News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Got Questions about ESU patches? We got answers

    Posted on Susan Bradley Comment on the AskWoody Lounge

    Home Forums AskWoody support Windows Windows 7 Win7 beyond End-of-life Got Questions about ESU patches? We got answers

    Tagged: 

    This topic contains 57 replies, has 25 voices, and was last updated by  Susan Bradley 1 week, 1 day ago.

    • Author
      Posts
    • #2021811 Reply

      Susan Bradley
      AskWoody MVP

      If you have questions about buying Windows 7 Extended support patches, we have answers!  Ask them here!

      Susan Bradley Patch Lady

    • #2021883 Reply

      redknight
      AskWoody Plus

      What is the process to purchase?  Will your step-by-step article be published soon?

      • #2021983 Reply

        Susan Bradley
        AskWoody MVP

        Yes.  Look for it soon. The hardest part is finding a vendor to sell it to you.  Fortunately Amy Babinchak will help on that step.

        Susan Bradley Patch Lady

        2 users thanked author for this post.
        • #2022321 Reply

          “Yes. Look for it soon. The hardest part is finding a vendor to sell it to you. Fortunately Amy Babinchak will help on that step.”

          Susan, we’re rooting for you and Amy!! Can’t wait for the Step-By-Step! Thanks so much!

          Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode. ESU 1 yr."
          --
          "...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

    • #2021987 Reply

      LHiggins
      AskWoody Plus

      And still no relenting on patches for Win 7 Home users? I’m sure there are many Home users who would continue to pay for them.

      5 users thanked author for this post.
    • #2022141 Reply

      HanJohnJo
      AskWoody Plus

      So, for the moment Microsft tells us that the only two editions of Windows 7 that will be eligible for ESU are: (I) Professional; (II) Enterprise.

      https://support.microsoft.com/en-us/help/4527878/faq-about-extended-security-updates-for-windows-7

      I apologies for this post, but I’m insisting on this because i.m.o. the fact that Professional qualifies for ESU has not been said loud enough.

      Frangar non flectar

      • #2022149 Reply

        anonymous

        Please go to the main (“Home”) page here at Askwoody (www.askwoody.com) and read the post titled “Microsoft says it’ll sell Win7 Extended Security Updates to Ultimate users“. Pay particular attention to the entire third bullet point under the heading. It’s the one that starts with “ESU is available for Windows 7 Ultimate edition, and has been since ESU was first being sold…”. That will tell you why the word hasn’t been put out so well to folks.

        The discrepancy you point out in the link above to KB4527878 will probably be addressed by Microsoft, but it will probably take a few days for them to fix it this time of year.

    • #2022312 Reply

      PerthMike
      AskWoody Plus

      If it’s really that important to you to stay on Windows 7, and you’re willing to pay, then upgrade to Windows 7 Pro.

       

      Not exactly possible when the upgrade paths/products no longer exist.

      No matter where you go, there you are.

      1 user thanked author for this post.
      • #2022324 Reply

        PaulK
        AskWoody Lounger

        Yup.
        Clicking on: Control Panel > Windows Anytime Upgrade
        { or (Control Panel > System and Security > Windows Anytime Upgrade) if one uses the Category display }
        leads to the notation
        NotAvail

        Attachments:
        1 user thanked author for this post.
        • #2022512 Reply

          anonymous

          That is definitely a setback. However, what about using an ISO and in-place upgrade? Does that still work? If so, can you still find Win7 Pro license keys for sale, even if not directly from Microsoft?

          • #2134980 Reply

            EP
            AskWoody_MVP

            using the Win7 ISO method of doing in-place upgrade from Win7 Home to Win7 Pro still works
            but Win7’s anytime upgrade feature does it faster. I know from experience

      • #2022739 Reply

        ve2mrx
        AskWoody Plus

        Hi,

        Wouldn’t Windows 10 Pro downgrade rights work? Or has MS messed that path? They won’t provide you the media and key, but the licence would be valid?

        Martin

    • #2039541 Reply

      SvdH
      AskWoody Plus

      Hi,

      In an article of Office-Watch I read:
      Windows 7 running with Office 365 ProPlus will continue to get security updates, see below.
      Some Windows 7 machines will still get security patches for three more years.
      Any organizations running Office 365 ProPlus or Office 365 Business on Windows 7 SP1 devices will receive Win7 security-only updates through January 2023.
      But my CSP states that only Office 365 Business will get security patches on Windows 7 machines after the support for Win7 is ended.
      If I want Win7-patches I have to buy the ESU packet for each year.
      As you can imagine I’m rather confused by that. Anybody got a clear answer and/or a link to an article about this?
      Tia,

      Sjors

      • #2039634 Reply

        abbodi86
        AskWoody_MVP

        Misinterpreted

        Office 365 itself will get security updates (for free) until 2023
        Windows 7 will need ESU to get Windows security updates

        1 user thanked author for this post.
    • #2040175 Reply

      anonymous

      I’m just calling Microsoft Partners until they stop behaving like I’m speaking a foreign language.

      So far, no luck. The amount of time and money I’m losing from this EOL is terrible; I wish I could sue Microsoft for this terribly unnecessary problem.

    • #2042461 Reply

      anonymous

      hello All,

      does anyone know why after installing/activating ESU on air-gapped machines license status shows unlicensed, when you check ESU status by running below commend.  slmgr /dlv  looking forward to hear from you all.

      thank you,
      Edit to remove HTML. Please use the “Text” tab in the entry box when you copy/paste

      • #2044047 Reply

        Paul T
        AskWoody MVP

        I expect the ESU needs to be validated and that requires an internet connection, or a license manager server on site.

        cheers, Paul

    • #2042964 Reply

      anonymous

      Are you going to share contact information for a vendor that understands ESUs and can sell them?  Thanks!

    • #2043926 Reply

      jeanettef
      AskWoody Plus

      Does anyone happen to know whether after an ESU key is installed whether one’s set Window Update preferences or the like remain the same (in our case, “never check for updates” so that we have full control, and nothing is automatically checked or downloaded or installed), or whether our preferences will be overridden or changed (perhaps even without our knowledge and/or perhaps akin to a Windows 10 schema)?  We definitely want to maintain as much control as possible!  Thanks for your assistance!

      • #2045118 Reply

        abbodi86
        AskWoody_MVP

        There will be no change on Windows Update experience

        simply, when WU scan is initiated, it check if current edition is supported, then it check if ESU key is installed and activated

        if both rules are true, then the ESU update will be offered (most likely will be a Monthly Rollup)

        2 users thanked author for this post.
    • #2052937 Reply

      786NAd
      AskWoody Lounger

      Good morning,

      There will be no change on Windows Update experience

      simply, when WU scan is initiated, it check if current edition is supported, then it check if ESU key is installed and activated

      if both rules are true, then the ESU update will be offered (most likely will be a Monthly Rollup)

      After installing and Phone activating ESU MAK key on DMZ/ air gapped machines, which I also received a ” Activation Was Successful” message after activation. but when I check the E-S-U Activation status by running below commend. it says

      slmgr.vbs /dlv All         or            slmgr /dlv
      License Status :  Unlicensed

      Is this because they are not connected to internet or I have to take a different route to get license status show licensed.
      or if anyone had the some issue what you guys  did to fix it?
      looking forward to hear from you all soon.
      thank you,

    • #2053161 Reply

      Susan Bradley
      AskWoody MVP

      Are you the same person in the technet venue asking this question?  I’m not sure honestly myself, let me see if we can get any answers for you.  Hang loose.

      Susan Bradley Patch Lady

    • #2054897 Reply

      anonymous
      1. Once you have the Installation ID, call the <u>Microsoft Licensing Activation Center for your region</u>; they will walk you through the steps to get the Confirmation ID, note down the Confirmation ID.
      1. Use the Slmgr /atp <Confirmation ID> <ESU Activation ID> to activate the ESU SKU using the Confirmation Id obtained in the above step.

       

      1. After this step, ESU License is activated successfully (slmgr /dlv <Esu Activation Id> should show Licensed).

      Did you get a confirmation ID from the licensing center?

    • #2084305 Reply

      C2NC
      AskWoody Plus

      Thanks to this community, as of today, ESUs are installed and activated, but not licensed as discussed above.  Saved screen-shots of the confirmations.

      Does the presence of ESU show up elsewhere, such as control panel, programs, etc?  Just wondered if there is another way to verify.  Otherwise, will wait to see if I get notifications for any February patches.  Thank You.

    • #2085801 Reply

      XMan in NYC
      AskWoody Lounger

      Dear All,

      I have browsed this forum in an attempt to find an answer to my question but so far, I have not seen the topic addressed.  So, here is my situation.  I apologize in advance if that message is a little long but I want to make sure i give you enough info at once to avoid too many back and forth.

      The Facts

      1. I have a client with 90+ Windows 7 machines deployed in stores and being used as points of sales (POS)
      2. The Windows 7 OS built-in “Automatic Download & install Windows updates” has been purposely deactivated in each of these machines following the recommendation of the client IT department to avoid any potential and unforeseen interference that a windows update could create with the various programs installed on the POS.  Since these machines must be running like clock-work every day when the stores are operational, we can reasonably understand the rationale behind this decision to de-activate the “Automatic Windows Updates”
      3. No precaution/suggestion nor manual maintenance routine on how to regularly apply Windows and Security updates on these machines have been made by the client IT department.  Therefore, since some of these machines (more than 50% of them) have been deployed in mid-2017, none of them have, as of today, received any Windows Updates nor security updates since 2017
      4. Since the the client is not ready to upgrade its machines to Windows 10, they have decided to invest in the purchase of the Windows 7 ESU licenses that will need to be deployed on the 90+ machines

       

      My rationale and suggestion to the client and its IT department regarding the ESU deployment

      1. If you go to the expense of purchasing Windows 7 ESU licenses for 90+ machines, it is mainly to make sure that you keep receiving the new Windows Security patches/updates when they are released by Microsoft
      2. Since your machines have not been updated as they should have been for the last 2.5 years, your first step before even considering deploying the Windows 7 ESU should be to apply, if not all available Windows updates, at the very least all available Windows 7 security updates.  Doing so would plug any security hole that currently exist in your machines
      3. Failing to proceed with above step 2) not only potentially weakens the security shield of your POS machines but also defeats the purpose of buying the Windows 7 ESU licenses

       

      The position of the Client IT Department

      1. You should only install the pre-requisite Microsoft KBs and not bother with anything else

      Why do I face an endless debate with the client IT department

      1. The origin of this debate is mainly due to the sheer number of machines on which the Windows 7 ESU must be deployed and activated (90+)
      2. If we follow my suggestion, the simple fact of catching up with 2.5 years of missing windows security updates certainly represents a substantial increase of the necessary time/cost to spend on each machine
      3. I suspect that following my suggestion to apply all missing Security updates for the last 2.5 years puts the client IT department in a tough spot as they would need to explain the client executives why, if the Automatic Windows Updates mechanism has been purposely deactivated, a manual and controlled update process  has not been done on regular basis.  Doing so, would not only have better protected the machines but would also have minimized the cost of deploying the Windows 7 ESU today

      My simple questions to you

      1. Would you know if the ESU pre-requisite Microsoft KBs (4474419 SHA-2, 4490628, 4516655, 4519976) are enough to plug any and all security holes that have been left opened in machines not updated for the last 2.5 years? In other words, regardless of the windows security update status of any Windows 7 machine, whether it is a Win7 machine that has been regularly updated or not, should we consider the 4 pre-requisites Microsoft KBs as necessary and enough to protect the machines and keep them protected as new security patches are deployed or; should we consider these 4 Microsoft KBs only necessary to receive the future security updates but not enough to plug any past missing security holes in a machine if any?
      2. What would be your recommendation and/or best practice in this situation?

      Thanks in advance for your guided and educated feedback

      • #2085811 Reply

        PKCano
        Da Boss

        I believe one of the requirements for being eligible for the ESU is that the machines have to be up to date as of the final Cumulative update released before EOS/EOL. Unless I’m wrong, your clients do not qualify for ESU unless they are updated.

        1 user thanked author for this post.
        • #2085814 Reply

          Microfix
          Da Boss

          I’d also imagine everything IMPORTANT, SHA2, SSU’s and relevant Security patches will need to be satisfied prior to ESU authorization. Don’t want any holes in there now..

          Win7 Pro x64 | Win8.1 Pro x64 | Linux Hybrids x86/x64 | Win7 Pro x86 | W10 never again
        • #2085824 Reply

          XMan in NYC
          AskWoody Lounger

          Thanks PCKano,

          I was afraid you would say this.  What if  I download from the Microsoft Update Catalog all the security updates for the last 2.5 years and apply them manually to the machines.  Would these machines be then ready to accept ESU?

          But, at this point, my question becomes then, does this mean that the only way for these machines to be ready for ESU is by pluging in all security holes that have been discovered before?  Which would mean that the 4 Microsoft pre-requisite KBs are not enough.

          The only thing that I am trying to find out is: Do these 4 Microsoft pre-requisite KBs contain all security patches published by Microsoft in the last 2/5 years?

          • #2085831 Reply

            PKCano
            Da Boss

            The only thing I can say is take ONE machine, make a FULL DISK IMAGE BACKUP, apply those four patches, then apply for the ESU for that machine.

            If I thought one Cumulative Update, a SHA-2 patch and a couple of SSUs were sufficient to bring a Win7 computer up to date, I would not have steered these two posters through the process to update that I did. As an example, you might look through the processes in this thread and this thread. I pretty much gave reasons for why in each case.

            • #2085863 Reply

              XMan in NYC
              AskWoody Lounger

              Thanks Very Much PkCano,

               

              I did look at your posts and they do make a lot of sense.  I also felt that the 4 Microsoft KBs were not enough to bring the machines up to date but I have learned that sometimes intuitions, especially in the IT world can mislead you big time!!

              So, this is the reason why I have decided to ask experts what their thoughts were.

              I believe that you have been given me more than enough info to answer my question and I thank you dearly for that.

      • #2085832 Reply

        jabeattyauditor
        AskWoody Lounger

        Is it safe to assume all of these PCs have Internet access of some sort?

        If so, are they all behind incredibly-secure layers of protection?

        If the answers are “yes” and “no” respectively, I’d operate from the assumption that the devices are already compromised.

      • #2087686 Reply

        amybabinchak
        AskWoody_MVP

        I take it that you are a consultant to this company because you refer to them as client. In that case, whom do you really work for? If it is the business, then I would say that you are doing a disservice to the business to not expose the IT departments lack of patching management. While there can be some edge cases in which patches cause problems those are quickly resolved and patches should always be applied in the end.

        That the ESU requires patches be current is just a fact of life. Your concern shouldn’t be whether you’ll make the IT department uncomfortable but rather that the IT department has left the business vulnerable.

        I take a hard line on this as a consultant myself. I have a motto that we work by, “IT has no other purpose than to make a business great” Knowingly leaving vulnerabilities unpatched doesn’t meet that standard.

    • #2085813 Reply

      anonymous

      Most Windows 7 patches are cumulative.  So, installing them once does fix all of the previous security holes.  It is above my pay grade to say if those patches are necessary and enough.

      If they do not plan to ever install any future update, by logic, it is useless to buy and deploy the ESU.  However, a business does not have to operate on logic.  The person or people spending or deciding how to spend the money get to pick what they want, and they usually cannot be convinced, especially not by someone under them.

      If a customer or a regulator asks this business – what are you doing about the end of support – if they spend this money they can say “we have bought ESU.”  The cheapest option for the business is probably to buy it and never install it – that gives them the fig leaf to pretend they are covered, but none of the work.

      If there have not been major security breaches in the past in your own company, caused by not having installed the patches, there may be major resistance to spending on protecting against something that has never happened.

      The best practice going forward, if the will and team to properly deploy patches is not there, in my opinion is something like this.  Obviously automatic update doesn’t work because there would be complaints if there were reboots during the workday.  But it is easy to schedule updates to occur at night or close of business.  That would cost almost nothing.  There even may be cheap ways to update, but with a delay, the way Windows 10 now works.

      The question though that is hard to answer is – what is higher risk- being unpatched, or allowing a nightly update or weekly even, perhaps even monthly.  There are arguments for both sides, and in the end it really is a very important decision – pretending that you are doing a third option, manually updating, when you are not is just lying to yourself.  Someone very important in the company should understand the two paths, and pick one, and this is important – that person must be responsible for that choice.  Should it prove that they were wrong, it should be known who made that choice.  Or, if the third choice of doing manual updates is really preferred, someone will have to find the budget and the will to make sure it is done, and someone to verify that it is being done and people to be held to account if it is not.

      Also, even if you are using ESU, a plan needs to be made for what happens when that ends – even three more years can go by quickly.

    • #2085844 Reply

      XMan in NYC
      AskWoody Lounger

      Thanks very much for this long and thoughtful answer.  Indeed, I agree on all counts with the overall meaning of our answer.

      Some more info to keep in mind and without disclosing too much info on the client identity.

      The client is a fairly prominent retailer and as such, we can reasonably say that this company is certainly more exposed and/or at risk than the average small retailer with a one store operation.

      I agree with you that on paper, they could show the proof that they purchased the ESU licenses to show a gesture of good faith.  However, should there be a security breach in the retailer’s system and should that retailer face a legal pursuit, the simple fact of saying “I have bought the ESU licenses” would not go very far in any court, if one can show that they never bothered installing these ESU licenses.  Indeed, it would be judged the same way than someone, who operates a current Windows OS like Windows 10, as opposed to an EOL one, like Win 7, was to purposely not bother installing the Security patches when they are released.

      I do not want to digress into other potential issues that retailers need to face as well as rules that they need to comply with since their retail systems do interact with payment platforms but, if there is at least one critical thing that they do need to comply with it the payment Card Industry security guidelines.

      A simple outdated OS could simply make them fail the PCI compliance test which, in case of a security breach, exposes them to steep fines, potential heavy damage reparation fees and possibly the shut down of their business.

      I do realize that we are now well off the subject, since my original intent was mainly to know if the 4 Microsoft KBs  (4474419 SHA-2, 4490628, 4516655, 4519976) do contain all Windows Security patches that have been ever released prior the date of their own release but, I felt to give you a little more background info so that you can better understand what is at stake and what I am dealing with.

      As an advisor of the client, I strive to make careful and educated recommendations and this is the reason why before, strongly suggesting the client to go through the extra expense to deploy all security updates release for the last 2.5 years, I want to make sure that I am not telling them something which is not necessary.

      Thanks again for your very appreciated input.

      • #2087321 Reply

        wavy
        AskWoody Plus

        A simple outdated OS could simply make them fail the PCI compliance test which, in case of a security breach, exposes them to steep fines, potential heavy damage reparation fees and possibly the shut down of their business.

        And never updating would not ??

        🍻

        Just because you don't know where you are going doesn't mean any road will get you there.
    • #2086629 Reply

      Paul T
      AskWoody MVP

      If I were designing their system I would have the internal network isolated from the internet and disable external devices to prevent files being brought onto the machines, then unpatched machines are not an issue.

      Having a blanket, no patch policy only makes sense in a tightly controlled environment.

      cheers, Paul

    • #2086653 Reply

      jeanettef
      AskWoody Plus

      We’ve successfully purchased and activated first-year ESU licenses for our Windows 7 laptops. Thank you Susan, et.al.!

      (Please forgive us if the following doesn’t neatly fall within the current thread.) We might or might not continue with second-year and third-year ESU licenses, and at some point we’ll probably be upgrading to Windows 10 regardless. We understand that Windows 10 licenses can still be obtained for free. It would be nice to obtain licensed copies of Windows 10 for free at present and put them in our back pockets for future use, instead of possibly paying for Windows 10 down the road when we actually want to use it (if Microsoft charges for it at that time).

      Does anyone have experience proceeding, via Windows 7, through https://www.microsoft.com/en-us/software-download/windows10 or otherwise, and creating Windows 10 installation media for future use (instead of actually upgrading at present)? Does this involve or allow one to actually obtain and lock-in free Windows 10 licenses (or does this only create generic Windows 10 copies)? Most importantly, will creating installation media and obtaining Windows 10 licenses at present in any way possibly affect or mess-up our continuing Windows 7 (or ESU) uses, settings, etc.? Since we’re dealing with Microsoft, anything seems possible and it seems better trying to be safe rather than sorry.

      Thank you all for you assistance!

    • #2086679 Reply

      anonymous

      If you click the correct options to only download the media without installing it, that only gives you that file, and does nothing to activate your computer or change the status of your license.  Most seem to predict that they will not take away the ability to use your 7 license to activate windows 10.  If this prediction is wrong, the only thing that would have saved you is actually installing windows 10, at least temporarily, before that change.

      If you want to hedge your bets, all you can do is make an image backup of your current computer and a backup restore disk or flash drive, upgrade to 10, make sure it is online and activated.  Optionally, you can also connect your license to a Microsoft account which may make it more durable.  Search for a tutorial on this.  Then you can test and see if you want to keep 10, or if you want to go back to 7 you can restore your backup.  This is quite a bit of work, and you need to have a large enough external drive for the backups.

      Note that when attempting to download the media with the Microsoft link, if you click on the wrong things, you might install Windows 10.  Looking for a small print “download for another computer” button may be the way around this.

      Reminder – downloading the installer alone does nothing to ensure that your Windows 7 license will be honored for 10.  There is no written guarantee that it should work now or will work later.

    • #2086822 Reply

      jeanettef
      AskWoody Plus

      Thank you for your reply; we greatly appreciate your assistance.

      We agree that actually going through the rigmarole of installing Windows 10 (and then reverting back to Windows 7) in order to obtain and stockpile a Windows 10 license is a huge undertaking (which might also carry at least a modicum of risk, in that even with care stuff can happen). FYI, one of our other laptops came pre-installed with Windows 10, which we subsequently downgraded to Windows 7; but through the initial Windows 10 set-up process we now have a specific Microsoft account and related Windows 10 product ID (license) for future use.

      While it might be true that Microsoft might not charge for Windows 7 to Windows 10 conversions in the future, it might; and we are trying to have our cake and eat it too. Ergo, does anyone have experience or information with obtaining a free Windows 10 license akin to the present circumstances without having to actually install Windows 10? Thanks again!

    • #2087650 Reply

      anonymous

      As a computer consultant, can I buy individual ESU licenses for individuals,

      as long as they are running Microsoft Windows 7 Pro?

      • #2087689 Reply

        amybabinchak
        AskWoody_MVP

        Of course. It’s the OS version that is the requirement. You are free to sell to whomever you choose.

    • #2087691 Reply

      anonymous

      Thanks for the comeback so soon. Not sure why I’m showing up as anonymous, even though I’m a Woody Plus member, guess it’s cause I didn’t login first.

      Can I buy 3 years worth of licenses initially, or do I have to buy them year by year?

      • #2087831 Reply

        anonymous

        Windows 7 ESUs are sold on a per-device basis and are available for purchase in 12-month increments only. As a result, you cannot purchase ESUs for partial periods (e.g. six months). Coverage will be available in three consecutive 12-month increments following Windows 7 end of support on January 14, 2020, and the price will increase each year.

    • #2087848 Reply

      anonymous

      To make sure, if you buy ESU in june, it will only last until January 2021 (6 months or so), correct?

    • #2088977 Reply

      BobT
      AskWoody Lounger

      With the ESUs, is this ONLY for businesses? I’m a home user, but running W7 Ultimate.

      However I’m not a business, I’m just a dude with a PC. Looking at the form it’s asking for my company name. Is there no way for just individuals to get extended updates? (Other than unofficially through 0patch, which I’ll have to consider if there’s no alternative).

      • #2134637 Reply

        Paul T
        AskWoody MVP

        There is no requirement to be a genuine company, there are plenty of one person companies.
        Invent a company name and you should be fine.

        My question is, why bother? For personal use a regular backup and up to date AV seems more than enough.

        cheers, Paul

    • #2134634 Reply

      CBA
      AskWoody Plus

      According to SB’s newsletter,  updates to be installed before activating an ESU key:

      KB 4490628, a servicing-stack update released March 12, 2019;
      KB 4474419, an SHA-2 code-signing support update released September 23, 2019;
      KB 4516655, a servicing-stack update released September 10, 2019;
      KB 4519976, the October monthly rollup.

      Presumably this should be listed as the most currently available monthly quality security update, as each subsequent roll-up removes and replaces the previous month?  If so, is this true also for the 09/2019 servicing stack update?

      I checked on my W7 Pro (fully patched “A”) laptop and the first two ones are installed, but, the KB 4516655 and KB 4519976 are not.  I downloaded them from MS Update Catalog and tried to install them in sequence (..55 and then ..76).  However, I was told that these updates are not applicable to my computer.  What gives?

       

      • #2134638 Reply

        Paul T
        AskWoody MVP

        The advice is to have your machine fully updated. If Windows thinks your machine is up to date you should be OK.

        cheers, Paul

        1 user thanked author for this post.
        CBA
    • #2134639 Reply

      CBA
      AskWoody Plus

      The advice is to have your machine fully updated. If Windows thinks your machine is up to date you should be OK.

      cheers, Paul

      Thanks.  I’ll soon find out .. once I get the stuff from Harbor.

    • #2134981 Reply

      EP
      AskWoody_MVP

      The advice is to have your machine fully updated. If Windows thinks your machine is up to date you should be OK.

      cheers, Paul

      Thanks.  I’ll soon find out .. once I get the stuff from Harbor.

      @cba

      you may have certain Win7 updates newer than KB4516655 installed (this one is superseded or replaced by the following updates > KB4523206, KB4531786 or KB4536952)
      for KB4519976 rollup, that is superseded or replaced by the following newer rollup updates > KB4525235, KB4530734 & KB4534310

      that’s why some updates like KB4516655 and KB4519976 are “not applicable” because you have newer updates installed and you don’t need these older ones

      Edit – I did not need the KB4516655 and KB4519976 updates on an old Win7 Pro computer because I have both the KB4536952 & KB4534310 updates installed

      • This reply was modified 1 week, 5 days ago by  EP.
      • This reply was modified 1 week, 5 days ago by  EP.
      • This reply was modified 1 week, 5 days ago by  EP.
      1 user thanked author for this post.
      CBA
      • #2135029 Reply

        CBA
        AskWoody Plus

        Edit – I did not need the KB4516655 and KB4519976 updates on an old Win7 Pro computer because I have both the KB4536952 & KB4534310 updates installed

        Thanks EP, a most useful reply!  I checked my W7 laptop and found that both the KB4536952 and KB4534310 updates are installed.  So I should be ready to go once I get the ESU license from Harbor.  I sent the ESU form in and paid my dues 1 1/2 days ago.  So, far nothing from Harbor.  Is this normal @amybabinchak ?

        • #2135645 Reply

          CBA
          AskWoody Plus

          Update: per Harbor, the person in charge of ESU licenses is unavailable this week.  Action can be expected by early next week.  FYI.

    • #2136878 Reply

      CBA
      AskWoody Plus

      Final Update: I just got the ESU license key and installed it.  All good = Licensed.  Thanks to all and in particular to Harbor for making this feasible (in a simple way).

      PS: Still not sure what to do with (the purpose of)  the admin@xxxESU. onmicrosoft.com user account.  Probably just forget it.

    • #2136934 Reply

      abbodi86
      AskWoody_MVP

      ESU FAQ for Server 2008/R2 (and SQL)
      https://support.microsoft.com/en-us/help/4539036/faq-about-esu-for-windows-server-and-sql-server-2008-2008-r2

      it contain more detailed and technical info that also apply to Windows 7

      specially this part:

      Is offline servicing available for operating system images that are covered by ESU?
      No. The ESU for Windows 7 and Windows Server 2008 require online servicing (using audit mode to modify images).

      ESU updates are not supported in offline servicing mode. Applying ESU in offline servicing mode generates an error, and updates fail.

      How are ESU distributed?
      ESU are available through all usual channels: Windows Update, Windows Server Update Service, and Microsoft Update Catalog. The Wsusscn2.cab also includes ESU, and it is available during the ESU period.

      1 user thanked author for this post.
      • #2137042 Reply

        Susan Bradley
        AskWoody MVP

        Yup ignore the @onmicrosoft.com alias.  There is secret sauce under the hood to ensure that people with actual ESU licenses are the only ones who get the updates.

        Susan Bradley Patch Lady

        1 user thanked author for this post.
        CBA

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Got Questions about ESU patches? We got answers

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.