windows Update didn’t install those updates, you did.  🙂
        But to verify that they are installed, they are listed in “Installed Updates.”

        7 users thanked author for this post.
      • #2209323
        Volume Z
        AskWoody Lounger

        Are you telling us that any given Security Only Update is impossible to appear in Update History?

      • #2209326
        PKCano
        Manager

        Security-only updates are not released through Windows Update.
        I could be wrong, but I believe that would be the case if you do a manual install.
        An exception would be if the SO were released through WU.
        I don’t think it shows in Update History, but it does in “Installed Updates.”
        Also, if you uninstall an update, it doesn’t disappear from Update History. It is still listed in History at the time/date it was installed (but it is no longer in Installed Updates).

        Note: This applies to current updates that MS designated as Rollup and Security-only, not to the prior updates that were designated Updates for Windows and Security Updates for Windows (2016 and before)

        • This reply was modified 10 months ago by PKCano.
        • This reply was modified 10 months ago by Kirsty.
        3 users thanked author for this post.
      • #2209330
        Volume Z
        AskWoody Lounger

        By thinking, any update installed manually – like any given Security-Only – does not appear in Update History, you’re thinking wrong. It should be easy for you to verify in any Windows 7 installation.

      • #2209331
        PKCano
        Manager

        I only do Rollups. Can you post a screenshot?
        I’m certainly open to stand corrected.

      • #2209334
        anonymous
        Guest

        Works for me, after paying attention to abbodi86‘s comments on 20 <span class=”bbp-reply-post-date”>March 2020 at 11:05 am.</span>

        Thanks!

      • #2209342
        Volume Z
        AskWoody Lounger

        Sure. 🙂

        Updateverlauf

        Attachments:
        1 user thanked author for this post.
      • #2209349
        PKCano
        Manager

        Thanks.
        Were those manual installs or using WSUS or one of the installers?

      • #2209352
        RDRguy
        AskWoody Lounger

        @PKC … I’m not sure that’s the case … being Group B since the very beginning, I’ve only manually installed all the monthly SO & IE11 Cum updates downloaded either directly from the MS Update Catalog or AKB2000003 and everyone of them DO appear in the Windows Update History as well as the “Installed Updates” on all of my Win7 systems.

        I suspect this may be due to the processes used by @abbodi86’s batch script to incorporate the post ESU Win7 updates into non-ESU Win7 systems.

        If so, it’s implementation may not use (or use in the normal way) any or all of the actual Windows Update mechanisms that would normally be used either pre or post ESU to incorporate Win7 updates.

        Could/should/would this be changed in a future batch script update … I suspect only @abbodi86 can answer.

        Win7 - PRO & Ultimate, x64 & x86
        Win8.1 - PRO, x64 & x86
        Groups A, B & ABS

      • #2209358
        PKCano
        Manager

        Yes, I was under the wrong impression.
        Thanks for the correction.

        1 user thanked author for this post.
      • #2209366
        alpha128
        AskWoody Plus

        My goodness – this is the greatest thing since sliced bread.  And since the last time I was in a grocery store there was no bread – that makes this the greatest thing going today!

        I downloaded the script and installed per your instructions.  I used to it to install the March Servicing Stack update (KB4550735) and 2020-03 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4540688).  As advertised, the servicing stack was installed first, and then the roll-up.

        As other users report, these updates did not appear in my Windows Update history, but they do appear when running, e.g., powershell (get-hotfix -id KB4540688).  They also appear as installed updates in Control Panel.

        Thank you so much!

        5 users thanked author for this post.
      • #2209373
        woody
        Manager

        I don’t feel so guilty. 🙂

        Don’t know of any specific EULA or license that says you can’t use freely available patches on a licensed copy of Win7….

        Playing devil’s advocate, of course.

      • #2209375
        woody
        Manager

        I hear ya but… I’m not so sure that applying updates is working around a technical limitation.

        For example, I don’t think 0patch patches violate the EULA.

        One could make the argument that running any Win7 utility is working around a technical limitation in the software…. antivirus…

        8 users thanked author for this post.
      • #2209391
        abbodi86
        AskWoody_MVP

        Not really, latest SSU first, is still the correct order
        if you installed higher stack installer version, it will take precedence and work for all lower versions

        – Check required stack installer version for each update

        if an update require higher SSU, the script will show error message and skip it

        and that’s why for manual installation of ESU updates, you should only download and use latest SSU, even if current updates require previous SSU

        8 users thanked author for this post.
      • #2209392
        abbodi86
        AskWoody_MVP

        Windows Update History show the history of updates installed via WU, or via msu file directly (double-click)
        but not if the updates are installed via DISM.exe tool (like the script does)

        Update History can be reset/wiped easily, but “Installed Updates” will always show the updates



        @RDRguy

        Windows Update is more like a GUI front-end for CBS (the actual engine that process updates)
        DISM.exe is the CLI front-end for CBS

        4 users thanked author for this post.
      • #2209410
        ch100
        AskWoody_MVP

        @abbodi86
        My comment was more in relation to this (hypothetical) scenario:

        – SSU 2020-01 installed
        – Patches for 2020-02 are released
        – Install 2020-02 CU first (for whatever reason, see below for an example)
        – Install 2020-02 SSU

        If 2020-02 CU require minimum 2020-01 SSU, then the previous sequence would still work, while not installing the 2020-02 SSU first.

        Same would be repeated next month 2020-03 in this example, if 2020-03 CU require as minimum 2020-02 SSU and not 2020-03 SSU.

        This may have practical implications when let’s say 2 patches are pushed simultaneously via WSUS or SCCM and they are installed without a reboot between them. This is a very common scenario in fact and I have seen the SSU is not always installed first due to the sequence having other criteria like randomization, which patch is downloaded first from the update server etc.

        Ideally the updates should be installed in 2 steps, SSU first, waiting for it to be deployed everywhere and then the CU for the month. But this is not practical or always possible taking in consideration the operational requirements, except for the smallest of environments and as such it is never done in 2 steps.

        Note: In WSUS or SCCM which leverages the same WSUS, SSU and CU are always installed separately and not bundled as it is the case for Windows Update.

        3 users thanked author for this post.
      • #2209411
        Kranium
        AskWoody Lounger

        Hey Woody, good on you.

         

        Every little bit helps right now.

        Group B for WIN7 w/ ESU, plus trying out Linux builds in dual boot.

        1 user thanked author for this post.
      • #2209419
        abbodi86
        AskWoody_MVP

        Understood 🙂

        but like you said, this sequence apply to WU and WSUS

        manual installation of updates means to get the latest version of chained updates (SSU, IE11 Cumulative, Monthly Rollup, W10 Cumulative)

        5 users thanked author for this post.
      • #2209439
        Sinclair
        AskWoody Lounger

        Used this on Windows 7 x64 Home Premium. Everything went well and after two reboots the computer still works. I did it with the network cable pulled. Once everything was done I ran the W10Tel.cmd After another reboot I replugged the network cable. So far so good.

        W7 x64 Pro&Home

        4 users thanked author for this post.
      • #2209493
        woody
        Manager

        It most certainly is academic. But it’s good to have some pioneers leading the way, eh?

        (Also absolutely delightful that the old crew is tossing this around.)

        2 users thanked author for this post.
      • #2209514
        alpha128
        AskWoody Plus

        Used this on Windows 7 x64 Home Premium. Everything went well and after two reboots the computer still works. I did it with the network cable pulled. Once everything was done I ran the W10Tel.cmd After another reboot I replugged the network cable. So far so good.

        According to the Pros above, this new script does “Include the Telemetry neutralize tweaks”.  So you may not need W10Tel.cmd any more.

        After running the new script on my system I see:

        Directory of C:\ProgramData\Microsoft\Diagnosis

        File Not Found

        Directory of C:\ProgramData\Microsoft\Diagnosis\ETLLogs

        11/15/2016 08:00 PM <DIR> .
        11/15/2016 08:00 PM <DIR> ..
        0 File(s) 0 bytes

        Total Files Listed:
        0 File(s) 0 bytes

        I did previously have files there, but I had stopped them from being updated.  Now they are gone.

        4 users thanked author for this post.
      • #2209589
        Sinclair
        AskWoody Lounger

        This Windows 7 Home Premium x64 Computer installation is from 2009. Still in use every day. It has seen its fair bumbs and bobs along the way.

        My Directory of C:\ProgramData\Microsoft\Diagnosis contains

        User.dat 16-09-2015 0 kb

        and 8 Folders

        \AsimovUploader 16-01-2017 empty
        \DownloadedScenarios 19-05-2015 empty
        \DownloadedSettings 16-01-2017
        ..cfc.flights.json 04-06-2015 1 kb
        ..telemetry.ASM-WindowsDefault.json 16-01-2017 11 kb
        ..telemetry.ASM-WindowsDefault.json.bk 15-09-2015 6 kb
        ..utc.app.json 16-01-2017 38 kb
        ..utc.app.json.bk 15-09-2015 22 kb
        \ETLLogs\AutoLogger 20-03-2020 empty
        \ETLLogs\ShutdownLogger 16-01-2017 empty
        \LocalTraceStore 16-01-2017 empty
        \Sideload 16-01-2017 empty
        \SoftLanding 16-01-2017 access denied
        \SoftLandingStage 16-01-2017 access denied

        W7 x64 Pro&Home

      • #2209595
        italiangm
        AskWoody Plus

        After using the script on my Win 7 SP1 PC, I noticed a new file named RunOnce_W10_Telemetry_Tasks.cmd on the desktop.

        FYI, I did not place MSUs, zip file, or extracted files on the desktop, nor run W7ESUI.cmd from there.

        Can I delete RunOnce_W10_Telemetry_Tasks.cmd from the desktop without causing  problems if I run the script in the future?

      • #2209599
        abbodi86
        AskWoody_MVP

        I forgot to mention this, sorry

        the script is ment to disable the relevant schedule task after installing Monthly Rolup (they only can be disabled after restart)

        therefore, you just need to run it as administrator, it will be self-deleted afterwards
        or just delete it

        3 users thanked author for this post.
      • #2209598
        anonymous
        Guest

        Hopefully you have a full system backup and maintain files backup in case Microsoft decides to plug the free patch access hole.

      • #2209819
        anonymous
        Guest

        Standalone installer script for Windows 7 ESU, regardless the license.
        Dowloaded W7ESU1 files and extracted ok . Then downloaded February and March Group B updates

        KB4537767  KB4537813  KB1540671  KB1541500 for my Win 7 X64 Pro Laptop and placed in same folder as advised. Script runs fine however after extracting the cab files it telle me I need :

        SSU VERSION 6.1.7601.24544
        SSU VERSION 6.1.7601.24548

        I already have KB4490628 and KB4474419 installed and all Group B security updates up to and including January installed. Advice please.

      • #2209822
        PKCano
        Manager

        Have you been installing the SSUs before EOL?
        Try installing KB4536952 Jan SSU manually first before running the script.
        Also did you include Mar SSU KB4550735 in the download folder with the script?
        You only need the latest IE11 CU b/c they are cumulative.

        2 users thanked author for this post.
      • #2209823
        abbodi86
        AskWoody_MVP

        You did not have required or latest SSU
        you must include KB4550735 in the download folder with the script, or install it yourself

        1 user thanked author for this post.
      • #2209828
        anonymous
        Guest

        Thank you both for your help. Followed your advice and updates installed OK now. Brilliant!!

        1 user thanked author for this post.
      • #2209939
        italiangm
        AskWoody Plus

        Right clicked on RunOnce_W10_Telemetry_Tasks.cmd then selected Run as administrator. The process ran and deleted RunOnce_W10_Telemetry_Tasks.cmd at the end as stated. Thanks again!

      • #2209942
        Cybertooth
        AskWoody Plus

        OK, just to make sure that I understand the process:

        Supposing that one installs February’s Security Only patch for Windows 7 by using this script. Come time to install the March updates, would one then manually run the script again?

         

      • #2209959
        abbodi86
        AskWoody_MVP

        Yes, placing March Security Only update (and March SSU) next to it

        you don’t need to move the February update, the script should detect it as installed and skip it (after extraction)

        3 users thanked author for this post.
      • #2209983
        Ed
        AskWoody Lounger

        @abbodi86… “if you installed higher stack installer version, it will take precedence and work for all lower versions”

        I’m questioning my reading comprehension level here… If I’m understanding this statement correctly I only need to to install the latest SSU (KB4550735) FIRST and then I would be able to install all updates available since August 2019 on two Group B systems that haven’t been patched since then?

      • #2209985
        PKCano
        Manager

        Put SSU KB4550735, all the Security-only updates, and the latest IE11 CU KB4540671 in the folder with the script. The script will install the SSU first and then the rest of the updates.

        Be sure you have SHA2 support updates KB4490628 and KB4474419 already installed beforehand.

      • #2210020
        pandarunnerpt
        AskWoody Plus

        I have been using 0Patch since 11/18/19, my husband about a month after. We both are on Win 7 Professional 64 bit SP1 computers, I am i7 6700, he is i3 4130. We both were group B until January when we had to install the rollups in order to assure that 0Patch would work properly.

        Acting as guinea pigs for the 0Patch people on the board, and as per this link from 0Patch saying that it was not an issue to use both 0Patch and ESU at the same time  https://0patch.zendesk.com/hc/en-us/articles/360011192299-Can-I-use-0patch-in-parallel-to-Windows-Extended-Security-Updates–   I installed abbodi86‘s script and then the Feb. Security and IE updates today.

        Installation went as described and both of us have had no problems at all.  0Patch is still working as expected, too.

        Thank you abbodi86 and thank you everyone in this conversation who made it easier for me to give this a try.

        Win 7 Professional, 64 bit, Defiantly Group B

        1 user thanked author for this post.
      • #2210026
        Geo
        AskWoody Plus

        0patch put out an email today mentioning  only W7 users who HAVEN’T  taken the ESU  downloads are able to use the 0patch micro-patches .  Mentions they are not compatible with the ESU downloads.  Be interesting if some one with ESU and 0patch are having problems as 0patch is mentioning.

        1 user thanked author for this post.
      • #2210070
        abbodi86
        AskWoody_MVP

        Yes

        1 user thanked author for this post.
      • #2210074
        RDRguy
        AskWoody Lounger

        0patch website FAQ page states they are not needed and won’t be applied but doesn’t state that they’re not compatible and may cause problems in ESU updated systems.

        EDITs: typos

        Win7 - PRO & Ultimate, x64 & x86
        Win8.1 - PRO, x64 & x86
        Groups A, B & ABS

        • This reply was modified 10 months ago by RDRguy.
        • This reply was modified 10 months ago by RDRguy.
        • This reply was modified 10 months ago by RDRguy.
        2 users thanked author for this post.
      • #2210148
        woody
        Manager

        I would expect that… it wouldn’t make much sense for 0patch to patch ESU-patched systems, unless a huge zero-day appeared.

        2 users thanked author for this post.
      • #2210255
        anonymous
        Guest

        Tells me I have to run as administrator even when I right click and do just that.

         

      • #2210259
        PKCano
        Manager

        Are you logged in with a Standard (non-Administrator) ID?

      • #2210261
        anonymous
        Guest

        No, an admin account

      • #2210311
        analogkid
        AskWoody Plus

        Downloaded the required W7ESUI and then the Feb SO updates.

        I made sure I had the SSU necessary installed which I already did way back when as I did installed the Group Jan update prior to buying 0patch subscription.

        Well I thought I would try this new ESL and for me it didnt work. I got the cmd window with all of the same script as pictured but when I hit the zero key nothing happened.

         

        Just noticed I needed SSU KB4550735 so I went to the Microsoft Update Catalog and downloaded it.

        Must admit, I am kind of lost where to go from here but then I am not computer savvy

        "An analog kid in a digital world"

        Win7 Ultimate home built desktop Running 0patch Pro

        Win 8.1 desktop and two 8.1 laptops

        Win 10 Dell desktop (took the plunge)

        and two very old home built Win XP desktops (offline for use with an old Epsom Photo scanner)

        • This reply was modified 10 months ago by analogkid.
      • #2210314
        PKCano
        Manager

        I made sure I had the SSU necessary installed which I already did way back when as I did installed the Group Jan update prior to buying 0patch subscription.

        You can’t have installed the March SSU back in Jan. SSU KB4550735 was just released Mar. 10th. It needs to be in the folder with the Mar Group B updates KB4541500 SO and KB4540671 IE11 CU.

      • #2210312
        anonymous
        Guest

        Well it seems that after 3 reboots it is working.  Not sure what was going on.

         

      • #2210321
        analogkid
        AskWoody Plus

        OK, so I need to skip the Feb SO updates and instead download the March SO updates instead?

        I had just figured I would installed the Feb updates as we are still on DefCon 2 with the March updates.

        Thanks PK. I may still have to wait until my IT brother visits  and let him do it so he can show me in person. Who knows how long that will be though

        I feel so stupid when it comes to this “stuff”

        Also what I meant is that I have installed already the two prior SSU’s. I checked my installed updates just to be sure and they are listed.

        "An analog kid in a digital world"

        Win7 Ultimate home built desktop Running 0patch Pro

        Win 8.1 desktop and two 8.1 laptops

        Win 10 Dell desktop (took the plunge)

        and two very old home built Win XP desktops (offline for use with an old Epsom Photo scanner)

        • This reply was modified 10 months ago by analogkid.
        • This reply was modified 10 months ago by analogkid.
        • This reply was modified 10 months ago by Kirsty.
      • #2210327
        PKCano
        Manager

        You need the Feb and Mar SO (KB4537813 and KB4541500).
        You need the Mar IE11 CU (KB4540671).
        You need the Mar SSU KB4550735
        All of them in the folder with the script

        3 users thanked author for this post.
      • #2210343
        Elly
        AskWoody MVP

        I feel so stupid when it comes to this “stuff”

        From a non-techy who is attempting to embrace tech- you aren’t stupid. You are asking questions, learning the terminology, and applying it to your personal situation. Pretty darn smart, if you ask me!

        And the more you hang around here, the more you will learn… and the more it will make sense.

        Also, the more you know, the better you can converse with your IT brother… if tech can improve your bonding… so much the better!

        Just know that if you follow PKCano’s instructions, it will do what you want it to do… always works for me!

        Non-techy Win 10 Pro and Linux Mint experimenter

        3 users thanked author for this post.
      • #2210352
        RDRguy
        AskWoody Lounger

        Finally took the plunge and converted two fully up-to-date non-ESU Win7 “Group B” test systems to “Group A” by first installing KB4534310 (2020-01 Monthly Quality Rollup) then KB4536952 (2020-01 SSU).

        After successful reboot, used @abbodi86‘s automated batch script to install the following ESU updates:

        2020-02 – KB4537829 (Feb SSU)
        2020-03 – KB4550735 (Mar SSU)
        2020-02 – KB4537820 (Feb Monthly Quality Rollup)
        2020-03 – KB4540688 (Mar Monthly Quality Rollup)

        ESU batch script processed both SSUs first then both Monthly Rollups successfully.

        After reboot, the installed updates (via the control panel) listed both SSUs & the Mar Rollup as installed. As expected, the Feb Rollup was not installed due to supersession by the Mar Rollup. A subsequent Windows Update found only the March 2020 MSRT.

        Afterwards, performed a couple of Windows Update offline scans via the Microsoft Baseline Security Analyzer (MBSA) tool using the current wsusscn2.cab file.

        As the MBSA tool is no longer available for download as described here, I also performed additional offline scans via Powershell using a .vbs script found here and a .ps1 script found here.

        MBSA and both Powershell offline scan scripts indicate the following updates are still missing:

        2019-10 – KB4519108 (DST changes for Norfolk Island and Fiji Island)
        2020-02 – KB4538483 (ESU Licensing Preparation Package)

        Interesting that KB4519108 is found via offline scanning but not via the normal WU scan since it’s pre-ESU, it’s not installed & it’s not hidden. No real concerns about the DST update as I don’t live on Norfolk or Fiji Islands.

        But, have a question for @abbodi86 and/or other AskWoody_MVPs in the know concerning KB4538483 …

        Should non-ESU Win7 updaters now in “Group ABS” (Abbodi86’s Batch Script) be concerned about the missing ESU Licensing Prep Package KB4538483 on non-ESU systems being patched with ESU updates?

        Win7 - PRO & Ultimate, x64 & x86
        Win8.1 - PRO, x64 & x86
        Groups A, B & ABS

        3 users thanked author for this post.
      • #2210365
        analogkid
        AskWoody Plus

        Wow, I did it!! I kept trying and then recalled that I did something similar years ago with a file named “pciclearstalecache”.

        I surprised myself when I hit the zero key and it began the installation process.

        I waited a long time to reboot and then let it sit another good long time before signing in. Just checked the installed updates and I see four listed with today’s date./

        I am also using 0patch Pro and so far it is working fine.

        WOO HOO

        Thank you to everyone in this thread, PK and of course abbodi.

        BTW, I have been on askwoody site for many, many years as a devoted Group B’er. I decided to join as a Plus Member recently.

        "An analog kid in a digital world"

        Win7 Ultimate home built desktop Running 0patch Pro

        Win 8.1 desktop and two 8.1 laptops

        Win 10 Dell desktop (took the plunge)

        and two very old home built Win XP desktops (offline for use with an old Epsom Photo scanner)

        5 users thanked author for this post.
      • #2210371
        abbodi86
        AskWoody_MVP

        KB4538483 is solely ment for actived ESU-license customers to recieve ESU updates via WU.
        no other purpose for non-ESU users, and the update contents are already included in the Monthly Rollup.

        now if you installed it and checked wsusscn2.cab again, it will still not show ESU updates (installed or not)
        because WU engine check the status of active ESU license before it show the updates

        3 users thanked author for this post.
      • #2210380
        RDRguy
        AskWoody Lounger

        @abbodi86

        Thanks, I kinda figured that but just had to ask if NOT having the ESU Prep Pkg Update installed could potentially result in unforeseen problems with having the ESU updates installed in non-ESU systems.

        Win7 - PRO & Ultimate, x64 & x86
        Win8.1 - PRO, x64 & x86
        Groups A, B & ABS

      • #2210410
        Ulti P. Uzer
        AskWoody Lounger

        @Woody, with this development, I hope you didn’t buy a ESU license for 7 Semper Fi. Are you still using that machine? I also know personally that abbodi86’s other script that brings 7 ESUs through WU also works magnificently.

      • #2210702
        byteme
        AskWoody Plus

        Win7 Home Premium 64-bit. Group B.

        I just used abbodi86’s .cmd script to install the February Win7 64-bit security-only updates.

        SHA2 support updates KB4490628 and KB4474419 had already been installed on my PC (in April and September, respectively, of 2019).

        I put four files in an otherwise-empty folder: (1) abbodi86’s .cmd file, (2) the Feb. SSU (KB 4537829), (3) the Feb. Win7 SO update (KB 4537813), and (4) the Feb. IE SO update (KB 4537767).

        Then I right-clicked on the .cmd file, chose Run as Administrator, and hit 0 in response to the opening menu.

        The process took just about exactly 30 minutes. Then I rebooted, and then I ran (as Administrator) the RunOnce anti-telemetry file that the .cmd script had deposited on my desktop.

        Everything seems fine, I thank abbodi86 for his assistance, and I plan to do the March updates the same way (when their time has come).

        5 users thanked author for this post.
      • #2211481
        anonymous
        Guest

        At first:  To abbodie, many thanks for your tool !

        A question:
        I use the Group A scenario with rollups.
        And I want to know, if I don’t update for many months,
        can I restart the updates from the most recent month rollup ?
        Skipping all the months in between ?

        Thanks
        Frankie

      • #2211492
        PKCano
        Manager

        And I want to know, if I don’t update for many months, can I restart the updates from the most recent month rollup ? Skipping all the months in between ?

        Technically, and in normal circumstances, the answer would be Yes, since Group A Rollups are cumulative.
        BUT:
        + There is no guarantee that @abbodi86 ‘s script will work next month, or the month after. Microsoft may put another roadblock in the works. They won’t be happy with people getting for free, what they are charging subscription fees for.
        + There will probably be other qualifying installs, like the SSU changing.

        As long as things stay like they are, skipping monthly patches may work. But who knows??

        1 user thanked author for this post.
      • #2211520
        Frankie
        AskWoody Lounger

        Thanks PKCano,

        I should have said:  “if I DIDNT update for many months” for the lasts months.
        So I will update my others PCs rapidly!

        Frankie

         

      • #2211525
        PKCano
        Manager

        Be sure you have the prerequisites installed – listed above.

      • #2211750
        anonymous
        Guest

        I have already installed the SHA2 support updates KB4490628 and KB4474419  since the time of their release (more or less). Today, I have followed the advice of PKCano in #2210327 above. After rebooting, the four new updates are now listed in my “installed updates” and everything seems to work fine up to now.

        System: Win7 x64 Ultimate and “Group B”.

        Note: “RunOnce_W10_Telemetry_Tasks.cmd” did not appear, probably because I have already set the script “W10Tel.cmd” to run on startup as a scheduled task. No additional telemetry related tasks or services have shown.

        Many thanks to abbodi86 for the scripts he provides and the people in this forum offering their knowledge.

        Tryfonas

        1 user thanked author for this post.
      • #2211818
        Moonbear
        AskWoody Lounger

        How does this script work with the Group A rollups?

        I didn’t think you could use the rollups with the script since they aren’t individually downloaded files. Or is there another way to get the rollups besides Windows Update?

      • #2211820
        PKCano
        Manager

        You can download the Rollups from the MS Update Catalog. Enter the KB number without the “KB” (just the numerical part) and download the one that is right for your OS version and bitedness.

        Or you could use one of the download managers WUMgr, Sledghammer, etc.

      • #2211823
        Moonbear
        AskWoody Lounger

        Thanks, @PKcano

        I didn’t realize you could get the rollups from the update catalog.

        So I would need to download 4540688 and 4550735?

        • This reply was modified 9 months, 3 weeks ago by Moonbear.
      • #2211829
        Mcinwwl
        Guest

        Hi, I used the script to install updates for Windows 7 and internet explorer, and I noticed two side effects:

        1. after restarting, I got prompted to wait when Windows applies updates (obvious). When it ended, PC rebooted itself… and hang on black screen. Not even Bios was initiated.
          yuck… why? This is the first occurrence of such misbehaviour in 4-years lifespan of this machine… After another reset, PC booted as usually.
        2. i was offered KB3118401 update. It was purposedly not-installed and hidden due to potential connection with M$ snooping, as listed in: https://msfn.org/board/topic/173752-how-to-avoid-being-upgraded-to-win-10-against-your-will/?tab=comments#comment-1097746
      • #2211834
        PKCano
        Manager

        Did you have the prerequisites (KB4490628 and KB4474419) installed first?
        Did you include the required Servicing Stack KB4550735?

        KB3118401 is an update for Universal C Runtime. The MS pages say:

        The Windows 10 Universal CRT is a Windows operating system component that enables CRT functionality on the Windows operating system. This update allows Windows desktop applications that depend on the Windows 10 Universal CRT release to run on earlier Windows operating systems

      • #2211835
        Mcinwwl
        AskWoody Lounger

        Servicing stack was applied, following the readme script should recognize it and install before other updates, right?

        Prequisites were installed, I checked using powershell’s get-hotfix.

        KB3118401 do not look like a necessary prequisite. However, if you think it should not be considered part of microsoft snoopware, I will inform original thread author from MSFN to remove it from the list.

        PS past post is mine… you took me by suprise, I have never ever used forum where one can comment as a guest 🙂

      • #2212103
        Mattchu
        AskWoody Lounger

        Just wanted to join to say a big thank you to aboddi86 & PKcano especially for the creation of this and the help supplied to various people.

        Just so Im clear, I dont use Windows 7 much anymore but do have a few boxes that its on, my old man however does still use it and I want to get him up to date. I think group A is the way I`ll go. So Ive checked the prerequisites KB4490628 and KB4474419 installed, Jan SSU [KB4531786] installed, everything done until EOL.

        Downloaded the March CU [KB4540688] and the latest SSU [KB4550735] and placed them in the same folder as the extracted W7ESUI.cmd [as picture]

        Now it should be a case of right click W7ESUI.cmd and “run as administrator”? I don`t need the February CU [KB4537820] or any other SSU?

        Cheers

         

      • #2212106
        PKCano
        Manager

        Now it should be a case of right click W7ESUI.cmd and “run as administrator”? I don`t need the February CU [KB4537820] or any other SSU?

        That’s correct.
        After the reboot, if it asks for one, run the RunOnce_W10_Telemetry_Tasks.cmd if it appears on your desktop to eliminate the telemetry.

      • #2212110
        Mattchu
        AskWoody Lounger

        Cheers PKCano, much appreciated I`ll post back with the results, just doing the first test box now 🙂

      • #2212171
        maisy2
        AskWoody Plus

        I didn’t know if it was good or bad, but I too thought Rollups were better at the EOL era after being strictly security-only all these years.
        Foldered: W7ESUI.cmd / KB4550735 March SSU / KB4537820 (Feb Monthly Quality Rollup)

        Everything purposefully disabled in task scheduler was untouched after the Rollup install.
        – or was it the Telemetry neutralize tweaks?:)
        So nothing changed, although, the Installed Updates window got a clean-up albeit for a load of Microsoft .Net Frameworks; but comforting to find you can find old security-only numbers and older ssu’s if you place what you’re looking for in the upper corner search.

        I hope the coming month will still allow theW7ESUI, SSU & March rollup combo to install through this brilliant development.
        The ReadMe has’# for offline integration’; I had disabled WU and didn’t go offline, # for offline integration meant for the desktop RunOnce_W10_Telemetry_Tasks.cmd but was too hasty to take this into account – I shall do it offline if i get to install again next month.

        Thanks to Creator of this, and wonderful and educational to read the poster’s questions and results on here. Big thank you.

        • This reply was modified 9 months, 3 weeks ago by maisy2.
        • This reply was modified 9 months, 3 weeks ago by Kirsty.
        1 user thanked author for this post.
      • #2212231
        abbodi86
        AskWoody_MVP

        @Mcinwwl
        Universal C Runtime (KB3118401 or KB2999226) is part of VC++ 2015-2019 redistributable, which is used by Office 2016 and later, Firefox, Edge Chromium and others

        while most of them bundle it locally, it’s best practice to have it globally installed
        and it has nothing to do with telemetry or snooping

      • #2212235
        Moonbear
        AskWoody Lounger

        Windows 7 Home Group A

        March SSU and March SMQ rollup installed with no issues



        @abbodi86
        ‘s script works like a dream.

        This was undoubtedly the smoothest update cycle I’ve ever done on a Windows system.

        3 users thanked author for this post.
      • #2212735
        anonymous
        Guest

        Hi,

        I have been installing the monthly roll-ups, the last updates I see when checking for updates with WU, is the 01-2020 monthly preview.

        So I understand I only need the latest march monthly roll-up and SSU, but what about the security roll-up for .NET, is that no longer being updated?

        Thanks

      • #2212854
        abbodi86
        AskWoody_MVP

        It will be updated when .NET need security fixes

        after January, all .NET updates (for other Windows) were non-security

        1 user thanked author for this post.
        KP
      • #2213311
        HanJohnJo
        AskWoody Plus

        I might have missed something, for sure. But we are now in April and the MS-defcon for the March updates is still at 2 but I can’t see the reason, at least for Win 7.  After almost one month patch reliability is still unclear? Maybe now MS-defcon applies only to Win 10 updates.

        Frangar non flectar

      • #2213313
        Paul T
        AskWoody MVP

        Defcon applies to all versions, but individual advice is provided for each version.

        cheers, Paul

        1 user thanked author for this post.
      • #2213316
        anonymous
        Guest

        Win7 ult x64 updated normally via WU, last update 3 updates were:
        Windows Malicious Software Removal Tool x64 – February 2020 (KB890830)
        2020-01 Servicing Stack Update for Windows 7 for x64-based Systems (KB4536952)
        2020-01 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4534310)

        I have extracted W7ESUI zip into a folder, along with the following files:
        windows6.1-kb4550735-x64_18117664b4a0482c3d34a2f05f70c6819296240f
        windows6.1-kb4540688-x64_70ad29faea4602dfa5c3159350afe6ec86e87e52

        I ran the cmd as admin, and it detected the files.

        It installed kb4550735, but it didnt prompt for restart, it just said “finished” and I had to press 9 and then manually restarted.
        I checked installed updates after restart and kb4550735 was there.

        I then did the same again, it extracted the kb4540688 cab, but then it finished stating ” All applicable updates are detected as installed”

        I tried also with the Feb SSU and Monthly rollup, but same thing.

        I did install the first SSU kb4550735 while the internet was disabled, but when installing the rollup the net was enabled, would that have anything to do with it?

        Also, just a note, would it be possible to not auto delete the extracted cab file or an prompt, as I tried many times, and each time it had to extract again.

        thanks.

      • #2213321
        PKCano
        Manager

        Did you have the prerequisites (KB4490628 and KB4474419) installed first?

      • #2213327
        abbodi86
        AskWoody_MVP

        The cab and temporary files are extracted to randomly-named temporary folder
        they cannot be preserved for later usage

        are you sure kb4540688 is not already installed?
        did you verify the integrity of downloaded msu file?

      • #2213430
        Douglas
        AskWoody Plus

        I am a Win7 x64 Pro Group B user. I just finished using the script to install the March updates, KB4540671 and KB4541500. Everything seemed to run fine. It reported both installs were 100% successful.

        However, just before it started removing the temporary files and asking me to press 9, it gave me the following message:

        ==== Error ====
        Windows6.1-KB4541500-x64 require SSU version 6.1.7601.24548

        Is that the servicing stack update KB4550735 that is also a March ESU-only update? I restarted and everything seems to be running just fine. But should I also download that update and use the script to install it?

        Thank you.

      • #2213434
        PKCano
        Manager

        KB4540671 is the IE11 Cumulative Update.
        KB4541500 is the Security-only Update

        You need to install the Servicing Stack KB4550735, which is REQUIRED. That must also be in the folder with the other updates.

      • #2213439
        Douglas
        AskWoody Plus

        Should I rerun the script with all 3 in the folder, or would it be okay with just KB4550735?

        Thanks.

      • #2213466
        PKCano
        Manager

        I’d put all three there just to be sure.
        It’s supposed to install the SSU first.

        1 user thanked author for this post.
      • #2213490
        honx
        AskWoody Lounger

        since we’re on defcon 3 now, do we already know if it’s “safe” to install esu updates using this script (without paid license)? or will windows 7 be not activated/”pirated” at some point in the future? i read something like this, so i’d rather ask before doing anything.

        PC: Windows 7 Ultimate, 64bit, Group B
        Notebook: Windows 8.1, 64bit, Group B

      • #2213514
        You.Are.Ah.Toyyyyy
        AskWoody Lounger

        Did you have the prerequisites (KB4490628 and KB4474419) installed first?

        I went into installed updates and found both of them:
        Update for Microsoft Windows (KB4490628)  Installed 21/03/2019
        Security Update for Microsoft Windows ( KB4474419 ) Installed on 19/09/2019

        The cab and temporary files are extracted to randomly-named temporary folder
        they cannot be preserved for later usage

        are you sure kb4540688 is not already installed?
        did you verify the integrity of downloaded msu file?

        Just checking Installed updates again.
        kb4550735 is there and also kb4537829, so the Feb ssu seems to have installed. But the rollups aren’t installing.

        windows6.1-kb4540688-x64_70ad29faea4602dfa5c3159350afe6ec86e87e52.msu
        sha512: D10FCB521D406564DBE2BFCA78BE9E0D95E22998A57EF204A02DE03CDF64619D3B210694F15CA351C89C39D3E992E0DB80E0C2B6AD3963395E0498D856ED5468

        windows6.1-kb4537820-x64_3ee2a66a320dfe4eea2bda70bf9b5471b014f2a3.msu
        sha512: F5ABF6072C73ECAD556F83F90778A04469785B5365B4941115FA8EEB76455189E550750361A239FB13AA9E7C3D1D8F5DA3CD6A1A5270B3038E9BDD934CB44FE1

        BTW, windows update is still popping up showing me updates to install:
        Windows Malicious Software Removal Tool x64 – March 2020 (KB890830)
        2020-01 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4539601)

        thanks again.

      • #2213569
        You.Are.Ah.Toyyyyy
        AskWoody Lounger

        After checking the AV and other things that might be interfering, I tried again and it still gave the message “All applicable updates are detected as installed”.

        So I looked over the readme a few more times, and thought I had better double check the storage space.  It was low, but I wasn’t sure how much space the final extracted files took, so I deleted some files to meet the recommended 10gb free space.

        After trying once more, it finally worked, and the installation completed and the update was visible in the Installed Updates list.

        Is there maybe a way to alert that there wasn’t enough storage when extracting the files during installation?  Because at the moment, even though it seems all the files were not successfully extracted, the final message was simply no update was necessary.

      • #2213602
        Cybertooth
        AskWoody Plus

        Shortly (~45 sec.) after running the script for the February patch batch, Bit Defender popped up an alert:

        CMD

        False positive? Unrelated coincidence?

         

        Attachments:
      • #2213632
        Paul T
        AskWoody MVP

        BD is looking for activities that change Windows itself and that is exactly what the script does, so the report is correct. You can safely ignore the warning because you want Windows changed.

        cheers, Paul

        2 users thanked author for this post.
      • #2213719
        EP
        AskWoody_MVP

        Shortly (~45 sec.) after running the script for the February patch batch, Bit Defender popped up an alert:

        CMD

        False positive? Unrelated coincidence?

         

        add the script to “exclusion” or Ignore list in BitDefender

        1 user thanked author for this post.
      • #2213721
        EP
        AskWoody_MVP

        Did you have the prerequisites (KB4490628 and KB4474419) installed first?

        I went into installed updates and found both of them:
        Update for Microsoft Windows (KB4490628)  Installed 21/03/2019
        Security Update for Microsoft Windows ( KB4474419 ) Installed on 19/09/2019

        The cab and temporary files are extracted to randomly-named temporary folder
        they cannot be preserved for later usage

        are you sure kb4540688 is not already installed?
        did you verify the integrity of downloaded msu file?

        Just checking Installed updates again.
        kb4550735 is there and also kb4537829, so the Feb ssu seems to have installed. But the rollups aren’t installing.

        windows6.1-kb4540688-x64_70ad29faea4602dfa5c3159350afe6ec86e87e52.msu
        sha512: D10FCB521D406564DBE2BFCA78BE9E0D95E22998A57EF204A02DE03CDF64619D3B210694F15CA351C89C39D3E992E0DB80E0C2B6AD3963395E0498D856ED5468

        windows6.1-kb4537820-x64_3ee2a66a320dfe4eea2bda70bf9b5471b014f2a3.msu
        sha512: F5ABF6072C73ECAD556F83F90778A04469785B5365B4941115FA8EEB76455189E550750361A239FB13AA9E7C3D1D8F5DA3CD6A1A5270B3038E9BDD934CB44FE1

        BTW, windows update is still popping up showing me updates to install:
        Windows Malicious Software Removal Tool x64 – March 2020 (KB890830)
        2020-01 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4539601)

        thanks again.

        install the KB4539601 rollup first.

        Jan. 2020 rollups (either KB4534310 or KB4539601) are also required before installing any new ESU based updates from Feb. 2020 and later

      • #2213810
        abbodi86
        AskWoody_MVP

        Neither KB4539601 or kb4537820 are needed, March rollup kb4540688 is enough

        @You.Are.Ah.Toyyyyy
        the numbers/letters before .msu extension are SHA1 hash, you should verify against that

      • #2213962
        You.Are.Ah.Toyyyyy
        AskWoody Lounger

        I already posted an update yesterday a few posts up, thanks.

        1 user thanked author for this post.
      • #2214165
        maisy2
        AskWoody Plus

        Grateful I got to install the March rollup too now that it’s April.😊 In a roundabout way this is great as I’ve finally found that the new rollup does immediately overwrite the previous month’s rollup in the Update history. – it’s no more, gone even in searching for it at the top corner. I’ve been unsure of this in updating my reset win 8.1 laptop since the start of the year. I wasn’t sure rollups overwrite instantly after new updates. This fact couldn’t be found online, leaving me wondering if my pc was malfunctioning. And it did not help that I find Ms Mvp saying in a slightly older MS answer forum that if it’s not in the Update history opposed to the Windows history that it is not installed.
        Sorry for my long-windedness but I wish there was a written notation by MS to affirm this. All this for being new to cumulative rollups.😌
        The Update history that was thought to be cleaned-up has reappeared whole again as well. So glad I got to do this in two parts. Thank you.

      • #2214170
        PKCano
        Manager

        Rollups are CUMULATIVE. That means the later one contains the one(s) before. SO, once the March Rollup is installed it would be redundant to have the Fem also listed b/c it is contained in the Mar Rollup. So the Feb, Jan, Dec, Nov…. Rollups are no longer listed.

        1 user thanked author for this post.
      • #2214174
        Chriski
        AskWoody Lounger

        I have 3 Win 7 laptops I have been keeping up to date. I used this wonderful script on two of them, and it went without a hitch. I moved onto the 3rd today with full confidence…

        I have also been venturing into win7/kubuntu dual boot territory because of  the online implications of using win 7 for important things. This 3rd machine is the dual boot machine and my guess is that is why the update try went awry.

        The cmd file displays a line about a “patchable module etc.” and then exits. Opening up a cmd window as admin and executing the script yields the same start and an exit with “syntax of the command is incorrect.” I edited the cmd file, turned of echo, and turned on debug, but my capability with command files is limited and quite rusty.

        I fear this is a very lot to ask, but I was hoping that after a quick look (it doesn’t take long to exit) you might be able to suggest something simple that might help the script to get on it’s way.

        Or a simple answer (understandably) is that my situation is beyond the scope of the original design intent, and is not worth the time and effort.

        Thanks in advance,

        Chris

        Attachments:
      • #2214185
        maisy2
        AskWoody Plus

        Oh yes that line of thought always made sense, but checking successful installs of many, many security patches on a new laptop produced confusion, especially reference to this pre-2016 answer made it worse. Thank you so much, one less worry for sure.😊

      • #2223045
        davinci953
        AskWoody Plus

        The same thing is happening on my Windows 7 system. The command window opens, indicates that “Patchable module found: C:\Windows\system32\GDI32.dll with hash 4dd319b1e6b8a09d121ad669dbcbab95bacad64e”, and then closes. February updates ran as expected, and I have the March SSU installed, but I can’t get it to work with the March updates (security only).

      • #2223229
        abbodi86
        AskWoody_MVP

        Are you using 0patch?
        https://0patch.zendesk.com/hc/en-us/articles/360012826660–Patchable-module-found-string-appears-in-console-based-applications

        you don’t really need W7ESUI.ini for live os installation, so just delete it and try again

        for some reason, the script fail to set the required variables correctly because of W7ESUI.ini presence
        so it error and exit before doing anything

        • This reply was modified 9 months, 2 weeks ago by abbodi86.
        • This reply was modified 9 months, 2 weeks ago by abbodi86.
        • This reply was modified 9 months, 2 weeks ago by abbodi86.
        2 users thanked author for this post.
      • #2223290
        Chriski
        AskWoody Lounger

        Are you using 0patch?
        https://0patch.zendesk.com/hc/en-us/articles/360012826660–Patchable-module-found-string-appears-in-console-based-applications

        you don’t really need W7ESUI.ini for live os installation, so just delete it and try again

        for some reason, the script fail to set the required variables correctly because of W7ESUI.ini presence
        so it error and exit before doing anything

        • This reply was modified 9 months, 2 weeks ago by abbodi86.
        • This reply was modified 9 months, 2 weeks ago by abbodi86.
        • This reply was modified 9 months, 2 weeks ago by abbodi86.

        I (of the 3 Win 7 laptops above) AM using 0patch. A study of running them together via this thread and 0patch lead me to conclude it would probably be ok, and I tried 0patch on the 3 machines first.

        Anyway, got rid of the .ini file, and the script is running and chugging along right now. Thanks for your help.

        (NB: I did NOT remove the ini file on the other 2 laptops, and the script ran fine. They also have 0patch. Also the “patchable module” message was gone on the latest one — 0patch probably updated. I saw a note to that effect.)

        Chris

      • #2223319
        davinci953
        AskWoody Plus

        I deleted the ini file, and the script ran as expected. Thank you much. I have 0patch installed on the system, but it’s not active. That’s probably the reason the fix didn’t get installed.

        1 user thanked author for this post.
      • #2223339
        Chriski
        AskWoody Lounger

        abbodi’s suspicion that 0patch had a tie in to the script erroring out was right on.

        I circled back (out of curiosity) and put the ini file back in with the cmd script, and with 0patch now fixed (according to the link posted above from 0patch.zendesk), the script runs through to asking to proceed or exit, which is past where the problem was occuring.

        You are truly a wizard, sir!

        Thanks for all you do.

        Chris

        3 users thanked author for this post.
      • #2223870
        anonymous
        Guest

        I just downloaded W7ESUI and the March Cumulative Update (KB4540688).  I assume I do not need to install the February Cumulative Update first.

        Do I need to install Service Stack Updates?

        If I will need SSIs, how do I find out which ones I need?

         

      • #2223872
        PKCano
        Manager

        You need the Servicing Stack for March.
        If you read through this thread you will find the information you need.
        You should also read @abbodi86 ‘s ReadMe file.

      • #2224054
        anonymous
        Guest

        The script said it installed

        KB4537828 – Feb SSU

        KB4550735 – Mar SSU

        KB4537820 – Feb Monthly and

        KB4540688 – Mar Monthly in that order

        But KB4537820 – Feb Monthly does not show up as installed in Windows Update?

        The other three are there.

      • #2224058
        PKCano
        Manager

        Monthly Rollups are CUMULATIVE.
        By definition, Mar Rollup KB4540688 contains Feb Rollup KB4537820 and the preceding Rollups from Jan, Dec, Nov, etc, So it is no longer necessary to list the older Rollups (it would be redundant).

      • #2224092
        KP
        AskWoody Plus

        On one PC I run and installed successfully

        KB4550735 – Mar SSU
        KB4540688 – Mar Monthly

        in that order. There was no need to install the Feb SSU or Feb Monthly Rollup.

        • This reply was modified 9 months, 2 weeks ago by KP.
      • #2224091
        anonymous
        Guest

        Thanks much for all the help you give to me and everyone.

      • #2224095
        KP
        AskWoody Plus

        0x800f081f – solution if this helps someone.

        First, thanks to @abbodi86 for the 5-star W7ESUI.cmd .

        This came about, installing patches in this order:
        2020-02 Service Stack Update – KB4537829
        2020-02 Monthly Rollup – KB4537820
        2020-03 Service Stack Update – KB4550735
        2020-03 Monthly Rollup – KB4540688

        (I know I did not need to run the February SSU and February Monthly Rollup, but I did it as an experiment.)

        You can see it failed on the 2020-03 Monthly Rollup – KB4540688 {Failed 0x800f081f(1).PNG}

        I let Windows Update run and you can see, it installed:
        .NET 4.8 KB4503548
        Windows 7 Update KB2952664
        2019-07 Windows 7 Update KB4493132

        {WindowsUpdates for W7ESUI.PNG}

        The last two are Telemetry
        KB2952664 – see AKB2000004, AKB2000007
        KB4493132 – see AKB2000003

        My guess is that .NET 4.8 (KB4503575) allowed KB4540688 (2020-03 Monthly Rollup) to succeed using W7ESUI. This you can see in the Program&Features picture{Program&Features.PNG}.

        oddities:
        1) .NET 4.8 shows up as KB4503548 in Windows Update and as KB4503575 in Program&Features
        2) KB4537820 (2020-02 Monthly Rollup) is missing in the Program&Features listing, as noted in previous posts.

        After you get the March patches installed, you can remove the Telemetry in the following order (or not install them in the first place):

        KB4493132

        KB2952664

         

        Failed-0x800f081f1

        WindowsUpdates-for-W7ESUI

        ProgramFeatures

        • This reply was modified 9 months, 2 weeks ago by KP.
        • This reply was modified 9 months, 2 weeks ago by KP.
        • This reply was modified 9 months, 2 weeks ago by KP.
        • This reply was modified 9 months, 1 week ago by Kirsty.
        Attachments:
        2 users thanked author for this post.
      • #2241397
        Mattchu
        AskWoody Lounger

        Just wanted to confirm the April updates installed 🙂

        April

        Attachments:
        2 users thanked author for this post.
      • #2241426
        PKCano
        Manager

        You also need the SSU KB4550738

      • #2241446
        Mattchu
        AskWoody Lounger

        Cheers bud, didnt know there was an SSU update this month…

        p.s. They installed fine without it anyway.

        p.p.s. Installed now on 2 boxes 🙂

        • This reply was modified 9 months, 1 week ago by Mattchu.
        • This reply was modified 9 months, 1 week ago by Mattchu.
        1 user thanked author for this post.
        KP
      • #2241608
        anonymous
        Guest

        I am on Windows 7 Home Premium 32 bit. I successfully installed SSU KB4550738 with the script and rebooted. Then I successfully installed the April 14, 2020 rollup—KB4550964. What’s weird is it did not ask me to reboot the system after installing the rollup. I checked installed updates and KB4550964 was listed. I rebooted anyway and my machine simply rebooted without configuring updates. This KB includes kernel updates so how could this install without configuring on a reboot?

      • #2241642
        EP
        AskWoody_MVP

        just to let folks know that there’s an 0.2 version of the script available several days ago from here

        (in case the very 1st post can’t be updated to point out the newest version)

        3 users thanked author for this post.
      • #2241663
        RDRguy
        AskWoody Lounger

        Can anybody comment on what/why it was changed (e.g. bug fixes, new capability, etc) and whether or not we should now be using the updated 0.2 version vs the original 0.1 version?

        Edit: Answered my own question …
        Opened the Changelog contained in the “W7ESUI-ReadMe” file which states …

        – 0.2:
        added support to install SHA2 updates KB4490628 and KB4474419 if detected

        That answers that 🙂

        Win7 - PRO & Ultimate, x64 & x86
        Win8.1 - PRO, x64 & x86
        Groups A, B & ABS

        • This reply was modified 9 months, 1 week ago by RDRguy.
      • #2241682
        abbodi86
        AskWoody_MVP

        I was waiting to confirm that the procedure is still working with April updates, before announcing v.0.2 🙂

        the second version simply add support to install SHA2 support updates, if not already installed
        meaning, put msu files for KB4490628 and KB4474419 along with ESU updates msu files, and the script will install them for you first

        5 users thanked author for this post.
      • #2241685
        Moonbear
        AskWoody Lounger

        Does that mean we don’t need the 0.2 version if we already have the SHA2 updates installed?

        Or would be a good idea to go ahead and download the newer script anyway?

        • This reply was modified 9 months, 1 week ago by Moonbear.
        1 user thanked author for this post.
      • #2241695
        abbodi86
        AskWoody_MVP

        No urgent need
        but it’s best to use the latest version, no installation needed 🙂

        2 users thanked author for this post.
      • #2242282
        anonymous
        Guest

        Any urgent need to install the April ESU updates?

      • #2242285
        PKCano
        Manager

        No emergencies at this point. You can wait for DEFCON-3 or above (or whenever you decide to do it).

      • #2242570
        PKCano
        Manager

        Rollups include the Security-only updates, the IE11 Cumulative update and the non-security patches.
        .NET updates are not included in the Rollups.

        1 user thanked author for this post.
      • #2242560
        anonymous
        Guest

        Do Monthly Rollups include updates to IE?  How about .NET Framework?  If I remember correctly .NET Framework were separate updates in Windows Update.

      • #2242782
        anonymous
        Guest

        How does the script W7ESUI.cmd  get added to “exclusions” in BitDefender?  No matter how I try to enter it I get an “Invalid Path” message.

      • #2242784
        anonymous
        Guest

        So will .NET updates continue to show up in Windows Update if they are needed?

        1 user thanked author for this post.
      • #2242793
        PKCano
        Manager

        See the “* How to use on live OS:” section in”#2209020 above.
        You should read the instructions (and the ReadMe file too).

      • #2242837
        Cybertooth
        AskWoody Plus

        To do this, open Settings in the BitDefender window (it’s the cog wheel at top right), then in the drop-down menu select Exclusions. From there, click on Add Exclusion and navigate to the file/folder that you want to exclude, and select it.

        That’s it!

         

      • #2242879
        anonymous
        Guest

        I got it to add but it looks like this w7esui[1].cmd.  Where did the [1] come from and what is it doing there?  Is it OK that way?

      • #2242881
        Cybertooth
        AskWoody Plus

        That suggests that you’ve ended up with two copies of that .CMD file in the same folder. For example, if you have a file called baberuth.jpg in your Downloads folder, and then from a USB flash drive you copy a file called baberuth.jpg onto the same Downloads folder, the file that you just copied over will have that “[1]” added to its file name so that you can tell it apart from the one you already had.

        Look for the folder(s) where you’re storing the files w7esui.cmd and w7esui[1].cmd. You should discover that you have a copy of each in the same folder somewhere.

         

      • #2242883
        anonymous
        Guest

        It says I need these items

        a) if you are Group A user, you need:
        latest Servicing Stack Update
        latest Security Monthly Rollup
        latest .NET rollup

        I see the SSUs that are needed listed in the docs for the Monthly Rollup.  But I can’t find anything on what .NET rollups (latest?) are needed.  Nor do I have any idea on where to find .NET rollups.

        Please excuse my lack of knowledge.

         

      • #2247729
        EP
        AskWoody_MVP

        latest .NET Rollup for Windows 7 is KB4535102 from Jan 2020 – nothing higher than that:
        https://support.microsoft.com/help/4535102/

        2 users thanked author for this post.
      • #2247785
        EP
        AskWoody_MVP

        only if you have not installed the latest one

        latest .NET rollup for Win7 is KB4535102 (as I said below) before “free” support for Win7 ended in mid-January 2020

      • #2251961
        anonymous
        Guest

        Confused.  KB4535102 shows as successfully installed 1/24/2020 in update history,  but comes up as “No items match your search.” in Installed Updates.  Of course it does not come up in Windows Update.

        Is it installed or is it not installed?

        Should I pull it from the catalog and try installing it using W7ESUI?

      • #2251965
        PKCano
        Manager

        Look on the MS pages for KB4535102.
        KB4535102 is a .NET Rollup composed of a bundle of individual patches for each of the versions of .NET
        The Rollup’s KB number will not show up in Installed Updates, but any of the individual patches that were installed will be listed.
        Look under the section “Additional information about this update.” If any of those KB numbers show in Installed Updates, those are the version(s) of .NET installed on your computer that received updates.

        1 user thanked author for this post.
      • #2252014
        anonymous
        Guest

        KB4532945 shows in installed updates.  Now I can stop being concerned about this. Thank you.

      • #2252964
        anonymous
        Guest

        You are very good at explaining things in a way that even I can understand.  Thank you.

        1 user thanked author for this post.
      • #2255853
        glnz
        AskWoody Plus

        It’s April 27.  Is this still working?  Thanks,

      • #2255855
        PKCano
        Manager

        The script and instructions were revised for the April updates.

      • #2255873
        glnz
        AskWoody Plus

        PKCano – what would we do without you?  What is Defcon for the April updates for Win 7 Pro 64-bit?

      • #2255874
        PKCano
        Manager

        The DEFCON number displayed at the top of the site applies to ALL versions of WIndows. Current month = April

      • #2257425
        anonymous
        Guest

        Hi,
        May be I am actually a dim person but I can’t work out from the instructions for th Stand alone script for Win7 ESU.

        No problem with downloading the W7ESUI.cmd and W7ESUI.ini, the next part is where I fail. . . . .   what exactly does place W7ESUI.cmd next to the download files mean?
        Put them all in a new folder?
        I tried that and nothing happened. So I tried entering the Windows 7 update file location in  2] select updates location in the command window and the returned message is ‘specified location is not valid’.
        The update is in a folder on the C: drive –  c:\win7sp1_esu\Win7SP1-kb4550964-x86

        Any advice, suggestion, instruction would be most welcome.

        Many thanks.

      • #2257453
        PKCano
        Manager

        what exactly does place W7ESUI.cmd next to the download files mean? Put them all in a new folder?

        Yes, everything in the same folder then execute the script.

      • #2257491
        Gordski
        AskWoody Plus

        Yes, and I already did that to no avail. Does it not need me to enter the location of the update at line 2] of the script. But when I do that it doesn’t accept the location of the Windows7 update file, as I pointed out in the previous post (please refer back to it).

        Any other suggestions?

        Thank you and best regards,
        Gordon

      • #2257497
        PKCano
        Manager

        Extract W7ESUI.cmd from the zip file, or extract the whole zip file

        Copy or move W7ESUI.cmd and place it next to (in the same folder as) the downloaded msu files
        ini file W7ESUI.ini is not really necessary in this case

        Right-click on W7ESUI.cmd and “Run as administrator

        If all goes well, you should get cmd window

        Now press the zero 0 number on keyboard to start the process

        At the end, restart the system if prompted

      • #2257520
        Cybertooth
        AskWoody Plus

        The wording about placing the CMD file “next to” the MSU files has generated more than one question. (I would have been added to the list had I not seen the first time it was posed.) It may help to edit the original instructions to direct the user to place the CMD file in the same folder as the MSU files; that way you won’t have to keep explaining what “next to” means.

        2 users thanked author for this post.
      • #2257538
        WSRobF228
        AskWoody Plus

        I’m a home user with Win7 x64 pro. Just using a workgroup for the household. Am I a “Group A” user?

        Thank you much!

      • #2257540
        PKCano
        Manager

        If you have been installing the Monthly Rollups through Windows Update, you are a Group A user.

        If you have been downloading from the MS Catalog and manually installing the Security-only Updates and the IE11 Cumulative Updates, you are a Group B user.

      • #2257583
        Gordski
        AskWoody Plus

        Problem solved.

        Because I had changed the name of the update slightly the script was not happy with the new name.

        I binned the first update file that I renamed and another original and left it as is, put it in the folder with the  W7ESUI enabler pressed the button and hey-ho it all works.

        (Moral of that saga is don’t mess with stuff unecessarily)

        Thank you me.

      • #2257904
        Duncan
        AskWoody Plus

        As Windows 7 and Windows Server 2008 R2 are on the same software base, is it possible to use this on Server 2008 R2 ? Any suggestions?

      • #2258001
        anonymous
        Guest

        Is W7ESUI_0.2.ZIP the revised script for April?  Thanks.

      • #2258064
        PKCano
        Manager

        Yes. script and instructions updated for April.

      • #2258182
        Cybertooth
        AskWoody Plus

        Quick questions: for Group B, can I use an earlier version of the script + instructions to apply the April updates? Or, conversely, can I use the April version of the script to apply updates for March?

         

      • #2258184
        PKCano
        Manager

        The April version works for March and April.

        1 user thanked author for this post.
      • #2258220
        anonymous
        Guest

        I just installed the March update by following your instruction “Put SSU KB4550735, all the Security-only updates, and the latest IE11 CU KB4540671 in the folder with the script. The script will install the SSU first and then the rest of the updates.”  dated March 22, 2020.

        A big THANK YOU.

      • #2258246
        abbodi86
        AskWoody_MVP

        Yes, it will work for Server too

        1 user thanked author for this post.
      • #2260467
        woody
        Manager

        Nope, the Seven Semper Fi machine is, and will continue to be, completely clean. Unless MS releases patches for the unwashed (and unpaying) masses, of course.

        2 users thanked author for this post.
      • #2260523
        honx
        AskWoody Lounger

        i still haven’t installed any post esu-group b windows 7 and ie patches (february, march, april) and that ssu kb4550734. if i decide to risk it this month, will that new script work through all these patches in the right order (including that ssu)?.

        PC: Windows 7 Ultimate, 64bit, Group B
        Notebook: Windows 8.1, 64bit, Group B

      • #2260529
        PKCano
        Manager

        See here and here and here.
        Be sure you have the prerequsites installed (see instructions at the top).
        Put the script .cmd file, the latest SSU (April), the latest IE11 CU, and all SOs (Feb-April) in a folder. See #2257497.
        Right-click and run the .cmd file as Admin.
        Press 0 (zero) to install.
        Wait till it finishes and reboot.

        2 users thanked author for this post.
      • #2260546
        honx
        AskWoody Lounger

        thx, according to wmic qfe | find “…” both prerequsites kb4490628 and kb4474419 are both installed.

        do we already know if there will be some disadvantages in future if we i go this route inofficially installing post-esu-patches without paying. something like os not “genuine” any more or other shenanigans this kind? i really fear installing these updates!

        PC: Windows 7 Ultimate, 64bit, Group B
        Notebook: Windows 8.1, 64bit, Group B

      • #2260552
        PKCano
        Manager

        So far no problems on mine.
        I’m sure @abbodi86 will handle whatever comes up 🙂

        2 users thanked author for this post.
      • #2260555
        EP
        AskWoody_MVP

        speaking of KB4538483, it got a recent revision this May 2020

        expand the “file information” sections for all supported X86 and X64 versions to see updated files from MS support article 4538483:
        https://support.microsoft.com/help/4538483/

      • #2261021
        byteme
        AskWoody Plus

        Win7 Home Premium 64-bit. Group B.

        I just used abbodi86’s .cmd script to install the April Win7 64-bit security-only updates — having previously used it for February (as described in a previous post) and March.

        SHA2 support updates KB4490628 and KB4474419 had already been installed on my PC (in 2019), and I’m helping another Group B-er to install each month’s updates, so I kept things simple and stuck with the original version of the script.

        I put four files in an otherwise-empty folder: (1) abbodi86’s .cmd file, (2) the April SSU (KB 4550738), (3) the April Win7 SO update (KB 4550965), and (4) the April IE SO update (KB 4550905).

        Then I right-clicked on the .cmd file, chose Run as Administrator, and hit 0 in response to the opening menu.

        The script took just under 30 minutes to complete, and I hit 9 at the end (as instructed) to exit.

        Then I restarted Windows (also per the script’s instructions), and it was the usual more involved (“Configuring Windows updates…”) post-updates restart, and it took around 10 minutes.

        Everything seems normal, and I once again thank abbodi86 for his script.

        5 users thanked author for this post.
      • #2261097
        glnz
        AskWoody Plus

         

        WOW – IT WORKED!

        Now I can update the old 7 machine in my wife’s SOHO.

        THIS IS GREAT!!!

        Will this work again in a month when Woody gives us Defcon 3 for the May updates?

        Thanks to abbodi86 and PKCano for translating some of the details!!!

         

        • This reply was modified 8 months, 2 weeks ago by glnz.
        1 user thanked author for this post.
      • #2261131
        Paul T
        AskWoody MVP

        Will this work again in a month

        No guarantee MS won’t try to plug this gap, but details will be provided here.

        cheers, Paul

      • #2261224
        honx
        AskWoody Lounger

        i just read about another ssu kb4550738 (april). is this covered by the 0.2 script or will it be only subject for future script version (may)?

        if latter i think it’s better to wait until defcon 3 or higher for may to install all missing post-esu-updates and corresponding ssu using that script…

        and will i still need march ssu as well (both ssu in same folder with that script) or only newer one?

        PC: Windows 7 Ultimate, 64bit, Group B
        Notebook: Windows 8.1, 64bit, Group B

        • This reply was modified 8 months, 1 week ago by honx.
      • #2261228
        PKCano
        Manager

        The 2 script covers all updates to date.
        The list of updates you need is in #2260529.

      • #2261696
        Qnu
        AskWoody Lounger

        Will this work again in a month

        No guarantee MS won’t try to plug this gap, but details will be provided here.

        cheers, Paul

        I think the chances are slim to none, how many people use this? A couple hundred? Not really worth the trouble to go out of your way to plug it. Also, the majority of us are using it on HOME PCs, so they are not losing money simply because we can’t even buy it. We “steal” updates we can’t pay for anyway. And Win10 is still for free as far as I know if you have a Win7 key. Correct me if I am wrong. 🙂

        It’s an issue that costs MS money to fix, but gains them 0 money. Almost all business would not bother with this.

        • This reply was modified 8 months, 1 week ago by Qnu.
        1 user thanked author for this post.
      • #2261944
        Mattchu
        AskWoody Lounger

        Just to confirm that the May Windows 7 updates have installed using the v2 script on:

        Windows 7 x64 Cumulative and Security.

        Windows 7 x32 Cumulative [will be trying security layer]

        Cheers…

        4 users thanked author for this post.
      • #2262010
        Qnu
        AskWoody Lounger

        I am on March ESU updates.

        I skipped April ESU update, now with May I wanna get up to date again.

        All I need is the v.02 Installer, the April SSU and the May monthly rollup, right? I am group A.

        • This reply was modified 8 months, 1 week ago by Qnu.
      • #2262212
        abbodi86
        AskWoody_MVP

        You better go ahead with May SSU KB4555449

        4 users thanked author for this post.
      • #2262229
        A1ex
        AskWoody Plus

        I installed the May SSU ok, are there some update files I need.

        I would appreciate a monthly list of the required kb files for each months updating process, if that’s possible.

        A1ex

      • #2262230
        PKCano
        Manager

        See the top post in this thread.

        There is also a list on the Win7 Update History site. If you click on the support pages, the SSU is listed there.

        2 users thanked author for this post.
      • #2262231
        abbodi86
        AskWoody_MVP

        Group A:
        get the latest Monthly Rollup from Win7 update history
        https://support.microsoft.com/en-us/help/4009469

        it should also contain reference to latest SSU

        Group B:
        you need latest SSU, latest IE11 Cumulative, and each month Security Only update
        https://www.askwoody.com/forums/topic/2000003-ongoing-list-of-group-b-monthly-updates-for-win7-and-8-1/

        for .NET updates, you can foloow the blog:
        https://devblogs.microsoft.com/dotnet/net-framework-may-2020-security-and-quality-rollup-updates/

        5 users thanked author for this post.
      • #2262363
        Mattchu
        AskWoody Lounger

        So as folks may by now know there was an “issue” with the .Net update for May, Abbodi86 has posted a solution but there was another [not sure if posted] which is easy and worked for me.

        All credit to vinzf and pesho_georgiev from mdl.

        Here’s how to successfully install the infamous .NET May Update:
        1. Download this:
        http://download.windowsupdate.com/d/msdownload/update/software/secu/2020/05/ndp48-kb4552921-x86_608b67e4011b9e103ca18deadbfc013d1c328508.exe (x86)
        http://download.windowsupdate.com/d/msdownload/update/software/secu/2020/05/ndp48-kb4552921-x64_6912af0422fc16a14f4f398fda98117f1e2f01b8.exe (x64)
        2. Create a shortcut of the executable.
        3. Right click on the shortcut and go to Properties.
        4. On the Target box, add this: /msioptions “ESU_LOCK=2D40812E-974C-4EA2-8DCC-63C992D505B9” (make sure to add a space before adding it)
        5. Click Apply and OK.
        6. Run the shortcut and proceed with the installation.

        On the “Properties Box” of the right clicked shortcut, make sure you add the /msioptions, etc line from number 4. after the .exe that is already in the box [dont overwrite the lot].

        Cheers…

        4 users thanked author for this post.
      • #2262530
        Qnu
        AskWoody Lounger

        You better go ahead with May SSU KB4555449

        Do I need to install the April SSU before installing the May SSU?

      • #2262532
        PKCano
        Manager

        You need the April SSU preinstalled before you can install the May Rollup or SO/IE11 if you don’t install the May SSU at the same time as the May patches.
        The May SSU will be necessary for the June patches.
        But if you install the May SSU along with the May Rollup or SO/IE11, you do not need to install the April SSU first.

        3 users thanked author for this post.
      • #2262535
        Qnu
        AskWoody Lounger

        Thanks, so basically, May SSU, May Rollup and then run the script and it will install the SSU prior to the Rollup automatically.

      • #2262704
        Qnu
        AskWoody Lounger

        Reporting that I installed May Rollup, May SSU as well as NET. Framework 3.5.1 and 4.7.2 update with aforementioned methods. No issues and everything works smoothly. Thanks for all the help and assistance, as usual. 🙂

        Out of curiosity: What would happen if you try to install a NET. Framework update version that you don’t have installed on your windows? I used a tool to determine which I had, it showed 3.5 and 4.7.2 so I only installed those two.

        • This reply was modified 8 months, 1 week ago by Qnu.
        • This reply was modified 8 months, 1 week ago by Qnu.
        2 users thanked author for this post.
      • #2262824
        abbodi86
        AskWoody_MVP

        It give you error message about blocked or mismatched situation

      • #2263194
        RDRguy
        AskWoody Lounger

        Referencing @Mattchu‘s post above #2262363, a word of warning … if you copy & paste:

        /msioptions “ESU_LOCK=2D40812E-974C-4EA2-8DCC-63C992D505B9”

        … the ESU .NET update will fail to install & you’ll get the 643 error.

        But, if you copy & paste:

        /msioptions "ESU_LOCK=2D40812E-974C-4EA2-8DCC-63C992D505B9"

        … from @abbodi86‘s post #2262211, the ESU .NET update should install correctly.

        Though both look the same, the difference is the “” marks … “” (fails) vs “” (works)

        This is true for both @abbodi86‘s command prompt method or @Mattchu‘s shortcut method.

        EDIT: when this reply is submitted for posting, both “” marks end up looking the same – probably due to @Mattchu‘s post being originally submitted using “visual” text while @abbodi86‘s post was submitted using plain “text” mode and now because my post contains @Mattchu‘s “visual” quote marks, even though I’m submitting this post in plain text mode, after processing, it’s being posted as “visual” text so everyone’s “” marks in my post look exactly the same.

        You need to actually look at both @Mattchu‘s & @abbodi86‘s posts to see the difference in their “” marks. Again, @Mattchu‘s fails & @abbodi86‘s works.

        Moderator note: I’ve fixed the “correct” post so it copies correctly.

        Win7 - PRO & Ultimate, x64 & x86
        Win8.1 - PRO, x64 & x86
        Groups A, B & ABS

        • This reply was modified 8 months, 1 week ago by RDRguy.
        • This reply was modified 8 months ago by Kirsty.
        4 users thanked author for this post.
      • #2263242
        Qnu
        AskWoody Lounger

        Can confirm, that happened to me too. Only abbodi86 works.

        1 user thanked author for this post.
      • #2263276
        7ProSP1
        AskWoody Lounger

        First of all, a sincere thank you to everyone for your informative contributions to this topic which allow us to continue staying safe while using Windows 7.

        This has given me both a revelation and resulted in a few additional .NET related questions:

        I have both 4.5.2 and 3.5.1 installed on my system but I ignorantly and erroneously assumed that by keeping 4.5.2 continually updated with 4.5.2 security fixes that 3.5.1 would also be updated. Oops. After checking my Windows Update history I have learned that the last time a security update to 3.5.1 was applied was with KB3163425 on July 12, 2016. (Did I say Oops?) I immediately went ahead and successfully installed 3.5.1 security only update KB4552965.

        Here are my questions:

        1. I assume .NET security and quality rollup updates are cumulative while .NET security only updates have to be applied successfully to get the full benefit of their intended protection, correct? While I’m OK with 4.5.2, I’m obviously way out of sync with 3.5.1.

        2. What is the risk of installing the .NET security and quality rollups? Is there telemetry hidden in these updates like the regular Windows 7 security and quality rollups? I have always been a Group B user and I prefer to remain that way but I’m obviously concerned what risks are posed by not taking the appropriate sooner-than-later steps to plug the holes that are still present in 3.5.1.

        Finally, rhetorically, why does Microsoft have to have such disdain towards Windows 7 users?

        1 user thanked author for this post.
      • #2263280
        abbodi86
        AskWoody_MVP

        .NET rollups are free from telemetry, and they hardly cause any issues

        2 users thanked author for this post.
      • #2263281
        PKCano
        Manager

        .NET has never been included in Group B patching. The telemetry Group B is avoiding is in the Windows Security and Quality Monthly Rollup and in the individual telemetry patches like KB2952664.
        There is no problem with installing the .NET Rollup.

        2 users thanked author for this post.
      • #2263345
        PKCano
        Manager

        I have updated one of my WIn7 Ultimate VMs with the MAY patches on May 17, 2020.
        It have .NET 3.5.1 and 4.7 installed.

        I put KB4556836 (Rollup), KB4555449 (SSU) and KB4552940 (the .msu patch for .NET 3.5.1) in a folder with @abbodi86 ‘s script. Then executed the script as admin.
        I executed (as admin) the .exe patch for .NET 4.7 KB4552919 with the Bypass switches as per @abbodi86 in #2262211.

        Everything installed correctly.


        Update
        : Two more done (same versions of .NET) without problems.

        5 users thanked author for this post.
      • #2263349
        7ProSP1
        AskWoody Lounger

        I know AKB 2000003 has never included .NET updates when there were some issued but I erroneously assumed they included telemetry of some sort.

        It’s a rather unusual feeling when a Windows 7 user realizes that Microsoft is issuing quality updates that actually only include quality updates.

         

        1 user thanked author for this post.
      • #2263386
        alpha128
        AskWoody Plus

        I’m also running .NET 4.7, so the procedure you outlined above is exactly what I plan to do.  Glad to learn it works!

      • #2263545
        analogkid
        AskWoody Plus

        Just a question for us 0patch users….

        I purchase 0patch pro in March after my one month trial. I have also installed the Win 7 ESU updates through April using the “abbodi86” method and everything seems to be running well.

        The AskWoody PLUS Newsletter that arrived this morning in my inbox had and article entitled  “.NET Framework oddities and ESU issues highlight May patching”.

        In it there is the recommendation to purchase an ESL key but what about those of us who have purchase 0patch pro? Are we still vulnerable?

         

        "An analog kid in a digital world"

        Win7 Ultimate home built desktop Running 0patch Pro

        Win 8.1 desktop and two 8.1 laptops

        Win 10 Dell desktop (took the plunge)

        and two very old home built Win XP desktops (offline for use with an old Epsom Photo scanner)

      • #2263866
        Paul T
        AskWoody MVP

        0patch would say “no, you are not vulnerable”, which is the whole point of switching to an alternative update mechanism. If 0patch misses stuff I’m sure we’ll hear about it, but in the meantime, continue to backup regularly.

        cheers, Paul

        1 user thanked author for this post.
      • #2263931
        anonymous
        Guest

        Hello,

        I would really love to install the W7 ESUs, but have seen a report that they break Sandboxie.

        htxxs://community.sophos.com/products/sandboxie/f/forum/119455/can-t-install-any-version-on-win7-with-windows-7-extended-security-updates-esu

        Any help would be very much appreciated.

        Many thanks 🙂 .

      • #2264043
        EP
        AskWoody_MVP

        contact Sophos about the problem between Sandboxie & Win7 ESU

      • #2264069
        anonymous
        Guest

        Hi @EP. Thanks for the reply.

        Unfortunately, Sophos are no longer supporting Sandboxie. Thought I’d take a chance there might be a Sandboxie user or two hereabouts, that might be able to confirm if it works with the W7 ESUs, or not.

      • #2264316
        glnz
        AskWoody Plus

        So I have now run the APRIL updates on my wife’s Win 7 Pro 64-bit PC in her SOHO.

        BUT … normal Windows Update is now prompting me to install this update from 2014:

        System Update Readiness Tool for Windows 7 for x64-based Systems (KB947821) [May 2014]

        This tool is being offered because an inconsistency was found in the Windows servicing store which may prevent the successful installation of future updates, service packs, and software. This tool checks your computer for such inconsistencies and tries to resolve issues if found.

        More information:   https://support.microsoft.com/kb/947821

        I do not recall seeing anything like this when I ran the last normal Group A rollup update in January.

        ALSO … just now, when I used this tool to install the April updates (KB4550738 and KB4550964), I was NOT prompted to reboot.  Is that expected?  I rebooted anyway.

        Any thoughts about these two?  Thanks.

        • This reply was modified 8 months ago by glnz.
        • This reply was modified 3 months ago by Kirsty.
      • #2264320
        PKCano
        Manager

        Hide KB947821, you don’t need it.

        ALSO … just now, when I used this tool to install the April updates (KB4550738 and KB4550964), I was NOT prompted to reboot. Is that expected? I rebooted anyway.

        The prompt to reboot is not the one you used to see when using regular updates. It is only a line at the bottom of the Command Prompt when it finishes install telling you a reboot is necessary for the changes to take place.

      • #2264325
        glnz
        AskWoody Plus

        PKCano – thanks again.

        Just to be clear, when this special ESU tool finished installing KB4550738 and KB4550964, I did not get ANY prompt to reboot, including in the cmd window.  But since I thought these two included the April Group A rollup, I had expected a prompt somewhere to reboot.

        So – was NO prompt to reboot expected for the April Group A rollup?  Or did I have the Group B security-only update only (which would be wrong for me)?

      • #2264326
        PKCano
        Manager

        KB4550964 is the Rollup and KB4550738 is the correct SSU for April.
        You did good to reboot.
        Check Installed Updates to be sure both installed correctly. If so, you should be fine.

      • #2264327
        glnz
        AskWoody Plus

        PKCano – yes – both are listed in Installed Updates.  So I feel fine!  Thanks!!!

      • #2264328
        glnz
        AskWoody Plus

        New question – when Woody gives us the Defcon3 “go ahead” for the May updates, should we use this special tool also to install

        4538483    5/9/2020   SPECIAL ESU UPDATE  (from Susan Bradley’s patch list)

        Or does abbodi86’s special tool NOT need that?

      • #2264336
        abbodi86
        AskWoody_MVP

        KB4538483 is not needed for manual installation of ESU updates, until now at least

        but it will not hurt to install it

        2 users thanked author for this post.
      • #2264385
        Mattchu
        AskWoody Lounger

        Cheers RDRguy, never knew the board formatted quotation marks differently in visual or plain, I will remember to do plain next time if there are any “” 🙂  It even messes up when you put 2 single quotation marks in sentences, like I`m, etc…

        1 user thanked author for this post.
        KP
      • #2264478
        glnz
        AskWoody Plus

        Finished using this on our third and final Win 7 Pro 64-bit PC, a slow Dell Optiplex 3010.

        Two odd small consequences —

        1) In Belarc Advisor, the long list of installed updates to Win 7 is gone.

        2) Normal Windows Update is now showing me “Update for Windows 7 for x64-based Systems (KB2952664),” whose MS article is captioned “Compatibility update for keeping Windows up-to-date in Windows 7”, and whose WUD Details say it has been superseded by numerous Monthly Security Quality Updates (rollups), including the 04-20 one I just installed using this tool.

        Just a bit of static, I suppose.

        • This reply was modified 8 months ago by glnz.
      • #2264480
        PKCano
        Manager

        KB2952664 functionality has been included in the Win7 Rollup since Sept or Oct of 2018 (I think). That would supersede the any older copy of the stand-alone patch.

      • #2264492
        glnz
        AskWoody Plus

        PKCano – I am guessing that KB2952664 has shown up because something in the special tool or the 04-2020 update deleted the long historic list of past updates, so the PC is not picking up that the superseding Monthly Security Quality Updates were installed.

        Is there a way to get the old list restored to wherever it used to be?

      • #2264558
        Qnu
        AskWoody Lounger

        Can you link me to the post, I don’t see it. 😮

      • #2264585
        abbodi86
        AskWoody_MVP

        W7ESUI don’t clean or remove any update history 🙂

        KB2952664 show up in WU because of missing metadata for ESU updates

        meaning, on metadata level, WU has knowledge only for 2020-01 Monthly Rollup KB4534310, but now 4534310 is superseded by the manually installed 2020-05 Monthly Rollup KB4556836
        which lead to WU thinking that KB2952664 is not superseded

        3 users thanked author for this post.
      • #2264590
        glnz
        AskWoody Plus

        abbodi86 – you are correct, and I owe you an apology.  I rechecked, and in Belarc Advisor, the long Win 7 update history has returned.

        Thanks for your explanation, and thanks with BIG KISSES WITH NO SOCIAL DISTANCE for your update tool.

        … And let me add that this thread is a great reason for everyone reading this to donate a little something to Askwoody, as I have.  A little something multiplied by each of us would let Woody and PKCano have a much-deserved vacation (as long as they don’t take breaks at the same time).

        • This reply was modified 8 months ago by glnz.
      • #2265295
        Larry B
        AskWoody Lounger

        Keep getting error 1188 “Element not found”.  KB4490628 and KB4474419 are both installed.  I tried to install kb4550738-x64 and kb4550964-x64 using the script.

      • #2265299
        PKCano
        Manager

        Create a folder.
        Put kb4550738 April SSU, kb4550964 April Rollup in the folder.
        Extract W7ESUI.cmd from the zip file, or extract the whole zip file.
        Copy or move W7ESUI.cmd and place it in the same folder.
        Right-click on W7ESUI.cmd and “Run as administrator”
        In the cmd window press 0 (zero) and wait for the script to run.
        When it is finished, press 9 to exit.
        Reboot the computer.

      • #2265334
        Larry B
        Guest

        All of those were in a folder I was running from a USB drive.  I will try putting that folder on my HDD, not sure if that will make a difference.

      • #2265349
        Larry B
        Guest

        Putting the same folder from my USB drive on my HDD did the trick.  On another PC I installed this from another partition on the same HDD with no issues, but a USB drive with >26GB of free space would not work.

      • #2268380
        Moonbear
        AskWoody Lounger

        Where do I need to put the bypass switch to get 4.7 to install?

        Do I need to run the switch in a command prompt?

      • #2268381
        PKCano
        Manager

        You do it the same way you do “sfc /scannow”
        You run “filename /bypass”
        One easy way is to make a shortcut to the file, right click on the shortcut, choose properties.
        In the “target” box where it shows the file name, add the bypass switch to the end of the string.
        Click OK and double click on the shortcut.

        See @mattchu in #2262363.

        1 user thanked author for this post.
      • #2268384
        Moonbear
        AskWoody Lounger

        Cheers, PK

        You are a life saver!

      • #2268391
        Geo
        AskWoody Plus

        The easier thing to do is pay about $25 for 0patch pro.

      • #2268424
        Mattchu
        AskWoody Lounger

        Sanboxie user here and I can report no problems with the latest Sbie [5.33.3] and windows 7 updates up to May, x32 and x64 using the above script. Not sure about the official ESU way though!

        Good luck.

        1 user thanked author for this post.
      • #2268480
        glnz
        AskWoody Plus

        So now that we are Defcon 4 for the May patches, I am running this installer script for KB4555449 and KB4556836 on one of my Win 7 Pro 64-bit machines.

        However, Susan B also recommends
        >>>>  4556399   5/12/2020   Install   .NET Framework security/quality update

        When I went to download that from MS Update Catalog, the subwindow that popped up showed me at least ten sub-files, and I don’t know which one(s) to pick.  The dotnet.exe tool says I have these versions of .NET on my machine:  2.0,  3.0,  3.5 and 4.8.

        So, what should I do?  Thanks.

      • #2268482
        PKCano
        Manager

        You need KB4552940 (3.5) and KB4252921 (4.8).

        KB 4556399 is a Rollup – it is a bundle of updates for the different versions of .NET.
        When you go to the Catalog, instead of clicking on “Download,” click on the Namd of the update. In the popup choose “More Information.”
        That will take you to the MS Support page for that Rollup and an explanation of which patch is for which version.

      • #2268485
        glnz
        AskWoody Plus

        Thank you, PKCano.  I see what you mean.

        Now, should I put those two KBs into abbodi86’s Standalone ESU tool on this thread and run it again, or should I go to the other thread about .NET and follow those odd instructions?  (And where is that again?)

      • #2268486
        PKCano
        Manager

        See #2263345. The only difference, you will be using 4.8 in place of 4.7.

      • #2268673
        glnz
        AskWoody Plus

        Just FYI that, after running abbodi86’s tool for the May updates in my third Win 7 Pro 64-bit machine (a Dell Optiplex 3010 with 8GB RAM), the May updates show in Installed Updates, but the long list of historic updates in Belarc Advisor is now mostly gone – none of the Win 7 updates show, from 2014 to now.  This has continued after a reboot, etc.

        The last time, they came back after a while.  But not yet this time.

        • This reply was modified 7 months, 2 weeks ago by glnz.
      • #2268737
        glnz
        AskWoody Plus

        Update – checked that machine again, and Belarc Advisor got back its long list of Windows 7 updates.

        abbodi86 and PKCano – curious whether you might have a guess as to why this happens.

        But I’m super-happy about doing these updates – many thanks again.

      • #2268741
        Silenus
        AskWoody Lounger

        Hello to all member of AskWoody.com! This is my first post here, though I’ve been following this site from long ago.

        I wanted to thank everyone who made and refine this tool to let us keep using our beloved OS.

        I’ve never update my system since ESU came in, so here’s what I did. I put the following files in the same folder as the installer:

        • February SO Update – KB4537813
        • March SO Update – KB4541500
        • April SO Update – KB4550965
        • May SO Update – KB4556843
        • May IE Update – KB4556798
        • .NET 3.5.1 Update – KB4552940
        • May SSU – KB4555449

        then ran it as administrator. Everything went super smooth, and these updates appear on the installed list in Windows Update.

        Then I’ve installed .NET 4.7 Update (KB4552919) as explained here.

        Again, everything was good, and my PC seems to run perfectly fine.

        I did not install March and April SSU. Do I need them?

        Is there any other important update that I miss?

        Thanks again!

        1 user thanked author for this post.
      • #2268745
        PKCano
        Manager

        You only need the latest (May) SSU.
        Looks like you are up to date.

        1 user thanked author for this post.
      • #2270211
        Cybertooth
        AskWoody Plus

        May I suggest a KB-style article that lists all of the files needed each month to keep a Windows 7 system up to date with @abbodi86‘s method? This would include not only Windows and IE11 patches, but also any new .NET patches and whatever else comes down the chute–especially the SSU for the corresponding month and any new versions of the installation script.

        Having everything (or at least the links for it) together in one place would save considerable time hunting around for this bit “here” and that bit “over there.” A thread such as this one that’s currently running to 257 replies may not be the most practical method for listing new files, as they inevitably get buried in an avalanche of new comments and questions.

        At the very least, it would be helpful to formally and regularly post availability of, and links for, the new SSU in a predictable place. The reason I’m asking is that two days ago, I installed the May patches on a Win7 laptop without problems. But today I used the same folder containing the same files (copied over, of course) on a different Win7 machine, and the installation kept failing. Eventually, I discovered somehow that another new SSU had been released, and put that in the folder for May, and then the installation worked. But then, why did the installation of the same set of patches (minus the May SSU) work just fine on the first laptop?

        The greatest benefit IMO would come from posting announcements and links to each month’s new SSU in a fixed location. If this is already taking place, please let me know the page so that I can bookmark it.

        Thank you.

         

        • This reply was modified 7 months, 2 weeks ago by Cybertooth.
        4 users thanked author for this post.
      • #2271066
        WSandrewcee
        AskWoody Lounger

        Any help here would be appreciated – I have been able to install all updates up to May 2020 on Win7 x86  ( old machine ) However now when I run W7ESUI.cmd ( 0.2 version) it won’t accept the 0 to proceed with install ( but it will accept 9 to exit )….I am running 0patch (free) as well – I have tried disabling it to run the command with the same result…any ideas would be very appreciated ( the keyboard works fine )

        Thanks

      • #2271071
        PKCano
        Manager

        You need to wait on the installation of the June patches until @abbodi86 has a chance to evaluate the situation. DO NOT try to install the June patches yet.

        UPDATE: It appears that W7ESUI_0.2 still works for June patches.

        • This reply was modified 7 months, 1 week ago by PKCano.
        • This reply was modified 7 months, 1 week ago by Kirsty.
        2 users thanked author for this post.
      • #2271072
        abbodi86
        AskWoody_MVP

        The script won’t proceed if required options are not met, specially “updates location”

        can you post screenshoot of cmd window?

        1 user thanked author for this post.
      • #2271097
        EP
        AskWoody_MVP

        Here from MS Update Catalog, Qnu. KB4538483 is only available from the MS Catalog site & WSUS and not available thru Windows Update

        manually download the 5-5-2020 version of KB4538483 for your Win7 system, install it and reboot

        • This reply was modified 7 months, 1 week ago by EP.
        • This reply was modified 7 months, 1 week ago by EP.
      • #2271100
        EP
        AskWoody_MVP

        see if this helps, Larry B

      • #2271103
        alpha128
        AskWoody Plus

        “May I suggest a KB-style article that lists all of the files needed each month to keep a Windows 7 system up to date with @abbodi86‘s method? This would include not only Windows and IE11 patches, but also any new .NET patches and whatever else comes down the chute–especially the SSU for the corresponding month… – Cybertooth

        Plus Members like us can use Susan Bradley’s month-end master patch list for this purpose, e.g., 2020-05-29-Pre-Win10-Updates-.pdf

        Susan’s file includes links to the Microsoft support pages for all the various patches.  That’s what I used to locate and download the appropriate 2020-05 updates from the Microsoft Update catalog.

        • This reply was modified 7 months, 1 week ago by alpha128.
        • This reply was modified 7 months, 1 week ago by alpha128.
        • This reply was modified 7 months, 1 week ago by alpha128.
        1 user thanked author for this post.
      • #2271136
        Cybertooth
        AskWoody Plus

        Thanks @alpha128, the Master Patch List does give all the MS patches for the month, and that’s good. However, note that using this method involves:

        1. Visiting the Master Patch List page, from where one then
        2. Clicks on the link for the PDF list, which contains links that
        3. Lead one to a MS Support page that still doesn’t provide a download link to the actual patches (example). You need to look around the page to locate the link for the listings to that patch on the MS Update Catalog, then
        4. Click on that link, and then finally once on the Update Catalog listings
        5. Click on the download link for the patch.

        This is a rather more cumbersome process than, for example, the AKB2000003 page for Group W patchers, which not only lists the patches but also provides direct links to the patches on the MS Update Catalog. Relative to the Master Patch List procedure, this saves three steps (clicking on a PDF, then clicking on a MS Support page, then clicking to reach the Update Catalog list).

        And of course, the Master Patch List doesn’t mention updated versions of the W7ESUI script, of which there have now been two versions and doubtlessly will be more in the future. So this still involves looking in a variety of places for all the parts.

        Remember, the suggestion is to have a single place listing everything that’s needed to keep Windows 7 patched. Basically, a page that combines the completeness of the Master Patch List with the simplicity of the AKB system–and throws in the W7ESUI to boot.

         

      • #2271156
        WSandrewcee
        AskWoody Lounger

        When I try that ( shift+right click ” copy as path ” to the folder ) it says “specified location is not valid”

        Attachments:
      • #2271161
        PKCano
        Manager

        Have any of you looked at the first post in the Patch Tuesday Main Blog thread?
        Most of what you need is listed there with download links.

        That happens every month, thank you very much.

        2 users thanked author for this post.
      • #2271164
        Paul T
        AskWoody MVP

        All the update files need to be in the same folder as W7ESUI. If not you need to specify the location of the update files.

        cheers, Paul

      • #2271176
        Mattchu
        AskWoody Lounger

        Just wanted to confirm the June updates worked for me using the V2 script [not tried the V1].

        Win7 x64 and x32 Security + cumulative all installed fine 🙂

        Couldn`t find a June SSU for Windows 7

        Matt

        Attachments:
        1 user thanked author for this post.
        KP
      • #2271179
        PKCano
        Manager
      • #2271196
        alpha128
        AskWoody Plus

        “Remember, the suggestion is to have a single place listing everything that’s needed to keep Windows 7 patched. Basically, a page that combines the completeness of the Master Patch List with the simplicity of the AKB system–and throws in the W7ESUI to boot.” – Cybertooth

        The procedure I outlined above isn’t that onerous.  A find for the word “catalog” on each support page takes you right to the updates you need.

        For April, I just searched the Update Catalog for “2020-04 Windows 7 x64” and was able to easily find the needed patches.  But a search for “2020-05 Windows 7 x64” produced a long confusing list, and I discovered that using the Master Patch list for this purpose is much easier.

        About the only thing the Master Patch list lacks is info about the W7ESUI script itself, so I just check the opening post of this thread for updates to the script.

      • #2271197
        Mattchu
        AskWoody Lounger

        Cheers bud, I did a search but couldn`t see any after May…Got to run the script several times again now, but hey ho… 🙂

      • #2271198
        PKCano
        Manager
      • #2271199
        PKCano
        Manager
      • #2271200
        PKCano
        Manager
      • #2271235
        WSandrewcee
        AskWoody Lounger

        All the update files need to be in the same folder as W7ESUI. If not you need to specify the location of the update files.

        cheers, Paul

        They are – there are 2 update files and the installer .cmd in that folder ( and only that )

      • #2271241
        Cybertooth
        AskWoody Plus

        Have any of you looked at the first post in the Patch Tuesday Main Blog thread? Most of what you need is listed there with download links.

        The answer to the question is, “No.”  🙂  Reason is, I wait for Woody to set the MS-DEFCON level above 2. But then, by the time that happens, the blog post announcing the patches, and its associated discussion thread, are long since buried in the silt of newer posts.

        And one would still have to find out if there is an updated W7ESUI script.

        That’s why it would be preferable to have a single place that puts all of this together. Heck, I’d even be willing to do the work myself, to save others the effort of gathering the parts every month. But again, like an AKB it would have to be a singular, fixed location where users know they can go to each month for the needed information.

        The idea is to make it as easy and convenient as possible for the user to get this done.

         

      • #2271242
        PKCano
        Manager

        Do you have the May SSU KB4555449 installed? It is a prereq for the June patches.
        If all are in the same folder, in an elevated Command Prompt, all you have to do is press 0 (zero). You don’t have to change any of the other settings.

      • #2271243
        PKCano
        Manager

        The updated script is always HERE.
        The patches for the month are released on Patch Tuesday.
        If you want a list of the patches, look on the Patch Tuesday for the month you want the patches.
        As a matter of fact, you could even download them and save them (in the folder you intend to use for the updates) on Patch Tuesday, then wait for the DEFCON to change.

      • #2271312
        SueW
        AskWoody Plus

        @Mattchu, PK included the link in her response to you as it contains the June SSU download links. Just download whichever ‘bittedness’ you need and add it to the folder along with your script.

        Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'
        • This reply was modified 7 months, 1 week ago by SueW.
        1 user thanked author for this post.
      • #2272382
        Steve
        AskWoody Lounger

        Whew.
        A big ‘thank you’ to abbodi86 for this installer.
        One of the major disruptions of the COVID-19 pandemic was that the “Stay at home” command meant I could not go to a venue to download these Windows® 7 ESU patches. Yes people, the only connection from the abode here to the Internet is a v.92 one.
        No way I could download all of these patches (or for that matter, the newest versions of Firefox and TorBrowser) in any semblance of reasonable time.
        The pandemic even shut down the Chicago Public Library branch where I could (and have) do this.
        I’m keenly considering writing my Aldercritter. Yes, he has a few more crucial items now on his list, but I will allege that broadband internet connectivity is a utility, necessary as much as electricity and home heating. It is pathetic that the choices for broadband connectivity here is limited to corporations earning windfall profits for their abysmal product; laden with impossible to avoid fees, requiring two-year contracts, and dramatically escalating monthly charges with ‘cancellation‘ fees equal to the cost of the service if the contract was not cancelled.
        I was without broadband internet access for 90 days. This past week, the Library finally reopened. Thankfully, it was not vandalized. However, due to its closed-air circulation, a patron is limited to one hour inside.
        Downloading all these updates via the Library’s wi-fi network (onto a flash drive inserted into my Windows® 8.1 laptop) took 57:36. Yikes.
        Bringing it back here and setting it up to execute was simple to follow. I have put prior updates from Microsoft into a specified folder, and that is where abbodi86’s script and the seventeen patches (February [Win7], March, April, May) went. I would have downloaded June’s, but owing to how little time I had left, did not.
        The program ran exactly as described. (I also enjoyed the magenta text.)
        Here is the picture of the patches installed on this Windows® 7 computer
        (I also installed the regular patches on Windows® 8.1; but they are not shown in this picture.) This computer is finally caught up.

        Mod edit: Pic now removed as external link target has changed.

        Important links you can use, without all the fluff or sales pitch = https://v.gd/sdr34
        4 users thanked author for this post.
      • #2273738
        Qnu
        AskWoody Lounger

        That’s a good idea, I did just that because I usually wait 1 month before installing. 🙂

      • #2274038
        Microfix
        AskWoody MVP

        After an image backup, I gave this a try..
        RESULT! x86Pro Test

        RemovalofTemp

        Note for @abbodi86; close attention to screenshot above – minor really, Telemetry script didn’t appear on desktop upon douuble restart (no biggie) using the sandscript 😉

        SFCintegrity

        May the force AND your god be with you always!


        Problems controlling W!N10 updates:
        https://www.askwoody.com/forums/topic/2000016-guide-for-windows-update-settings-for-windows-10/
        Attachments:
        2 users thanked author for this post.
      • #2274291
        JimBean
        AskWoody Lounger

        Hi,

        W7 HP x64, W7ESUI_0.2.

        Installed:

        • Jun Service Stack update
        • Jun IE cumulative update
        • Feb – Jun SO updates
        • May .NET 3.5.1 SO update

        Everything ran super smooth, took about 25 mins. After reboot, ran  the Telemetry script.

        No problems to report. Very happy 🙂 .

        A thousand thanks, @abbodi86.

        -JB

        1 user thanked author for this post.
      • #2275523
        Moonbear
        AskWoody Lounger

        Is the a way to tell if we need any of the .NET patches every month?

        I ask since it seems highly likely that going forward we won’t be able to simply install the ESU script anymore, so if at all possible I’d dearly love the option to just skip them.

      • #2275525
        PKCano
        Manager

        If the updates are optional non-Security patches, it probably is not necessary to install them.

        If the updates are rated important = Security patches, I would recommend installing them.

        1 user thanked author for this post.
      • #2275544
        Moonbear
        AskWoody Lounger

        That’s exactly what I’m talking about.

        How do you tell if the update is recommended or not?

      • #2275545
        PKCano
        Manager

        It should have “Security” in the title if that’s what it is. Like “Security Rollup.” You can also look at the MS Support pages for information.

        2 users thanked author for this post.
      • #2275546
        Microfix
        AskWoody MVP

        Have a look at Susan Bradley’s Master Patch list.
        For instance: the last security/quality .net was in May kb4556399 and with this KB you can go directly to it in the catalog to download.
        Listings of just May updates excel/pdf/html
        Listings for that particular month shows what you need.


        Problems controlling W!N10 updates:
        https://www.askwoody.com/forums/topic/2000016-guide-for-windows-update-settings-for-windows-10/
        1 user thanked author for this post.
      • #2277199
        MrChaz
        AskWoody Lounger

        I’m intrigued now, our trusty Windows 7 Pro 32bit is patched up to the end of january 2020 running with a third party antivirus avira. Would it be advisable to disconnect from the internet and disable the antivirus before attempting this to avoid any security interference?

        I would image the system before attempting as a keeper for the future.

        illegitimi Non Carborundum
      • #2277215
        PKCano
        Manager

        Disconnecting from the Internet is OK after you download the updates from the Catalog. Be sure you have either 1. all Security-only updates plus the latest IE11 CU (see AKB2000003) or 2. the latest Rollup. You will also need the latest Servicing Stack.

        Disabling the AV is probably not necessary if it hasn’t given you any problems with updating in the past. But it certainly wouldn’t hurt to do it.

      • #2277415
        Paul T
        AskWoody MVP

        There is no point disconnecting as you are not turning off your standard protections.
        Turning off AV for the duration doesn’t mean your machine will rush off to download a bunch of bad files, unless you tell it to. 🙂

        cheers, Paul

        1 user thanked author for this post.
      • #2277715
        glnz
        AskWoody Plus

         

        All – Happy and relentlessly safe Fourth!

        I imagine we’ll soon see Woody’s DefCon “Go Ahead” for the June updates to Win 7.  Susan Bradley has already indicated corporate users can go ahead.

        Will aboddi86’s fabulous method work again?  Also the .NET method?

        Thanks!

         

        1 user thanked author for this post.
      • #2277716
        PKCano
        Manager

        @abbodi66 ‘s script work with the June updates. We’re just waiting on the DEFCON go-ahead from Woody.

        2 users thanked author for this post.
      • #2277886
        alpha128
        AskWoody Plus

        Susan Bradley’s latest Master Patch list already gave the go-ahead on the June updates.  So, on July 2nd, I used the script to install 2020-06 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4561643) and 2020-06 Servicing stack update (KB4562030).

        No problems with either the script or the updates it installed.

         

        1 user thanked author for this post.
      • #2277959
        Alex5723
        AskWoody Plus

        Susan Bradley’s latest Master Patch list already gave the go-ahead on the June updates.

        Susan Bradley’s OK is aimed at Businesses which have an IT department to thoroughly test monthly patches.
        Woody’s DefCon is aimed at small SMBs, home users…and June updates are still at Defcon = 2.

      • #2278098
        alpha128
        AskWoody Plus

        The MS DEFCON rating is one size fits all, while Susan’s Master Patch List is version and patch specific.

        You can wait if you want.

        But after waiting for almost a month, with Susan’s recommendation, and a three day holiday weekend, I went ahead.

      • #2278602
        glnz
        AskWoody Plus

         

        On our spare (test) Win 7 Pro 64-bit machine, I have just now installed KB4562030, KB4561603 and KB4561643.

        Thank you again abbodi86 and PKCano!!!  And Woody for making this all possible.  And Woody’s mom for making Woody possible !!!

        Reminder to all to donate!!!  I did, and it’s certainly worth it.

         

        2 users thanked author for this post.
      • #2278654
        anonymous
        Guest

        glnz wrote:
        On our spare (test) Win 7 Pro 64-bit machine, I have just now installed KB4562030, KB4561603 and KB4561643.

        KB4561603 is Jun’20 Cumulative Security Update for IE.
        KB4561643 is Jun’20 Cumulative Update/Monthly Rollup for Win7.

        Unless I’m mistaken, if you installed (or planned to install) KB4561643, then KB4561603 should be redundant and so shouldn’t need to be installed.

        Hope this helps.

      • #2278658
        PKCano
        Manager

        You are correct. The IE11 CU is included in the Rollup. You only need it if you install the Security-only Updates following Group B.

      • #2278724
        byteme
        AskWoody Plus

        Win7 Home Premium 64-bit. Group B.

        I neglected to report on the May updates, which I successfully installed using abbodi86’s script. That install also included the May .NET update — as a two-part task, with the script updating the older .NET versions and the separate .exe file we were linked to updating the bigger-than-4 .NET version. Or maybe it was the other way round; it’s been a month. In any case, I’m glad there isn’t a recommended .NET update every month.

        In fresher news, I have just installed the June SSU, Win7 update and IE update using abbodi86’s script — Version 1! (I’m old fashioned) — and all seems normal. Including the post-installation reboot, the whole process took around 35 minutes.

        The one little burp that’s maybe worth mentioning is that, as part of that post-installation reboot, I got a black screen that hung in there for quite a while, and for most (I think) of that time, there was a small message box in the upper left that said, “Setting up personalized settings for Windows Desktop Update.” I don’t recall ever seeing that message before, in any context — but in any case, the black screen yielded to my desktop after two or three minutes. And a while later I did another reboot, and it was completely normal.

        And I once again thank abbodi86 for his script.

        3 users thanked author for this post.
      • #2278765
        anonymous
        Guest

        Are there a June updates to NET Framework?  Specifically version(s) 3.5 and/or 4.8.

      • #2278767
        PKCano
        Manager

        No .NET updates for June.

        1 user thanked author for this post.
      • #2278858
        TonyC
        AskWoody Lounger

        While planning to do the June updates for my Windows 7 system, I have just noticed that W7ESUI_0.2 is available. Hitherto, ever since the February updates, I have been using W7ESUI_0.1.

        I presume that there is no problem switching to use W7ESUI_0.2 for the June updates instead of using W7ESUI_0.1?

        And I apologise if this is a daft question but is there any way of being informed when a new version of W7ESUI.cmd becomes available? Or is it simply a matter of inspecting this topic every month before doing my updates?

      • #2278865
        PKCano
        Manager

        Use W7ESUI_0.2 – it is not updated every month, only when necessary. So you have to keep watching.
        I think W7ESUI_0.2 covers .NET 3.5, but you have to install the later .NETs manually using the switch after the file. See @Mattchu ‘s post #2262363 for an easy way to do this.

        2 users thanked author for this post.
      • #2278889
        TonyC
        AskWoody Lounger

        Thank you for the reply.

        My Windows 7 system has only .NET 3.5.1 and, last month (for the May updates), W7ESUI_0.1 installed KB4552940 (the Security and Quality Rollup for .NET 3.5.1) without any problem. So I don’t need to worry about the later versions of .NET.

        Anyway, for the June updates, I will use W7ESUI_0.2.

      • #2279387
        jburk07
        AskWoody Plus

        Results for June 2020 Windows 7 patching:

        Win7 Home Premium x64:

        After the regular image backup, used abbodi86’s script to install the June Rollup KB4561643 and June SSU KB4562030. Took about 10 minutes including the restart and both patches are showing up in Installed Updates.

        I’m using primarily Linux Mint these days but I still occasionally need to use Windows 7 online. It’s great to be as up-to-date as possible. Thanks to abbodi86 and PKCano for all your help on this!

        Linux Mint Cinnamon 19.2
        Group A:
        Win7 Pro x64 SP1 Haswell, 0patch Pro, dual boot with Linux
        Win7 Home Premium x64 SP1 Ivy Bridge, 0patch Pro, mostly offline
        Win 10 Pro x64 v1909 Ivy Bridge, dual boot with Linux

        2 users thanked author for this post.
      • #2280070
        MrChaz
        AskWoody Lounger

        Feedback: Downloaded respective kb’s for my system from the catalog and disconnected from the internet. I then disabled the AV and other security measures and continued to carried out the whole procedure as instructed above by abbodi86. (May) SSU and dotnet security patch, (June) monthly security and quality patch and SSU

        Thank you sir, my reliable and trusty windows 7 lives on until hardware or MS decides.

        illegitimi Non Carborundum
        1 user thanked author for this post.
      • #2280450
        Mattchu
        AskWoody Lounger

        July updates installed successfully with the script. x64 Security [KB4565479 + KB4565539] and Cumulative [KB4565524] and x86 Cumalitive [KB4565524] done so far with no issues.

        Latest SSU [KB4565354] installed as well.

        Just the .net one to do now.

        6 users thanked author for this post.
      • #2280471
        Qnu
        AskWoody Lounger

        The 3.5.1 should work with the script again, right? Can someone post the “code” again to install the update for the 4.7.2 .net framework?

      • #2280473
        Microfix
        AskWoody MVP

        July patches KB4566466 for security only (askwoody group B)
        and KB4566517 for Security and monthly quality (askwoody Group A) 4.7.2 dotnet
        Remember to download the one that matches your OS x64 for 64bit or x86 for 32bit.


        Problems controlling W!N10 updates:
        https://www.askwoody.com/forums/topic/2000016-guide-for-windows-update-settings-for-windows-10/
      • #2280480
        PKCano
        Manager
        filename.exe /msioptions "ESU_LOCK=2D40812E-974C-4EA2-8DCC-63C992D505B9"

        UPDATE: See post #2280539 below:

        The ESU_LOCK workaround is removed and no longer working

        4 users thanked author for this post.
      • #2280508
        Qnu
        AskWoody Lounger

        Do you know why there are 2 versions for it in the KB4566517?

        windows6.1-kb4019990-x64_35cc310e81ef23439ba0ec1f11d7b71dd34adfe5.msu
        windows6.1-kb4565612-v2-x64_0b0093d044fe0b7bd96f45a9653be0375c7b7e97.msu
        The bottom one has “v2”.
        • This reply was modified 6 months, 1 week ago by Qnu.
      • #2280532
        abbodi86
        AskWoody_MVP

        KB4019990 is D3DCompiler_47.dll component update companion for .NET 4.8/4.7.2

        it should already be installed with .NET 4.8/4.7.2

        2 users thanked author for this post.
      • #2280538
        7ProSP1
        AskWoody Lounger

        Is anyone having issues installing the Security Only update for .NET Framework v4.5.2?

        I have followed the above instructions to the T (just like when the May Security Only .NET update for v4.5.2 was installed) but this time I keep getting a fatal error during installation message stating installation failed with error code: (0x80070643).

        If it makes any difference, I successfully installed the Security Only .NET update for v3.5.1 just prior to this.

      • #2280539
        abbodi86
        AskWoody_MVP

        The ESU_LOCK workaround is removed and no longer working

        2 users thanked author for this post.
      • #2280543
        7ProSP1
        AskWoody Lounger

        A-ha. It’s been driving me nuts trying to figure out what the problem might be, so this explains everything.

        I am confident, as I type this, there are great minds working on a fix to allow for the continued successful installation of security only .NET updates that relied on the previous ESU_WORKAROUND.

      • #2280551
        7ProSP1
        AskWoody Lounger

        Oops, I meant ESU_LOCK workaround (not ESU_WORKAROUND) above.

        Also, I noticed when downloading the Security Only .NET update for v4.5.2 (KB4565583) that a file named 32114089_6572f8ca4563143988d5e724d4632a35703c0975.cab was also presented. Is it necessary to download this as well and, if so, what does it do?

      • #2280580
        abbodi86
        AskWoody_MVP

        those cab files are WU metadata, not needed for us, they accidentally included them in MU catalog download

        there is no alternative for ESU_LOCK workaround, except using BypassESU v7
        not to be discussed here 🙂

        1 user thanked author for this post.
      • #2280583
        Moonbear
        AskWoody Lounger

        Can you give any possible insight into why MS is targeting the ..NET updates as the ones to mess with?

      • #2280655
        Qnu
        AskWoody Lounger

        Just to be sure: The 3.5.1 update should still work with your script since it didn’t rely on the workaround before, right?

      • #2280665
        PKCano
        Manager

        I believe the 3.5.1 .NET (.msu file) should install with the CU and SSU. The later versions of .NET (.exe files) will not install.

        2 users thanked author for this post.
      • #2280742
        Qnu
        AskWoody Lounger

        I have 3.5.1 and 4.7.2, so having one update is better than none I guess. But seems like I have to switch to Win10 soon, if I can’t get the 4.7.2 update to work. 🙁

      • #2280745
        PKCano
        Manager

        0Patch is an alternative to Microsoft updating. Check it out.

        1 user thanked author for this post.
      • #2280813
        7ProSP1
        AskWoody Lounger

        Yes indeed, that is my experience exactly as the v3.5.1 .NET Security Only (.msu file) installed successfully while the later version of .NET (.exe file, v4.5.2 Security Only in my case) would not install.

        Interestingly, I had neither the June nor July SSU installed and the v3.5.1 .NET Security Only update installed just fine using the May SSU.

        YMMV, I suppose.

        • This reply was modified 6 months, 1 week ago by 7ProSP1.
      • #2280885
        abbodi86
        AskWoody_MVP

        It’s not targeting particularly
        they put same effort to validate ESU licenses in both Windows and .NET 4 updates

        but the design of Windows updates and WinSxS component store, allowed us to find a way to suppress the validation check
        that’s cannot be done with .NET 4 updates

        there are two ways to bypass the validation for .NET 4
        1- use external BypassESU hook
        2- create administrative installation including the updates

        the first one allow to install .NET 4 updates directly
        while the second way require uninstalling .NET 4 Framework, then reinstall the created updated pack

        3 users thanked author for this post.
      • #2280911
        Moonbear
        AskWoody Lounger

        Option 2 sounds like it’d be way above my pay-grade.

        The thought of uninstalling anything as deep in the system as a .NET package makes me very nervous.

        I thought the ESU bypass for the .NET updates wasn’t working anymore?

      • #2281099
        abbodi86
        AskWoody_MVP

        The built-in workaround in May .NET 4 updates is the one not working anymore

        .NET 4 ESU Bypass is external tool, was and still working

        1 user thanked author for this post.
      • #2281139
        Moonbear
        AskWoody Lounger

        Is there any chance of a new workaround like the one for the May updates?

      • #2281144
        abbodi86
        AskWoody_MVP

        I already listed the only two ways

        2 users thanked author for this post.
      • #2281224
        Moonbear
        AskWoody Lounger

        If I were to begin using 0patch PRO, will I still need to install the monthly updates?

      • #2281251
        Alex5723
        AskWoody Plus

        No. 0Patch pro takes care of any Windows 7 and even 3rd party software, updates.

        1 user thanked author for this post.
      • #2281507
        Microfix
        AskWoody MVP

        Using the external BypassESU hook works for x86 with all pre-requesits 🙂
        however, on x64 with all pre-requesits, it fails 🙁
        screenshot of x86 post unhook:
        DotNET-July

        EDIT 21st July: Winx64 .NET update succesful on 2 devices over the w/end, happy days!


        Problems controlling W!N10 updates:
        https://www.askwoody.com/forums/topic/2000016-guide-for-windows-update-settings-for-windows-10/
        • This reply was modified 6 months ago by Microfix.
        • This reply was modified 6 months ago by Microfix.
        Attachments:
        1 user thanked author for this post.
      • #2281524
        Guest
        AskWoody Lounger

        Thank you for this script.

        Well written also as I had Malwarebytes block it as ransomware (had to exclude it) when it was nearly complete (during the cleanup stage) so I had to run it again. It was much faster the second go around as it recognized what was previously installed so basically just double checked everything and then picked up where it left off.

        I did notice for me, that the neutralize telemetry run once file didn’t catch everything so did some additional cleanup based on the other thread here and the other wintel file also.

        One question, I noticed in Event Viewer a couple of listings for the following. These are as expected for some of the patches (I hadn’t updated since February)?

        Reservation for namespace identified by URL prefix http://+:80/Temporary_Listen_Addresses/ was successfully added.
        Reservation for namespace identified by URL prefix http://*:2869/ was successfully added.

      • #2281527
        abbodi86
        AskWoody_MVP
      • #2281894
        PKCano
        Manager

        Successfully installed the Rollup, the SSU, .NET 3.5 on both 32-bit and 64-bit Win7 Pro SP1 using W7ESUI_0.2.
        Successfully installed .NET 4.7 (KB4565623 v4.6-4.7.2) on both 32-bit and 64-bit Win7 Pro SP1 using dotNetFx4_ESU_Installer.

        I created two folders in the root of the C: drive, one for the OS and .NET 3.5 updates, one for the .NET 4.7.2 updates, along with the .cmd that was applicable.
        I installed the Rollup, SSU, and .NET 3.5 first, then without rebooting, installed .NET 4.7.2.
        After the install completed, I rebooted and verified the successful install.
        Removed the install folders from the C: drive.

        Correction: I was mistaken. On a second inspection, I realize the 64-bit KB4565623 for .NET 4.6-4.7.2 did NOT install.

        • This reply was modified 6 months ago by PKCano.
        • This reply was modified 6 months ago by Kirsty.
        3 users thanked author for this post.
      • #2281924
        KP
        AskWoody Plus

        I did not know about dotNetFx4_ESU_Installer. Here is a link to it:

        https://host-a.net/f/247682-dotnetfx4esuinstallerzip . You can also find it via a Google search.

        1 user thanked author for this post.
      • #2282005
        abbodi86
        AskWoody_MVP

        dotNetFx4_ESU_Installer is just automated script for the ESU_LOCK workaround, which no longer works for July updates

      • #2282080
        7ProSP1
        AskWoody Lounger

        As mentioned previously, this has been my experience exactly.

        How were you able to get your .NET 4.7.2 update to install using the dotNetFx4_ESU_Installer on 64 bit Windows 7 as you described above, @PKCano?

        As I understand it, there’s no issue installing the July .NET 4.x updates on 32 bit versions of Windows 7, only the 64 bit variety, correct?

      • #2282233
        Microfix
        AskWoody MVP

        ok, I managed to get the x64 .NET 4.5.2 in for July on two devices.
        How I done it was:
        Restarted the device and do absolutely nothing other than:
        go to services, stop BITS, Cryptographic Services and WU whilst offline.
        then use the dotNetFx4_ESU_Installer and do everything in the readme file as admin
        even install the .exe as admin.
        Worked a treat here 🙂


        Problems controlling W!N10 updates:
        https://www.askwoody.com/forums/topic/2000016-guide-for-windows-update-settings-for-windows-10/
      • #2282263
        7ProSP1
        AskWoody Lounger

        @Microfix:

        Using Windows 7 x64, I followed your steps exactly as you listed them and after the dotNetFx4_ESU_Installer finished doing its thing, it said “done”; however, upon going to Windows Update → View update history → Installed Updates, the .NET update for 4.x is, in fact, NOT listed.

        Thinking I did something wrong, I rebooted and re-did the steps with the same result but this time I noticed the word “rollback” flashed very quickly in the bottom left corner of the Microsoft .NET framework installer screen.

        An error screen is not shown using the dotNetFx4_ESU_Installer script (as when you try to install the .NET 4.x updates manually using the filename.exe /msioptions “ESU_LOCK=2D40812E-974C-4EA2-8DCC-63C992D505B9” command), so anyone would conclude the installation was successful; unfortunately, this is not the case and, as @abbodi86 stated above, “dotNetFx4_ESU_Installer… no longer works for July updates.”

        Microsoft is supposedly working on a fix to allow for the successful installation of the July .NET 4.x updates on Windows 7 x64 systems as they are failing on all of them at the moment. Maybe @abbodi86 will beat them to the punch. 🙂

      • #2282269
        Microfix
        AskWoody MVP

        Looks like you checked the wrong thing as WU isn’t reliable for checking updates installed.
        check control panel> Programs Features> Installed updates instead.
        The ESU_Lock no longer works for July, it’s stated further up this thread but the dotNetFx4_ESU_Installer does work! see #2282005 🙂


        Problems controlling W!N10 updates:
        https://www.askwoody.com/forums/topic/2000016-guide-for-windows-update-settings-for-windows-10/
      • #2282283
        7ProSP1
        AskWoody Lounger

        In my above post, I went into Control Panel → Windows Update → View update history → Installed Updates (which brings me to the same screen as Control Panel → Programs Features → Installed updates) and Under Microsoft .NET Framework, and after following all your helpful steps and advice, the July update is still NOT listed.

        I don’t understand where I’m going wrong or what I’m doing wrong. If you don’t mind, could you please check your Installed Updates and/or provide a screenshot of your successful July .NET update install?

        • This reply was modified 6 months ago by 7ProSP1. Reason: fixed typo
        • This reply was modified 6 months ago by 7ProSP1.
      • #2282286
        Microfix
        AskWoody MVP

        W7x64NET
        Happily 🙂


        Problems controlling W!N10 updates:
        https://www.askwoody.com/forums/topic/2000016-guide-for-windows-update-settings-for-windows-10/
        Attachments:
      • #2282290
        7ProSP1
        AskWoody Lounger

        I notice in your screenshot that you installed the Security and Quality Rollups for all your installed .NET updates, while I have only installed and am trying to install the Security Only .NET update for July (KB4565583).

        I wonder if this difference is what may be causing my issue?

        It would be helpful if someone else here could try to duplicate the same result.

        • This reply was modified 6 months ago by 7ProSP1.
      • #2282291
        Moonbear
        AskWoody Lounger

        Go into Control Panel click Windows Update then look at the bottom and click Installed Updates.

        That will show you the list @Microfix is talking about.

        Hope this helps.

      • #2282294
        7ProSP1
        AskWoody Lounger

        I did what you said @Moonbear and the last .NET update I have installed is the Security Update for Microsoft .NET Framework 4.5.2 (KB4552952) on 05/14/2020.

        The July Security Update for Microsoft .NET Framework 4.5.2 (KB4565583) did not/will not install for me using the dotNetFx4_ESU_Installer.

      • #2282295
        Microfix
        AskWoody MVP

        check control panel> Programs Features> Installed updates instead.

        really! lol


        @PKCano
        will be along shortly to verify my findings and methodology 🙂


        Problems controlling W!N10 updates:
        https://www.askwoody.com/forums/topic/2000016-guide-for-windows-update-settings-for-windows-10/
      • #2282302
        7ProSP1
        AskWoody Lounger

        OK, I have checked this three ways now:

        Control Panel → Windows Update → View update history → Installed Updates

        Control Panel → Programs Features → Installed Updates

        Control Panel → Windows Update → Installed Updates (in the bottom left corner)

        The results, after following @Microfix ‘s steps, all tell me the exact same thing:

        The last .NET update I have installed is the Security Update for Microsoft .NET Framework 4.5.2 (KB4552952) on 05/14/2020.

      • #2282742
        anonymous
        Guest

        Hi to all.

        7ProSP1, I have your same problem while using the script.

        I tried to apply Microfix’s advice, but the installation log file still report error 1603.

        I’m on a 32 bit machine.

        1 user thanked author for this post.
      • #2282814
        Microfix
        AskWoody MVP

        On July 23, 2020, update KB4565583 v2 was released to replace v1 for .NET Framework 4.5.2 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and Windows Server 2008 SP2. The v1 update did not install for customers who had certain ESU configurations. The v2 update corrects the issue for customers who could not install the v1 update.

        Source: https://support.microsoft.com/en-us/help/4565583/kb4565583

        Remember, v1 needed some workarounds v2 may not??
        so you’re on your own here at MS-Defcon2


        Problems controlling W!N10 updates:
        https://www.askwoody.com/forums/topic/2000016-guide-for-windows-update-settings-for-windows-10/
        1 user thanked author for this post.
      • #2282819
        PKCano
        Manager

        There were version-2 for all the Win7 .NET updates (Rollup and Security-only, 4.5.2 to 4.8) released on 7/23/2020.

        1 user thanked author for this post.
      • #2282820
        Microfix
        AskWoody MVP

        Yes, that was only an example of what the MS support document states across all versions so that everyone could quickly view it.


        Problems controlling W!N10 updates:
        https://www.askwoody.com/forums/topic/2000016-guide-for-windows-update-settings-for-windows-10/
      • #2282849
        7ProSP1
        AskWoody Lounger

        Despite MS re-issuing all July .NET 4.x patches and following all steps and instructions here:

        Installation Did Not Succeed.

        Software update KB4565583 has not been installed because:

        Fatal error during installation.

        MSI returned 0x643
        Entering Function: MspInstallerT >::Rollback

        I would appreciate it if anyone else could report their results.

        I don’t know how you managed to get your July .NET update to install successfully, @Microfix, but I’m sure glad you were able to. 🙂

      • #2282924
        abbodi86
        AskWoody_MVP

        Non-ESU users cannot install the .NET updates without external bypass

        3 users thanked author for this post.
      • #2282957
        7ProSP1
        AskWoody Lounger

        I finally got the original version 1 of KB4565583 to successfully install using your revised dotNetFx4_ESU_Installer.

        • This reply was modified 5 months, 4 weeks ago by 7ProSP1. Reason: fixed typo
        • This reply was modified 5 months, 4 weeks ago by 7ProSP1.
      • #2283089
        anonymous
        Guest

        Link for the revised dotNetFx4_ESU_Installer please.

      • #2283107
        anonymous
        Guest

        A browser search will find it.

      • #2283265
        Qnu
        AskWoody Lounger

        A browser search will find it.

        Typed in “revised dotNetFx4_ESU_Installer”

        found 3 links with nothing of help.

      • #2283268
        PKCano
        Manager

        Search on “dotNetFx4_ESU_Installer”
        The name of the file is dotNetFx4_ESU_Installer_r

        2 users thanked author for this post.
      • #2283323
        alpha128
        AskWoody Plus

        I found it.

        The ReadMe.txt says, “Extract the zip file contents to a folder with simple path.”  What constitutes a simple path?  Is something like “2020-07-DotNet4” simple enough?

      • #2283325
        anonymous
        Guest

        alpha128 wrote:
        What constitutes a simple path?

        Maybe something like this?
        c:\temp\

        Or maybe this?
        c:\dnfx4\

        Hope this helps.

      • #2283331
        anonymous
        Guest

        A simple path would be any folder 1 or 2 levels deep in the drive’s root directory like c:\DotNet4 or maybe even c:\ESU\DotNet4 but c:\2020-07-DotNet4 would work just fine.

        A not so simple path might be a folder several levels deep and include spaces in the folders or sub-folders name(s) like c:\folder name 1\sub-folder name 1\sub-sub-folder name 2\etc-1\etc_2\etc~3

        In reality though, a complex folder path will still work just fine only it’ll require a lot more typing setting the administrators command prompt path to the location of the folder containing the extracted “.bat” command file in order to execute it.

        4 users thanked author for this post.
      • #2283366
        A1ex
        AskWoody Plus

        I found it ok and downloaded the zip file, but it’s password protected!

        A1ex

      • #2283381
        alpha128
        AskWoody Plus

        “A simple path would be any folder 1 or 2 levels deep in the drive’s root directory like c:\DotNet4 or ma