![]() |
MS-DEFCON 4:
There are isolated problems with current patches, but they are well-known and documented on this site.
|
-
Patch Lady – so why did I get that?
Home › Forums › AskWoody blog › Patch Lady – so why did I get that?
Tagged: Patch Lady Posts
- This topic has 51 replies, 13 voices, and was last updated 6 months ago.
Viewing 14 reply threads-
AuthorPosts
-
-
July 22, 2020 at 3:58 pm #2282563
Susan Bradley
ManagerSo two interesting things about recent patching related topics: Thing one: Why is .NET installing differently than Windows 10. So we started to get
[See the full post at: Patch Lady – so why did I get that?]Susan Bradley Patch Lady
7 users thanked author for this post.
-
July 22, 2020 at 4:36 pm #2282572
woody
ManagerThat’s the .NET update behavior I talked about in the article this morning:
When I clicked “Resume updates,” I got the .NET patch. Boom. There was no “Download and install” offered.
I still don’t see the version 1909 cumulative update Preview being offered.
2 users thanked author for this post.
-
July 23, 2020 at 11:55 am #2282696
EP
AskWoody_MVPwoody
checking for updates on my LTSC 2019 v1809 system and it automatically downloaded & installed the KB4567327 .NET update preview on there
ditto on my other machine but running v1909 – checking for updates seemed to automatically download & install the KB4562900 .NET update preview
looks like the recent .NET preview updates don’t seem to be “optional” to me when checking for updates
-
This reply was modified 7 months, 1 week ago by
EP.
1 user thanked author for this post.
-
This reply was modified 7 months, 1 week ago by
-
-
July 22, 2020 at 5:53 pm #2282583
anonymous
GuestHere’s a new one that I haven’t seen mentioned (and cant find a reference to) anywhere else. It appears that cumulative Windows update for July 2020 KB4565483 breaks (or at least temporarily hobbles) the way local non admin-only group policy works in Windows 10 1909.
I have kind of a non-standard use case, which might explain why I haven’t heard anyone else talking about this.
I make use of local non admin-only group policies to manage access to public Windows 10 desktops that are not in a domain, and I use a lot of scripting over Openssh to manage it. It usually works really well. but KB4565483 has thrown a wrench into it.
Basically, once KB4565483 is applied, making a user a member of local administrators group via the command line, like…
net localgroup administrators lpublic /add
will no longer exempt them from the LG policy restrictions as it should. Even though user “lpublic” is a member of local group “Administrators” the restricting GP is still applied as if they’re not.
Removing KB4565483 makes it start working normally again.
The weird thing is that you can make the application of the GP start working again without uninstalling the update by making the user administrative via the control panel GUI from another administrative account, then logging out and back into the target account (in this case “lpublic”).
Once you do this, toggling it from an administrative command prompt via the “net” command will work again from that point forward. Unless you take that step though, regarding GPO, the account will be treated as non-administrative, whether they are really administrative or not.
The control panel thing works, but obviously it’s a big [pain] to log in and out multiple times with the GUI on a bunch of machines (close to 300).
I’m experiencing this behavior in Windows 10 Enterprise 1909. I have no idea what’s going on behind the scenes to make it behave this way, but I’ve spent the better part of the day verifying this on multiple machines and looking for the easiest possible way to work around it.
I’d be interested to see if anyone else can confirm this behavior.
3 users thanked author for this post.
-
July 22, 2020 at 6:58 pm #2282610
abbodi86
AskWoody_MVP– .NET, Flash and cpu Microcode updates are pushed whenever you click “check for updates”, whether they are preview or security
because they are handled by the legacy WU agentthe new “click to install now” section is for feature and cumulative updates (and recently Edge Chromium), which are handlled by UUP agent
while that don’t explain you exerient, but i think auto scheduled scans can also detect the preview .NET updates
– Juste tested, deferring 254 days or higher on ver 1809 gives ver 1903
-
July 22, 2020 at 9:13 pm #2282617
woody
ManagerThat explains the behavior… but, man, is it weird! Makes no sense at all.
I still don’t see the Preview for 1909 on my production machines….
Thanks for the double-check on the forced 1809-to-1903 upgrade. That’s unconscionable. After telling us that MS had deferred the end of service date by six months, they just started clawing back almost four months.
So much for the “helping IT cope with Corona” drivel.
2 users thanked author for this post.
-
July 22, 2020 at 11:45 pm #2282621
abbodi86
AskWoody_MVPI also don’t get the Cumulative Update Preview for Windows 10 Version 1909 (18363.997) except after joining Release Preview Channel or setting the TargetReleaseVersion policy/registry
same goes for Cumulative Update Preview for Windows 10 Version 1809 (17763.1369)
3 users thanked author for this post.
-
-
July 29, 2020 at 3:22 pm #2284062
WCHS
AskWoody PlusI’m Win10/Pro, version 1909 and have Feature Deferral set to 365 days (intended to put off version 2004). I also have GPE for Windows Update set to ‘2’ notify download/install. I use wushowhide to hide the current month’s updates until MS-DEFCON=3+.
The July 21 Week “C” Optional CU Preview KB4559004 did not show up in the WU queue for me to hide it. It looks like this is because it’s not in the legacy WU queue. And furthermore, it won’t become available anytime soon for “download and install now” because Feature Deferral is set to 365 days.
But, as I am reading this now, I just realized that says Cumulative Updates, Optional or not. So, does this “bifurcated mess” mean that the upcoming August 11 Patch Tuesday CU will not appear in the WU queue either (and thus, it will not be available to be hidden until MS-DEFCON reaches 3+)? And that instead, it will remain deferred for 365 days?
If so, that’s not what I want– I don’t want 2004 anytime soon, but I will want the August CU before the release of the Sept CU!!
-
July 29, 2020 at 3:29 pm #2284066
PKCano
Manager-
July 29, 2020 at 3:45 pm #2284073
WCHS
AskWoody Plus-
July 29, 2020 at 6:47 pm #2284115
abbodi86
AskWoody_MVPbut a Week “C” Optional Cumulative Update Preview is in the same category as a Feature Update?
Yes, thus it’s affected by Feature Deferral
the “B” Security CU is affected by Quality Deferral
2 users thanked author for this post.
-
July 29, 2020 at 7:02 pm #2284119
PKCano
ManagerOK, I have never been offered the “Preview” C/D/E week patches with Feature deferral set at 365 days. And I have found I am now unable to clear the update queue after I have hidden .NET patches (CUs, not marked Preview) with wushowhide (AKB2000013 procedure to clear queue). Has something changed in the update mechanism
-
July 29, 2020 at 8:08 pm #2284137
abbodi86
AskWoody_MVPNothing i’m aware of
Settings WU page always tend to be difficult
you could try these command to clear the queue
https://pastebin.com/Ec5SxTMgafter UsoClient.exe RefreshSettings, wait a few seconds before opening WU page and running UsoClient.exe StartScan
1 user thanked author for this post.
-
-
July 29, 2020 at 3:55 pm #2284077
WCHS
AskWoody PlusI may be wrong, but I don’t believe the .NET updates fit in either category.
Speaking of .NET updates, when KB4565633 (2020-07) Cumulative Update for .NET became available July 14, I hid it. I checked wushowhide a number of times afterwards to make sure it was hidden. Then, on July 21, KB4562900 (2020-07) Cumulative Update Preview for .NET was released and I hid it, too.
Now, KB4565633, released July 14, no longer shows up in wushowhide. Only KB562900 shows up (hidden). Is this because the latter superceded the former (i.e, a later preview update can supercede an earlier Patch Tuesday (non-preview) update)?
-
July 29, 2020 at 4:00 pm #2284079
-
-
-
-
August 30, 2020 at 7:52 pm #2292582
WCHS
AskWoody Plus… feature and cumulative [preview] updates (and recently Edge Chromium), which are handlled by UUP agent
@abbodi86: I understand that version 2004 is a Feature Update and will have a “Download and install” button. Is it handled by the UUP agent? (and so not available for wushowhide to hide)??Attachments:
You must be logged in to access attached files.
-
August 30, 2020 at 8:27 pm #2292586
geekdom
AskWoody PlusMy understanding is that while 2004 is a Feature update, it doesn’t have a Download and Install button. If you click Check for Updates and 2004 decides it is ready for your system, 2004 is installed on your system.
On Hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender TRV=1909 WuMgr
offline▸ Win10Pro 20H2.19042.685 x86 Atom N270 RAM2GB HDD WindowsDefender WuMgr GuineaPigVariant
online▸ Win10Pro 20H2.19042.804 x64 i5-9400 RAM16GB HDD Firefox86.0 WindowsDefender TRV=20H2 WuMgr-
August 30, 2020 at 9:05 pm #2292592
WCHS
AskWoody PlusMy understanding is that while 2004 is a Feature update, it doesn’t have a Download and Install button.
Interesting … the screenshot showing a “Download and install button” came from a Microsoft Windows Update Team video at How to get the Windows 10 May 2020 Update version 2004
-
August 31, 2020 at 10:43 am #2292750
WCHS
AskWoody PlusMy understanding is that while 2004 is a Feature update, it doesn’t have a Download and Install button.
Has anyone encountered a WU display for Feature Update to Windows 10, version 2004 without a ‘Download and install’ button? What are the circumstances under which it appeared?
-
-
August 30, 2020 at 9:02 pm #2292591
abbodi86
AskWoody_MVP-
August 30, 2020 at 9:22 pm #2292596
WCHS
AskWoody Pluswushowhide can hide UUP updates too
but it cannot show or hide the new OptionalInstall updates (AKA the “Download and install” button)
@abbodi86: The Microsoft Windows Update Team video here shows a “Download and install” button.So, can wushowhide hide the 2004 Feature Update? or not?
1 user thanked author for this post.
-
August 30, 2020 at 10:23 pm #2292609
-
-
-
-
-
July 22, 2020 at 8:02 pm #2282612
howardagoldberg
AskWoody PlusThat’s the .NET update behavior I talked about in the article this morning:
When I clicked “Resume updates,” I got the .NET patch. Boom. There was no “Download and install” offered.
I still don’t see the version 1909 cumulative update Preview being offered.
As per my post this morning )https://www.askwoody.com/forums/topic/1909-2004-feature-update-notification-blocking-optional-updates-2/), this is exactly what I was reporting/asking about. I guess it is, at least, a cold comfort to know it’s nothing wonky with ‘my’ system!
1 user thanked author for this post.
-
July 23, 2020 at 12:35 am #2282622
Berserker79
AskWoody LoungerSeveral folks have indicated that their 1809’s have recently been pushed to install 1903. Given that servicing doesn’t end right now in July, the only thing I can think of is that a whole bunch of folks did a 365 deferral right about now this time last year.
Windows 10 1809 Home here and starting this month’s Patch Tuesday my system went through a first attempt to install 1903 (avoided with wushowhide), suggesting that the push to 1903 is not necessarily the result of having Pro with a 365 deferral set this time last year.
1 user thanked author for this post.
-
July 23, 2020 at 5:07 am #2282653
CBA
AskWoody Plus“…the only thing I can think of is that a whole bunch of folks did a 365 deferral right about now this time last year.”
Still on 1809 Pro and got a push today to install 1903. But, I set deferral to 365 much earlier, during 2nd half of May 2019.
In this connection, are there any cons with updating from 1809 to 2009 directly? I’m happy with 1809 and don’t really want to do a two-step (e.g., via 1909) update. Thanks.
1 user thanked author for this post.
-
July 23, 2020 at 8:39 am #2282671
-
-
July 23, 2020 at 8:49 am #2282674
CBA
AskWoody PlusYou mean directly upgrade 1809 to 1909?
I don’t see any harm in it. 1909 and 1903 have had the same bugs, and the same patches, for several months.
No, directly from 1809 to 2009 per Susan’s write-up (If you are in this same boat where your plans are to jump over a version or two or three and get to 2009 (20H2) …).
1 user thanked author for this post.
-
July 23, 2020 at 9:44 am #2282685
CBA
AskWoody PlusDo you really want 2009 when it first comes out?
Probably not. I used 2009 as a reference based on Susan’s posting. I don’t even know when 2009 will be offered or okay to install. Maybe better to go for 1809 to 1909 (or 2004). Any suggestions?
And if I install 1909 (I have the ISO), how long can I keep this version before being forced to update? By available “delay” settings in GP and elsewhere. Ditto for 2004.
Frankly, the world is in a mess .. and I really don’t need this constant worrying that W10 will be taking over the update stuff and tell me what to do.
1 user thanked author for this post.
-
July 23, 2020 at 9:51 am #2282688
PKCano
ManagerWoody recommends v1909. It is good until May 2021 (See EOL factsheet).
V1909 is relatively stable. V2004 is not yet there.
If you have Pro, set the Feature deferral to 180 days should give you v1909 the next time Windows checks for updates. That will be a later Build than the ISO you have. Or use the ISO (run setup.exe from within v1809).1 user thanked author for this post.
-
July 23, 2020 at 10:02 am #2282689
-
-
-
July 23, 2020 at 10:59 am #2282693
Susan Bradley
Manager -
July 24, 2020 at 2:47 am #2282802
abbodi86
AskWoody_MVP -
July 24, 2020 at 11:45 am #2282877
Just Another Geek
AskWoody PlusHi folks,
I installed the v2004 ADMX policies to gain access to the “Select the target Feature Update version” option.
Does anyone know the abilities/limitations of this? I’d love to be able to enter a target version of 2050 for effectively manual control, if this truly works for all versions since 1803.
-
July 24, 2020 at 3:42 pm #2282956
Just Another Geek
AskWoody PlusI want to stay on a specific version
If you need a device to stay on a version beyond the point when deferrals on the next version would elapse or if you need to skip a version (for example, update fall release to fall release) use the Select the target Feature Update version setting instead of using the Specify when Preview Builds and Feature Updates are received setting for feature update deferrals. When you use this policy, specify the version that you want your device(s) to use. If you don’t update this before the device reaches end of service, the device will automatically be updated once it is 60 days past end of service for its edition.
Other sources confirm this… So if I want to stay on 1909 until I choose otherwise (or July 10, 2022, whichever comes first), I should use 1909 as the version parameter. If I’m understanding correctly.
-
-
July 31, 2020 at 9:01 am #2284524
anonymous
GuestJust curious if anyone has noticed that after the July .Net Preview is installed you are unable to launch Windows Security? I have only tested this on Server 2019, all logs make me feel like its applying the security policies but you cant launch the GUI… or is this just me?
1 user thanked author for this post.
-
July 31, 2020 at 9:35 am #2284536
-
-
July 31, 2020 at 10:43 am #2284558
anonymous
GuestThanks, I really only noticed it because it seems to break Defender ATP reporting too. All of the 2019 Servers that installed it were reporting that they were missing basically every patch for .Net. After rolling back the patch, blocking it and just installing the GA July rollup patch manually the Windows Security GUI was restored and ATP began reporting that the Servers were up to date. I started a small thread in the Windows Defender ATP community here https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bd-p/MicrosoftDefenderATP One person says they have the same issue with the update. Maybe the reporting and GUI issue are linked and wont be an issue if you aren’t using ATP? Or maybe this always happens when using ATP and installing Preview patches, but I wouldn’t know that since we don’t usually install them.
This is what happens when we don’t follow the rules Microsoft 🙁
-
August 6, 2020 at 12:19 pm #2286783
Susan Bradley
Manager
-
-
August 31, 2020 at 2:25 am #2292663
abbodi86
AskWoody_MVPHas anyone encountered a WU display for Feature Update to Windows 10, version 2004 with a ‘Download and install’ button? What are the circumstances under which it appeared?
Pro version 1903
updated with August security updates (18362.1016), no deferrals, no TargetReleaseVersion, Appraiser and WaaSMedic tasks are disabledi get version 1909 as optional feature update
i then enabled and ran “Microsoft Compatibility Appraiser” task
afterward, i get version 2004 as optional feature update1 user thanked author for this post.
-
August 31, 2020 at 10:37 am #2292747
WCHS
AskWoody Plusi then enabled and ran “Microsoft Compatibility Appraiser” task
afterward, i get version 2004 as optional feature updateTell me more about Microsoft Compatibiity Appraiser. I find instructions for disabling/enabling it Method 2: Disable (/enable) CompatTelRunner.exe via Task Scheduler. Is this what you did (enable, not disable)? And then what is the run command to run it?
So then, running it brought up the WU screen for Feature Update to Windows 10, version 2004> with its “download and install” link?
Were you forced to run the CU Preview dotNET first before you could download and install 2004? Or were able to skip over the Download button for that and move on to the “download and install” link for 2004?
-
August 31, 2020 at 9:53 pm #2292935
abbodi86
AskWoody_MVPRun Task Scheduler taskschd.msc
Locate, enable and run task “Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser”
Keep refreshing task view until it report “operation completed successfully”Reboot, then re-create WU scan queue using those commands
https://pastebin.com/Ec5SxTMgI did not try to install either updates
but based on what is written under 2004 update, it seems to require installing pending updates firstMy understanding is that while 2004 is a Feature update, it doesn’t have a Download and Install button.
Has anyone encountered a WU display for Feature Update to Windows 10, version 2004 without a ‘Download and install’ button? What are the circumstances under which it appeared?
if you set TargetReleaseVersion to 2004, you get it as regular update (no Download and install button)
likewise, if you set feature update deferral and the period is ended (e.g. 20 days)
-
September 1, 2020 at 9:15 am #2293051
WCHS
AskWoody Plusif you set TargetReleaseVersion to 2004, you get it as regular update (no Download and install button)
likewise, if you set feature update deferral and the period is ended (e.g. 20 days)
And then in these two cases, since there is no ‘Download and install’ button, will it show up in wushowhide and you can hide it? (Say you’ve changed your mind and you don’t want it yet).
-
September 1, 2020 at 9:25 am #2293054
-
-
-
-
-
AuthorPosts
Viewing 14 reply threads -
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.
Search Newsletters
Search Forums
Recent Replies
anonymous on Kudos to NWS for their new radar site
28 minutes agoanonymous on Kudos to NWS for their new radar site
29 minutes agob on MS-DEFCON 4: Install the February updates, skip that Secure boot
36 minutes agoLance Whitney on Using Microsoft OneDrive on your Android device
1 hour, 2 minutes agoalejr on Files appearing in Recycle Bin Windows 10 version 1909
1 hour, 58 minutes agoAlex5723 on The Perseverance rover runs on processors used in iMacs in the 1990s
5 hours, 7 minutes agoAlex5723 on Unable to update Win10 v1909 since Build 18363.657
5 hours, 40 minutes agoAscaris on “Stuttering” glitch on a brand-new PC
6 hours, 10 minutes agoOscarCP on Are Strong Passwords Necessary?
6 hours, 35 minutes agoOscarCP on Apple may disable Rosetta 2 on M1 in some regions
6 hours, 46 minutes agodoriel on Are Strong Passwords Necessary?
6 hours, 50 minutes agoPaul T on “Stuttering” glitch on a brand-new PC
6 hours, 50 minutes agoOscarCP on The Perseverance rover runs on processors used in iMacs in the 1990s
6 hours, 52 minutes agoAlex5723 on Apple may disable Rosetta 2 on M1 in some regions
6 hours, 53 minutes agoPaul T on MS-DEFCON 4: Install the February updates, skip that Secure boot
7 hours, 21 minutes agodoriel on Are Strong Passwords Necessary?
7 hours, 22 minutes agoPaul T on Unable to update Win10 v1909 since Build 18363.657
7 hours, 35 minutes agodoriel on Outlook
7 hours, 40 minutes agoPaul T on Windows 10 clean install
7 hours, 43 minutes agoPaul T on The Perseverance rover runs on processors used in iMacs in the 1990s
7 hours, 47 minutes agoAlex5723 on Windows 10 clean install
7 hours, 53 minutes agoanonymous on MS-DEFCON 4: Install the February updates, skip that Secure boot
7 hours, 54 minutes agoPaul T on My Windows 10 Local Backup Software Choice, and Why
7 hours, 55 minutes agoOscarCP on Apple may disable Rosetta 2 on M1 in some regions
7 hours, 59 minutes agoAlex5723 on Do you still patch on premises Exchange servers?
8 hours, Just nowPaul T on MS-DEFCON 4 – February updates trigger few issues
8 hours, 10 minutes agoAlex5723 on The Perseverance rover runs on processors used in iMacs in the 1990s
8 hours, 15 minutes agoOscarCP on Aren't these the greatest performances of classical music?
8 hours, 15 minutes agoAscaris on Frys electronics is closing
9 hours, 56 minutes agoAscaris on Frys electronics is closing
10 hours, 29 minutes ago
Recent Topics
-
Avatar
2 hours, 1 minute ago
-
Apple may disable Rosetta 2 on M1 in some regions
6 hours, 47 minutes ago
-
March 2021 Office non-Security Updates are now available
13 hours, 30 minutes ago
-
Windows 10 clean install
7 hours, 44 minutes ago
-
Do you still patch on premises Exchange servers?
8 hours, 1 minute ago
-
Files appearing in Recycle Bin Windows 10 version 1909
1 hour, 59 minutes ago
-
Outlook won’t open (or any app withing Office 2019 professional plus
15 hours, 18 minutes ago
-
The Perseverance rover runs on processors used in iMacs in the 1990s
5 hours, 8 minutes ago
-
UEFI
19 hours, 43 minutes ago
-
Just discovered CCleaner wiped my history!
12 hours, 50 minutes ago
-
Update Error 0xc1900101-0x30018
1 day ago
-
Outlook
7 hours, 41 minutes ago
-
USB mouse power management
20 hours, 28 minutes ago
-
edgeupdate Service on Windows Server 2016 1607
18 hours, 20 minutes ago
-
Site will be temp offline
1 day, 20 hours ago
-
20H2 Upgrade Resets Secure Boot And F12
23 hours, 43 minutes ago
-
OneDrive & SharePoint “Throttling”
1 day, 17 hours ago
-
Waiting for Windows 10 Version 2004 update
1 day, 21 hours ago
-
slow typing in Reviewing Pane
2 days ago
-
Veeam backups
1 day, 4 hours ago
-
Group B Feb 2021 update for Win 7 (i.e. KB4601363) fails – Error Code 80070661.
1 day, 15 hours ago
-
“Stuttering” glitch on a brand-new PC
6 hours, 11 minutes ago
-
Here’s looking at you, kid: the child-cam scam
1 day, 3 hours ago
-
The best things in life are copyrighted
1 day, 7 hours ago
-
Using Microsoft OneDrive on your Android device
1 hour, 3 minutes ago
-
MS-DEFCON 4 – February updates trigger few issues
8 hours, 11 minutes ago
-
ESET NOD32 and Windows 7
1 day, 19 hours ago
-
Google Chrome
1 day, 5 hours ago
-
misbehaving Edge and Chrome
1 day ago
-
Temporarily putting the site in maintenance mode
1 day, 21 hours ago
Search for Topics
Recent blog posts
- March 2021 Office non-Security Updates are now available
- Do you still patch on premises Exchange servers?
- “Stuttering” glitch on a brand-new PC
- Here’s looking at you, kid: the child-cam scam
- The best things in life are copyrighted
- Using Microsoft OneDrive on your Android device
- MS-DEFCON 4 – February updates trigger few issues
- Temporarily putting the site in maintenance mode
Key Links
Copyright © 2004 – 2021 AskWoody Tech LLC. All rights reserved.