News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Standalone installer script for Windows 7 ESU, regardless the license

    Posted on abbodi86 Comment on the AskWoody Lounge

    Home Forums AskWoody support Windows Windows 7 Win7 beyond End-of-life Standalone installer script for Windows 7 ESU, regardless the license

    • This topic has 425 replies, 61 voices, and was last updated 1 week ago.
    Viewing 145 reply threads
    • Author
      Posts
      • #2209020 Reply
        abbodi86
        AskWoody_MVP

        # W7ESUI #

        Automated batch script to install Windows 7 Extended Security Updates, regardless the ESU license and without requiring any eligibility check bypass.

        * Pros:

        – Process the updates from one same location

        – Detect and install servicing stack update first

        – Check required stack installer version for each update

        – Include the Telemetry neutralize tweaks

        – Works with Group A: Monthly Quality Rollup, or Group B: Security Only update / IE11 cumulative update

        * Limitations:

        – SHA2 support updates KB4490628 and KB4474419 are prerequisites for ESU updates.
        Either install them yourself first, or put their msu files with ESU updates files together and the script will install them

        – The script is specifically designed to process ESU updates only.

        while it still can install regular updates, but it has no specific checks or conditions for their prerequisites
        regular updates should be installed normally, manually, using Windows Update, or other tools

        – You must always use the script for any future ESU updates, you cannot install them manually afterwards

        * Download:

        https://github.com/abbodi1406/WHD/raw/master/scripts/W7ESUI_0.2.zip

        * How to use on live OS:

        Download the ESU updates msu files from Microsoft Update Catalog, following history page or AskWoody Knowledge Base

        a) if you are Group A user, you need:
        latest Servicing Stack Update
        latest Security Monthly Rollup
        latest .NET rollup

        b) if you are Group B user, you need:
        latest Servicing Stack Update
        latest IE11 Cumulative Update
        Security Only Update for each month (e.g. February and March together)
        every .NET Security Only Update (if any)

        Extract W7ESUI.cmd from the zip file, or extract the whole zip file

        Copy or move W7ESUI.cmd and place it next to (in the same folder as) the downloaded msu files
        ini file W7ESUI.ini is not really necessary in this case

        Right-click on W7ESUI.cmd and “Run as administrator”

        If all goes well, you should get cmd window similar to this:

        Now press the zero 0 number on keyboard to start the process

        At the end, restart the system if prompted

        See ReadMe.txt for more details, and how to use the script for offline integration.

        • This topic was modified 4 months, 3 weeks ago by abbodi86.
        • This topic was modified 3 months, 3 weeks ago by PKCano.
        • This topic was modified 3 months, 3 weeks ago by PKCano.
        • This topic was modified 3 months, 1 week ago by PKCano.
        Attachments:
        Total of 35 users thanked author for this post. Here are last 20 listed.
      • #2209122 Reply
        jabeattyauditor
        AskWoody Lounger

        Woody, you’re on board with this?

        3 users thanked author for this post.
        • #2209143 Reply
          woody
          Da Boss

          Yep. 100%.

          • #2209166 Reply
            Pim
            AskWoody Plus

            Just out of curiosity: why? My reason for asking: I have seen other contributors on AskWoody claiming this is illegal.

            I myself take a practical approach: I have lost so very many hours (> 100) because of Microsoft’s absence of client focus that I honestly do not care whether it is illegal (normally I do). One example: only informing that Ultimate is also covered by ESU in late November which caused me much stress trying to get my systems on Windows 10 in the months before November 2019, which failed, because of a lack of time and energy on my part caused by insufficient health.

            ASRock Beebox J3160 - Win7 Ultimate x64
            Asus VivoPC VC62B - Win7 Ultimate x64
            Dell Latitude E6430 - Win7 Ultimate x64
            Dell Latitude XT3 - Vista Ultimate x86 (still...)
            Gigabyte GA-H110M-HD3 DDR3 - Win10 Pro 1809 x64

            1 user thanked author for this post.
          • #2209199 Reply
            KWGuy
            AskWoody Plus

            Every time I think I’ve found a way to outsmart Mother Microsoft re: updating, it usually backfires…or at least causes more anxiety and takes more time than it’s worth.

            My gut tells me that this unsanctioned (and per SB , a license violation) approach is not a good option.  I acknowledge that I’m a non-techie home user with a less adventurous spirit than most.  I agree, though, that MS should extend traditional W7 patching due to current circumstances.

             

            2 users thanked author for this post.
            • #2213830 Reply
              Qnu
              AskWoody Lounger

              Every time I think I’ve found a way to outsmart Mother Microsoft re: updating, it usually backfires…or at least causes more anxiety and takes more time than it’s worth.

              My gut tells me that this unsanctioned (and per SB , a license violation) approach is not a good option.  I acknowledge that I’m a non-techie home user with a less adventurous spirit than most.  I agree, though, that MS should extend traditional W7 patching due to current circumstances.

               

              Here’s my take on this: MS does not give me, a private user, the option to even buy these updates. How am I supposed to feel guilt for something I can not buy. I just want to use the latest updates that are available and I would be willing to pay. But MS does not allow a way for me to buy ESU. What am I supposed to do?

              • #2213939 Reply
                b
                AskWoody Plus

                How am I supposed to feel guilt for something I can not buy.

                There are many things in this world which a private person cannot buy, but it doesn’t give anyone a right to steal them.

        • #2257538 Reply
          WSRobF228
          AskWoody Plus

          I’m a home user with Win7 x64 pro. Just using a workgroup for the household. Am I a “Group A” user?

          Thank you much!

          • #2257540 Reply
            PKCano
            Da Boss

            If you have been installing the Monthly Rollups through Windows Update, you are a Group A user.

            If you have been downloading from the MS Catalog and manually installing the Security-only Updates and the IE11 Cumulative Updates, you are a Group B user.

      • #2209123 Reply
        anonymous
        Guest

        When the instructions say to put W7ESUI.CMD “next to” the MSU files, does that mean “in the same directory as”?

         

      • #2209128 Reply
        honx
        AskWoody Lounger

        if i decide to install february and march group b patches on win7, is there anything to consider about these patches (bugs or anything else)?

        PC: Windows 7 Ultimate, 64bit, Group B
        Notebook: Windows 8.1, 64bit, Group B

      • #2209146 Reply
        honx
        AskWoody Lounger

        See this thread for information, especially the note at the top about the Group B patches. And the similar blogpost about the Feb Patch Tues.

        There are also notes in AKB2000003.

        thx, how can i check, if ssu kb4490628 is installed already? i know i have kb4474419 (because i had to install 3 times kb4474419 last year which i clearly remember) but i can’t find the kb4490628 which is required by march esu patches in windows update (unfortunately there is no search-box in windows update).

        and in which order is that new ssu kb4550735 to be installed? after february win7/ie patches?
        for example like this?
        february kb4537813 (win7)
        february kb4537767 (ie)
        reboot
        ssu kb4550735
        ( i downloaded the file linked in:
        https://www.askwoody.com/forums/topic/initial-impressions-of-patch-tuesday-march-2020/#post-2189166 )
        reboot
        march kb4541500 (win7)
        march kb4540671 (ie)
        reboot
        office and other non-windows patches
        reboot (just to make sure)

        PC: Windows 7 Ultimate, 64bit, Group B
        Notebook: Windows 8.1, 64bit, Group B

        • #2209151 Reply
          PKCano
          Da Boss

          To see if kb4490628 is installed look in Windows Update. On the lower left corner click on “View installed updates.”
          You can sort by any column. Click on the column title to choose the column to sort by. It is a toggle, alternating ascending/descending.
          kb4490628 was issued in april 2019, so if you sort by date it will be 3/12/2019 or later. If you sort by title, each category will have the KB number sorted numerically.

          4 users thanked author for this post.
        • #2209153 Reply
          PKCano
          Da Boss

          You can collect the updates and the needed file(s) in one folder.
          If you are using @abbodi86 ‘s script, you should follow those instructions.
          The Office, MSRT updates are still available through Windows Update for supported versions.

          1 user thanked author for this post.
        • #2209154 Reply
          honx
          AskWoody Lounger

          can’t edit my post anymore, so i have to reply: what do i have to deactivate in order to get rid of this diagtrack thingamajigs in march update? (microsoft are now charging for win7 updates and these to purchase patches still contain spyware – i don’t get it…)

          PC: Windows 7 Ultimate, 64bit, Group B
          Notebook: Windows 8.1, 64bit, Group B

        • #2209189 Reply
          anonymous
          Guest

          Open Windows Update > click on View Update History (in left navigation) > click on the linked Installed Updates > copy & paste the KB number into the top left search field.

          That way you don’t have to waste time sorting and searching by date.

          Hope I could help.

          1 user thanked author for this post.
      • #2209158 Reply
        honx
        AskWoody Lounger

        You can collect the updates and the needed file(s) in one folder.
        If you are using @abbodi86 ‘s script, you should follow those instructions.
        The Office, MSRT updates are still available through Windows Update for supported versions.

        so all february, march and that ssu in the same folder and that script takes care about the order and installs also that march ssu at the right time?

        PC: Windows 7 Ultimate, 64bit, Group B
        Notebook: Windows 8.1, 64bit, Group B

      • #2209167 Reply
        Chriski
        AskWoody Plus

        Use 0patch or script installer (no ESU, Win 7 group B through Jan patches) or both?

        I installed 0patch(free) after the Jan patches, and it’s been doing fine.

        Also use the script installer because more is better and it will enhance things missing from 0patch, or is this 0patch tool probably sufficient?

        Thanks for opinions..

        C.

        2 users thanked author for this post.
      • #2209184 Reply
        Melvin
        AskWoody Plus

        Does it violate licenses and eulas….. yes …but my morals are slipping.  We are in unusual times where people are using Win7’s to remote in from home.  I’ve sent an email to Satya to ask him to open up 7 patching for all given the circumstances.

        Yes, considering so many must now work from home, it would be good if Microsoft would step up and open up the ESU for some period of time.  I guess this is most applicable to people who have their “home” computer and until now have only used the IT-supported computers at their work place.

        Indeed, I saw a report that bad actor’s may have increased their efforts against homes and home users anticipating increased opportunities in these new circumstances.

        Win 7 Pro 64-bit, Office 2010.
        Nethermost of the technically literate.

        2 users thanked author for this post.
      • #2209188 Reply
        honx
        AskWoody Lounger

        Yes

        You only need the latest SSU (March KB4550735), and the latest IE11 cumulative (March KB4540671)
        in addition to security only update for both February and March

        thanks, i’ll wait for ms defcon 3 or higher and for some observations by other users here before i try it myself.

        PC: Windows 7 Ultimate, 64bit, Group B
        Notebook: Windows 8.1, 64bit, Group B

      • #2209193 Reply
        Geo
        AskWoody Lounger

        0patch pro is half the price of ESU and is working just fine.  I’m a home premium user .  Getting a number of micro patches lately.

        • This reply was modified 4 months, 3 weeks ago by Geo.
        • This reply was modified 4 months, 3 weeks ago by Geo.
        5 users thanked author for this post.
      • #2209192 Reply
        anonymous
        Guest

        Any known issues using this script on a Kaby Lake (intel 7xxx) box running wufuc ?

      • #2209203 Reply
        T
        AskWoody Plus

        Thank you so much for this, abbodi86. This should tide me over until i figure out what i’m going to do long term, with no option being ideal. However, i am a little concerned implementing it because this violates the EULA and i worry microsoft will start deactivating the product keys of genuine installs and then you’re effectively using a pirate copy. Also, it was my understanding that this workaround had been prevented with the latest SSU.

        2 users thanked author for this post.
        • #2209225 Reply
          woody
          Da Boss

          OK. I’ll bite. How does running abbodi86’s script violate the Win7 EULA?

          • #2209226 Reply
            T
            AskWoody Plus

            Oh, does it not? Susan upthread seems to agree that it does. My concern is just what microsoft will do to clamp down on obtaining ESUs for free.

            Then again, we’re currently living through a period where so many more people are working from home and win7 still has a huge user base.

            • This reply was modified 4 months, 3 weeks ago by T.
            2 users thanked author for this post.
          • #2209281 Reply
            b
            AskWoody Plus

            How does running abbodi86’s script violate the Win7 EULA?

            8. SCOPE OF LICENSE.
            You may not
            · work around any technical limitations in the software;

            1 user thanked author for this post.
            • #2209375 Reply
              woody
              Da Boss

              I hear ya but… I’m not so sure that applying updates is working around a technical limitation.

              For example, I don’t think 0patch patches violate the EULA.

              One could make the argument that running any Win7 utility is working around a technical limitation in the software…. antivirus…

              8 users thanked author for this post.
      • #2209212 Reply
        PKCano
        Da Boss

        I have just run the script on one of my Win7 Ultimate x64 VMs that was updated through Jan.
        There were no problems during the install.
        There were two (2) reboots afterward.
        Here is the result.

        Screen-Shot-2020-03-20-at-2.30.50-PM

        Attachments:
        12 users thanked author for this post.
      • #2209262 Reply
        alkhall
        AskWoody Lounger

        No file to download, link gives blank page.

        • #2209270 Reply
          Volume Z
          AskWoody Lounger

          You’re doing it wrong.

          Download

          Attachments:
      • #2209283 Reply
        ch100
        AskWoody_MVP

        I think Susan’s assessment and subsequent action – to write to Satya asking for a waiver given the times are appropriate. This is a grey area and open to interpretation either way.

        I would like to raise a technical issue though, only for clarification.

        This script installs SSU first and the relevant update in the second step.

        I was under the impression that this order does not matter anymore, because the SSU released in a specific month actually applies to the update released next month, this being done by Microsoft to avoid past issues. There is still a requirement to update regularly because SSU is not released each month.

        Is this true about the SSU order, or is only true for Windows 10 or is not true at all?

        3 users thanked author for this post.
        • #2209391 Reply
          abbodi86
          AskWoody_MVP

          Not really, latest SSU first, is still the correct order
          if you installed higher stack installer version, it will take precedence and work for all lower versions

          – Check required stack installer version for each update

          if an update require higher SSU, the script will show error message and skip it

          and that’s why for manual installation of ESU updates, you should only download and use latest SSU, even if current updates require previous SSU

          8 users thanked author for this post.
          • #2209410 Reply
            ch100
            AskWoody_MVP

            @abbodi86
            My comment was more in relation to this (hypothetical) scenario:

            – SSU 2020-01 installed
            – Patches for 2020-02 are released
            – Install 2020-02 CU first (for whatever reason, see below for an example)
            – Install 2020-02 SSU

            If 2020-02 CU require minimum 2020-01 SSU, then the previous sequence would still work, while not installing the 2020-02 SSU first.

            Same would be repeated next month 2020-03 in this example, if 2020-03 CU require as minimum 2020-02 SSU and not 2020-03 SSU.

            This may have practical implications when let’s say 2 patches are pushed simultaneously via WSUS or SCCM and they are installed without a reboot between them. This is a very common scenario in fact and I have seen the SSU is not always installed first due to the sequence having other criteria like randomization, which patch is downloaded first from the update server etc.

            Ideally the updates should be installed in 2 steps, SSU first, waiting for it to be deployed everywhere and then the CU for the month. But this is not practical or always possible taking in consideration the operational requirements, except for the smallest of environments and as such it is never done in 2 steps.

            Note: In WSUS or SCCM which leverages the same WSUS, SSU and CU are always installed separately and not bundled as it is the case for Windows Update.

            3 users thanked author for this post.
            • #2209419 Reply
              abbodi86
              AskWoody_MVP

              Understood 🙂

              but like you said, this sequence apply to WU and WSUS

              manual installation of updates means to get the latest version of chained updates (SSU, IE11 Cumulative, Monthly Rollup, W10 Cumulative)

              5 users thanked author for this post.
          • #2209983 Reply
            Ed
            AskWoody Lounger

            @abbodi86… “if you installed higher stack installer version, it will take precedence and work for all lower versions”

            I’m questioning my reading comprehension level here… If I’m understanding this statement correctly I only need to to install the latest SSU (KB4550735) FIRST and then I would be able to install all updates available since August 2019 on two Group B systems that haven’t been patched since then?

            • #2209985 Reply
              PKCano
              Da Boss

              Put SSU KB4550735, all the Security-only updates, and the latest IE11 CU KB4540671 in the folder with the script. The script will install the SSU first and then the rest of the updates.

              Be sure you have SHA2 support updates KB4490628 and KB4474419 already installed beforehand.

            • #2210070 Reply
              abbodi86
              AskWoody_MVP

              Yes

              1 user thanked author for this post.
      • #2209284 Reply
        Seff
        AskWoody Plus

        Isn’t this all rather academic at the moment? We’re at DefCon 2 for heaven’s sake.

        • #2209493 Reply
          woody
          Da Boss

          It most certainly is academic. But it’s good to have some pioneers leading the way, eh?

          (Also absolutely delightful that the old crew is tossing this around.)

          2 users thanked author for this post.
      • #2209286 Reply
        alkhall
        AskWoody Lounger

        You’re doing it wrong.

        Download

        Got it, thanks.

      • #2209292 Reply
        italiangm
        AskWoody Plus

        Hello all. Wanted to share experience and ask a question:

        Since FEB2020 updates were cleared for installation, I downloaded kb4537767-x64 and kb4537813-x64 msu from Microsoft Update Catalog. Followed the instructions so kindly provided by abbodi86.

        Install ran without a hitch. After successful reboot, I opened Windows Update and selected View Update History. KB4537767 and KB4537813 do not appear.

        Checked Control Panel > Installed Updates. KB4537767 and KB4537813 were listed there.

        Is there a reason why the FEB2020 updates do not appear in View Update History?

        2 users thanked author for this post.
        • #2209300 Reply
          PKCano
          Da Boss

          Is there a reason why the FEB2020 updates do not appear in View Update History?

          Yes, Windows Update History is the history of updates that Windows Update installed. Windows Update didn’t install those updates, you did.  🙂
          But to verify that they are installed, they are listed in “Installed Updates.”

          7 users thanked author for this post.
          • #2209323 Reply
            Volume Z
            AskWoody Lounger

            Are you telling us that any given Security Only Update is impossible to appear in Update History?

            • #2209326 Reply
              PKCano
              Da Boss

              Security-only updates are not released through Windows Update.
              I could be wrong, but I believe that would be the case if you do a manual install.
              An exception would be if the SO were released through WU.
              I don’t think it shows in Update History, but it does in “Installed Updates.”
              Also, if you uninstall an update, it doesn’t disappear from Update History. It is still listed in History at the time/date it was installed (but it is no longer in Installed Updates).

              Note: This applies to current updates that MS designated as Rollup and Security-only, not to the prior updates that were designated Updates for Windows and Security Updates for Windows (2016 and before)

              • This reply was modified 4 months, 3 weeks ago by PKCano.
              3 users thanked author for this post.
              • #2209330 Reply
                Volume Z
                AskWoody Lounger

                By thinking, any update installed manually – like any given Security-Only – does not appear in Update History, you’re thinking wrong. It should be easy for you to verify in any Windows 7 installation.

              • #2209331 Reply
                PKCano
                Da Boss

                I only do Rollups. Can you post a screenshot?
                I’m certainly open to stand corrected.

              • #2209342 Reply
                Volume Z
                AskWoody Lounger

                Sure. 🙂

                Updateverlauf

                Attachments:
                1 user thanked author for this post.
              • #2209349 Reply
                PKCano
                Da Boss

                Thanks.
                Were those manual installs or using WSUS or one of the installers?

              • #2209352 Reply
                RDRguy
                AskWoody Lounger

                @PKC … I’m not sure that’s the case … being Group B since the very beginning, I’ve only manually installed all the monthly SO & IE11 Cum updates downloaded either directly from the MS Update Catalog or AKB2000003 and everyone of them DO appear in the Windows Update History as well as the “Installed Updates” on all of my Win7 systems.

                I suspect this may be due to the processes used by @abbodi86’s batch script to incorporate the post ESU Win7 updates into non-ESU Win7 systems.

                If so, it’s implementation may not use (or use in the normal way) any or all of the actual Windows Update mechanisms that would normally be used either pre or post ESU to incorporate Win7 updates.

                Could/should/would this be changed in a future batch script update … I suspect only @abbodi86 can answer.

                Win7 - PRO & Ultimate, x64 & x86
                Win8.1 - PRO, x64 & x86
                Groups A, B & ABS

              • #2209358 Reply
                PKCano
                Da Boss

                Yes, I was under the wrong impression.
                Thanks for the correction.

                1 user thanked author for this post.
          • #2209392 Reply
            abbodi86
            AskWoody_MVP

            Windows Update History show the history of updates installed via WU, or via msu file directly (double-click)
            but not if the updates are installed via DISM.exe tool (like the script does)

            Update History can be reset/wiped easily, but “Installed Updates” will always show the updates

            @RDRguy
            Windows Update is more like a GUI front-end for CBS (the actual engine that process updates)
            DISM.exe is the CLI front-end for CBS

            4 users thanked author for this post.
      • #2209334 Reply
        anonymous
        Guest

        Works for me, after paying attention to abbodi86‘s comments on 20 <span class=”bbp-reply-post-date”>March 2020 at 11:05 am.</span>

        Thanks!

      • #2209366 Reply
        alpha128
        AskWoody Plus

        My goodness – this is the greatest thing since sliced bread.  And since the last time I was in a grocery store there was no bread – that makes this the greatest thing going today!

        I downloaded the script and installed per your instructions.  I used to it to install the March Servicing Stack update (KB4550735) and 2020-03 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4540688).  As advertised, the servicing stack was installed first, and then the roll-up.

        As other users report, these updates did not appear in my Windows Update history, but they do appear when running, e.g., powershell (get-hotfix -id KB4540688).  They also appear as installed updates in Control Panel.

        Thank you so much!

        5 users thanked author for this post.
      • #2209411 Reply
        Kranium
        AskWoody Lounger

        Hey Woody, good on you.

         

        Every little bit helps right now.

        Group B for WIN7 w/ ESU, plus trying out Linux builds in dual boot.

        1 user thanked author for this post.
      • #2209439 Reply
        Sinclair
        AskWoody Lounger

        Used this on Windows 7 x64 Home Premium. Everything went well and after two reboots the computer still works. I did it with the network cable pulled. Once everything was done I ran the W10Tel.cmd After another reboot I replugged the network cable. So far so good.

        W7 x64 Pro&Home

        4 users thanked author for this post.
        • #2209514 Reply
          alpha128
          AskWoody Plus

          Used this on Windows 7 x64 Home Premium. Everything went well and after two reboots the computer still works. I did it with the network cable pulled. Once everything was done I ran the W10Tel.cmd After another reboot I replugged the network cable. So far so good.

          According to the Pros above, this new script does “Include the Telemetry neutralize tweaks”.  So you may not need W10Tel.cmd any more.

          After running the new script on my system I see:

          Directory of C:\ProgramData\Microsoft\Diagnosis

          File Not Found

          Directory of C:\ProgramData\Microsoft\Diagnosis\ETLLogs

          11/15/2016 08:00 PM <DIR> .
          11/15/2016 08:00 PM <DIR> ..
          0 File(s) 0 bytes

          Total Files Listed:
          0 File(s) 0 bytes

          I did previously have files there, but I had stopped them from being updated.  Now they are gone.

          4 users thanked author for this post.
          • #2209589 Reply
            Sinclair
            AskWoody Lounger

            This Windows 7 Home Premium x64 Computer installation is from 2009. Still in use every day. It has seen its fair bumbs and bobs along the way.

            My Directory of C:\ProgramData\Microsoft\Diagnosis contains

            User.dat 16-09-2015 0 kb

            and 8 Folders

            \AsimovUploader 16-01-2017 empty
            \DownloadedScenarios 19-05-2015 empty
            \DownloadedSettings 16-01-2017
            ..cfc.flights.json 04-06-2015 1 kb
            ..telemetry.ASM-WindowsDefault.json 16-01-2017 11 kb
            ..telemetry.ASM-WindowsDefault.json.bk 15-09-2015 6 kb
            ..utc.app.json 16-01-2017 38 kb
            ..utc.app.json.bk 15-09-2015 22 kb
            \ETLLogs\AutoLogger 20-03-2020 empty
            \ETLLogs\ShutdownLogger 16-01-2017 empty
            \LocalTraceStore 16-01-2017 empty
            \Sideload 16-01-2017 empty
            \SoftLanding 16-01-2017 access denied
            \SoftLandingStage 16-01-2017 access denied

            W7 x64 Pro&Home

        • #2209598 Reply
          anonymous
          Guest

          Hopefully you have a full system backup and maintain files backup in case Microsoft decides to plug the free patch access hole.

      • #2209595 Reply
        italiangm
        AskWoody Plus

        After using the script on my Win 7 SP1 PC, I noticed a new file named RunOnce_W10_Telemetry_Tasks.cmd on the desktop.

        FYI, I did not place MSUs, zip file, or extracted files on the desktop, nor run W7ESUI.cmd from there.

        Can I delete RunOnce_W10_Telemetry_Tasks.cmd from the desktop without causing  problems if I run the script in the future?

        • #2209599 Reply
          abbodi86
          AskWoody_MVP

          I forgot to mention this, sorry

          the script is ment to disable the relevant schedule task after installing Monthly Rolup (they only can be disabled after restart)

          therefore, you just need to run it as administrator, it will be self-deleted afterwards
          or just delete it

          3 users thanked author for this post.
          • #2209939 Reply
            italiangm
            AskWoody Plus

            Right clicked on RunOnce_W10_Telemetry_Tasks.cmd then selected Run as administrator. The process ran and deleted RunOnce_W10_Telemetry_Tasks.cmd at the end as stated. Thanks again!

          • #2209942 Reply
            Cybertooth
            AskWoody Plus

            OK, just to make sure that I understand the process:

            Supposing that one installs February’s Security Only patch for Windows 7 by using this script. Come time to install the March updates, would one then manually run the script again?

             

            • #2209959 Reply
              abbodi86
              AskWoody_MVP

              Yes, placing March Security Only update (and March SSU) next to it

              you don’t need to move the February update, the script should detect it as installed and skip it (after extraction)

              3 users thanked author for this post.
      • #2209819 Reply
        anonymous
        Guest

        Standalone installer script for Windows 7 ESU, regardless the license.
        Dowloaded W7ESU1 files and extracted ok . Then downloaded February and March Group B updates

        KB4537767  KB4537813  KB1540671  KB1541500 for my Win 7 X64 Pro Laptop and placed in same folder as advised. Script runs fine however after extracting the cab files it telle me I need :

        SSU VERSION 6.1.7601.24544
        SSU VERSION 6.1.7601.24548

        I already have KB4490628 and KB4474419 installed and all Group B security updates up to and including January installed. Advice please.

        • #2209822 Reply
          PKCano
          Da Boss

          Have you been installing the SSUs before EOL?
          Try installing KB4536952 Jan SSU manually first before running the script.
          Also did you include Mar SSU KB4550735 in the download folder with the script?
          You only need the latest IE11 CU b/c they are cumulative.

          2 users thanked author for this post.
        • #2209823 Reply
          abbodi86
          AskWoody_MVP

          You did not have required or latest SSU
          you must include KB4550735 in the download folder with the script, or install it yourself

          1 user thanked author for this post.
      • #2209828 Reply
        anonymous
        Guest

        Thank you both for your help. Followed your advice and updates installed OK now. Brilliant!!

        1 user thanked author for this post.
      • #2210020 Reply
        pandarunnerpt
        AskWoody Plus

        I have been using 0Patch since 11/18/19, my husband about a month after. We both are on Win 7 Professional 64 bit SP1 computers, I am i7 6700, he is i3 4130. We both were group B until January when we had to install the rollups in order to assure that 0Patch would work properly.

        Acting as guinea pigs for the 0Patch people on the board, and as per this link from 0Patch saying that it was not an issue to use both 0Patch and ESU at the same time  https://0patch.zendesk.com/hc/en-us/articles/360011192299-Can-I-use-0patch-in-parallel-to-Windows-Extended-Security-Updates–   I installed abbodi86‘s script and then the Feb. Security and IE updates today.

        Installation went as described and both of us have had no problems at all.  0Patch is still working as expected, too.

        Thank you abbodi86 and thank you everyone in this conversation who made it easier for me to give this a try.

        Win 7 Professional, 64 bit, Defiantly Group B

        1 user thanked author for this post.
      • #2210026 Reply
        Geo
        AskWoody Lounger

        0patch put out an email today mentioning  only W7 users who HAVEN’T  taken the ESU  downloads are able to use the 0patch micro-patches .  Mentions they are not compatible with the ESU downloads.  Be interesting if some one with ESU and 0patch are having problems as 0patch is mentioning.

        1 user thanked author for this post.
        • #2210074 Reply
          RDRguy
          AskWoody Lounger

          0patch website FAQ page states they are not needed and won’t be applied but doesn’t state that they’re not compatible and may cause problems in ESU updated systems.

          EDITs: typos

          Win7 - PRO & Ultimate, x64 & x86
          Win8.1 - PRO, x64 & x86
          Groups A, B & ABS

          • This reply was modified 4 months, 3 weeks ago by RDRguy.
          • This reply was modified 4 months, 3 weeks ago by RDRguy.
          • This reply was modified 4 months, 3 weeks ago by RDRguy.
          2 users thanked author for this post.
          • #2210148 Reply
            woody
            Da Boss

            I would expect that… it wouldn’t make much sense for 0patch to patch ESU-patched systems, unless a huge zero-day appeared.

            2 users thanked author for this post.
      • #2210255 Reply
        anonymous
        Guest

        Tells me I have to run as administrator even when I right click and do just that.

         

        • #2210259 Reply
          PKCano
          Da Boss

          Are you logged in with a Standard (non-Administrator) ID?

          • #2210261 Reply
            anonymous
            Guest

            No, an admin account

          • #2210312 Reply
            anonymous
            Guest

            Well it seems that after 3 reboots it is working.  Not sure what was going on.

             

      • #2210311 Reply
        analogkid
        AskWoody Plus

        Downloaded the required W7ESUI and then the Feb SO updates.

        I made sure I had the SSU necessary installed which I already did way back when as I did installed the Group Jan update prior to buying 0patch subscription.

        Well I thought I would try this new ESL and for me it didnt work. I got the cmd window with all of the same script as pictured but when I hit the zero key nothing happened.

         

        Just noticed I needed SSU KB4550735 so I went to the Microsoft Update Catalog and downloaded it.

        Must admit, I am kind of lost where to go from here but then I am not computer savvy

        "An analog kid in a digital world"

        Win7 Ultimate home built desktop Running 0patch Pro

        Win 8.1 desktop and two 8.1 laptops

        Win 10 Dell desktop (took the plunge)

        and two very old home built Win XP desktops (offline for use with an old Epsom Photo scanner)

        • This reply was modified 4 months, 2 weeks ago by analogkid.
        • #2210314 Reply
          PKCano
          Da Boss

          I made sure I had the SSU necessary installed which I already did way back when as I did installed the Group Jan update prior to buying 0patch subscription.

          You can’t have installed the March SSU back in Jan. SSU KB4550735 was just released Mar. 10th. It needs to be in the folder with the Mar Group B updates KB4541500 SO and KB4540671 IE11 CU.

          • #2210321 Reply
            analogkid
            AskWoody Plus

            OK, so I need to skip the Feb SO updates and instead download the March SO updates instead?

            I had just figured I would installed the Feb updates as we are still on DefCon 2 with the March updates.

            Thanks PK. I may still have to wait until my IT brother visits  and let him do it so he can show me in person. Who knows how long that will be though

            I feel so stupid when it comes to this “stuff”

            Also what I meant is that I have installed already the two prior SSU’s. I checked my installed updates just to be sure and they are listed.

            "An analog kid in a digital world"

            Win7 Ultimate home built desktop Running 0patch Pro

            Win 8.1 desktop and two 8.1 laptops

            Win 10 Dell desktop (took the plunge)

            and two very old home built Win XP desktops (offline for use with an old Epsom Photo scanner)

            • This reply was modified 4 months, 2 weeks ago by analogkid.
            • This reply was modified 4 months, 2 weeks ago by analogkid.
            • #2210327 Reply
              PKCano
              Da Boss

              You need the Feb and Mar SO (KB4537813 and KB4541500).
              You need the Mar IE11 CU (KB4540671).
              You need the Mar SSU KB4550735
              All of them in the folder with the script

              3 users thanked author for this post.
      • #2210343 Reply
        Elly
        AskWoody MVP

        I feel so stupid when it comes to this “stuff”

        From a non-techy who is attempting to embrace tech- you aren’t stupid. You are asking questions, learning the terminology, and applying it to your personal situation. Pretty darn smart, if you ask me!

        And the more you hang around here, the more you will learn… and the more it will make sense.

        Also, the more you know, the better you can converse with your IT brother… if tech can improve your bonding… so much the better!

        Just know that if you follow PKCano’s instructions, it will do what you want it to do… always works for me!

        Non-techy Win 10 Pro and Linux Mint experimenter

        3 users thanked author for this post.
      • #2210352 Reply
        RDRguy
        AskWoody Lounger

        Finally took the plunge and converted two fully up-to-date non-ESU Win7 “Group B” test systems to “Group A” by first installing KB4534310 (2020-01 Monthly Quality Rollup) then KB4536952 (2020-01 SSU).

        After successful reboot, used @abbodi86‘s automated batch script to install the following ESU updates:

        2020-02 – KB4537829 (Feb SSU)
        2020-03 – KB4550735 (Mar SSU)
        2020-02 – KB4537820 (Feb Monthly Quality Rollup)
        2020-03 – KB4540688 (Mar Monthly Quality Rollup)

        ESU batch script processed both SSUs first then both Monthly Rollups successfully.

        After reboot, the installed updates (via the control panel) listed both SSUs & the Mar Rollup as installed. As expected, the Feb Rollup was not installed due to supersession by the Mar Rollup. A subsequent Windows Update found only the March 2020 MSRT.

        Afterwards, performed a couple of Windows Update offline scans via the Microsoft Baseline Security Analyzer (MBSA) tool using the current wsusscn2.cab file.

        As the MBSA tool is no longer available for download as described here, I also performed additional offline scans via Powershell using a .vbs script found here and a .ps1 script found here.

        MBSA and both Powershell offline scan scripts indicate the following updates are still missing:

        2019-10 – KB4519108 (DST changes for Norfolk Island and Fiji Island)
        2020-02 – KB4538483 (ESU Licensing Preparation Package)

        Interesting that KB4519108 is found via offline scanning but not via the normal WU scan since it’s pre-ESU, it’s not installed & it’s not hidden. No real concerns about the DST update as I don’t live on Norfolk or Fiji Islands.

        But, have a question for @abbodi86 and/or other AskWoody_MVPs in the know concerning KB4538483 …

        Should non-ESU Win7 updaters now in “Group ABS” (Abbodi86’s Batch Script) be concerned about the missing ESU Licensing Prep Package KB4538483 on non-ESU systems being patched with ESU updates?

        Win7 - PRO & Ultimate, x64 & x86
        Win8.1 - PRO, x64 & x86
        Groups A, B & ABS

        3 users thanked author for this post.
        • #2210371 Reply
          abbodi86
          AskWoody_MVP

          KB4538483 is solely ment for actived ESU-license customers to recieve ESU updates via WU.
          no other purpose for non-ESU users, and the update contents are already included in the Monthly Rollup.

          now if you installed it and checked wsusscn2.cab again, it will still not show ESU updates (installed or not)
          because WU engine check the status of active ESU license before it show the updates

          3 users thanked author for this post.
          • #2210380 Reply
            RDRguy
            AskWoody Lounger

            @abbodi86

            Thanks, I kinda figured that but just had to ask if NOT having the ESU Prep Pkg Update installed could potentially result in unforeseen problems with having the ESU updates installed in non-ESU systems.

            Win7 - PRO & Ultimate, x64 & x86
            Win8.1 - PRO, x64 & x86
            Groups A, B & ABS

          • #2260555 Reply
            EP
            AskWoody_MVP

            speaking of KB4538483, it got a recent revision this May 2020

            expand the “file information” sections for all supported X86 and X64 versions to see updated files from MS support article 4538483:
            https://support.microsoft.com/help/4538483/

      • #2210365 Reply
        analogkid
        AskWoody Plus

        Wow, I did it!! I kept trying and then recalled that I did something similar years ago with a file named “pciclearstalecache”.

        I surprised myself when I hit the zero key and it began the installation process.

        I waited a long time to reboot and then let it sit another good long time before signing in. Just checked the installed updates and I see four listed with today’s date./

        I am also using 0patch Pro and so far it is working fine.

        WOO HOO

        Thank you to everyone in this thread, PK and of course abbodi.

        BTW, I have been on askwoody site for many, many years as a devoted Group B’er. I decided to join as a Plus Member recently.

        "An analog kid in a digital world"

        Win7 Ultimate home built desktop Running 0patch Pro

        Win 8.1 desktop and two 8.1 laptops

        Win 10 Dell desktop (took the plunge)

        and two very old home built Win XP desktops (offline for use with an old Epsom Photo scanner)

        5 users thanked author for this post.
      • #2210702 Reply
        byteme
        AskWoody Plus

        Win7 Home Premium 64-bit. Group B.

        I just used abbodi86’s .cmd script to install the February Win7 64-bit security-only updates.

        SHA2 support updates KB4490628 and KB4474419 had already been installed on my PC (in April and September, respectively, of 2019).

        I put four files in an otherwise-empty folder: (1) abbodi86’s .cmd file, (2) the Feb. SSU (KB 4537829), (3) the Feb. Win7 SO update (KB 4537813), and (4) the Feb. IE SO update (KB 4537767).

        Then I right-clicked on the .cmd file, chose Run as Administrator, and hit 0 in response to the opening menu.

        The process took just about exactly 30 minutes. Then I rebooted, and then I ran (as Administrator) the RunOnce anti-telemetry file that the .cmd script had deposited on my desktop.

        Everything seems fine, I thank abbodi86 for his assistance, and I plan to do the March updates the same way (when their time has come).

        5 users thanked author for this post.
      • #2211481 Reply
        anonymous
        Guest

        At first:  To abbodie, many thanks for your tool !

        A question:
        I use the Group A scenario with rollups.
        And I want to know, if I don’t update for many months,
        can I restart the updates from the most recent month rollup ?
        Skipping all the months in between ?

        Thanks
        Frankie

        • #2211492 Reply
          PKCano
          Da Boss

          And I want to know, if I don’t update for many months, can I restart the updates from the most recent month rollup ? Skipping all the months in between ?

          Technically, and in normal circumstances, the answer would be Yes, since Group A Rollups are cumulative.
          BUT:
          + There is no guarantee that @abbodi86 ‘s script will work next month, or the month after. Microsoft may put another roadblock in the works. They won’t be happy with people getting for free, what they are charging subscription fees for.
          + There will probably be other qualifying installs, like the SSU changing.

          As long as things stay like they are, skipping monthly patches may work. But who knows??

          1 user thanked author for this post.
          • #2211520 Reply
            Frankie
            AskWoody Lounger

            Thanks PKCano,

            I should have said:  “if I DIDNT update for many months” for the lasts months.
            So I will update my others PCs rapidly!

            Frankie

             

            • #2211525 Reply
              PKCano
              Da Boss

              Be sure you have the prerequisites installed – listed above.

      • #2211750 Reply
        anonymous
        Guest

        I have already installed the SHA2 support updates KB4490628 and KB4474419  since the time of their release (more or less). Today, I have followed the advice of PKCano in #2210327 above. After rebooting, the four new updates are now listed in my “installed updates” and everything seems to work fine up to now.

        System: Win7 x64 Ultimate and “Group B”.

        Note: “RunOnce_W10_Telemetry_Tasks.cmd” did not appear, probably because I have already set the script “W10Tel.cmd” to run on startup as a scheduled task. No additional telemetry related tasks or services have shown.

        Many thanks to abbodi86 for the scripts he provides and the people in this forum offering their knowledge.

        Tryfonas

        1 user thanked author for this post.
      • #2211818 Reply
        Moonbear
        AskWoody Lounger

        How does this script work with the Group A rollups?

        I didn’t think you could use the rollups with the script since they aren’t individually downloaded files. Or is there another way to get the rollups besides Windows Update?

        • #2211820 Reply
          PKCano
          Da Boss

          You can download the Rollups from the MS Update Catalog. Enter the KB number without the “KB” (just the numerical part) and download the one that is right for your OS version and bitedness.

          Or you could use one of the download managers WUMgr, Sledghammer, etc.

      • #2211823 Reply
        Moonbear
        AskWoody Lounger

        Thanks, @PKcano

        I didn’t realize you could get the rollups from the update catalog.

        So I would need to download 4540688 and 4550735?

        • This reply was modified 4 months, 2 weeks ago by Moonbear.
      • #2211829 Reply
        Mcinwwl
        Guest

        Hi, I used the script to install updates for Windows 7 and internet explorer, and I noticed two side effects:

        1. after restarting, I got prompted to wait when Windows applies updates (obvious). When it ended, PC rebooted itself… and hang on black screen. Not even Bios was initiated.
          yuck… why? This is the first occurrence of such misbehaviour in 4-years lifespan of this machine… After another reset, PC booted as usually.
        2. i was offered KB3118401 update. It was purposedly not-installed and hidden due to potential connection with M$ snooping, as listed in: https://msfn.org/board/topic/173752-how-to-avoid-being-upgraded-to-win-10-against-your-will/?tab=comments#comment-1097746
        • #2211834 Reply
          PKCano
          Da Boss

          Did you have the prerequisites (KB4490628 and KB4474419) installed first?
          Did you include the required Servicing Stack KB4550735?

          KB3118401 is an update for Universal C Runtime. The MS pages say:

          The Windows 10 Universal CRT is a Windows operating system component that enables CRT functionality on the Windows operating system. This update allows Windows desktop applications that depend on the Windows 10 Universal CRT release to run on earlier Windows operating systems

          • #2211835 Reply
            Mcinwwl
            AskWoody Lounger

            Servicing stack was applied, following the readme script should recognize it and install before other updates, right?

            Prequisites were installed, I checked using powershell’s get-hotfix.

            KB3118401 do not look like a necessary prequisite. However, if you think it should not be considered part of microsoft snoopware, I will inform original thread author from MSFN to remove it from the list.

            PS past post is mine… you took me by suprise, I have never ever used forum where one can comment as a guest 🙂

      • #2212103 Reply
        Mattchu
        AskWoody Lounger

        Just wanted to join to say a big thank you to aboddi86 & PKcano especially for the creation of this and the help supplied to various people.

        Just so Im clear, I dont use Windows 7 much anymore but do have a few boxes that its on, my old man however does still use it and I want to get him up to date. I think group A is the way I`ll go. So Ive checked the prerequisites KB4490628 and KB4474419 installed, Jan SSU [KB4531786] installed, everything done until EOL.

        Downloaded the March CU [KB4540688] and the latest SSU [KB4550735] and placed them in the same folder as the extracted W7ESUI.cmd [as picture]

        Now it should be a case of right click W7ESUI.cmd and “run as administrator”? I don`t need the February CU [KB4537820] or any other SSU?

        Cheers

         

        • #2212106 Reply
          PKCano
          Da Boss

          Now it should be a case of right click W7ESUI.cmd and “run as administrator”? I don`t need the February CU [KB4537820] or any other SSU?

          That’s correct.
          After the reboot, if it asks for one, run the RunOnce_W10_Telemetry_Tasks.cmd if it appears on your desktop to eliminate the telemetry.

          • #2212110 Reply
            Mattchu
            AskWoody Lounger

            Cheers PKCano, much appreciated I`ll post back with the results, just doing the first test box now 🙂

      • #2212171 Reply
        maisy2
        AskWoody Plus

        I didn’t know if it was good or bad, but I too thought Rollups were better at the EOL era after being strictly security-only all these years.
        Foldered: W7ESUI.cmd / KB4550735 March SSU / KB4537820 (Feb Monthly Quality Rollup)

        Everything purposefully disabled in task scheduler was untouched after the Rollup install.
        – or was it the Telemetry neutralize tweaks?:)
        So nothing changed, although, the Installed Updates window got a clean-up albeit for a load of Microsoft .Net Frameworks; but comforting to find you can find old security-only numbers and older ssu’s if you place what you’re looking for in the upper corner search.

        I hope the coming month will still allow theW7ESUI, SSU & March rollup combo to install through this brilliant development.
        The ReadMe has’# for offline integration’; I had disabled WU and didn’t go offline, # for offline integration meant for the desktop RunOnce_W10_Telemetry_Tasks.cmd but was too hasty to take this into account – I shall do it offline if i get to install again next month.

        Thanks to Creator of this, and wonderful and educational to read the poster’s questions and results on here. Big thank you.

        • This reply was modified 4 months, 2 weeks ago by maisy2.
        1 user thanked author for this post.
        • #2214165 Reply
          maisy2
          AskWoody Plus

          Grateful I got to install the March rollup too now that it’s April.😊 In a roundabout way this is great as I’ve finally found that the new rollup does immediately overwrite the previous month’s rollup in the Update history. – it’s no more, gone even in searching for it at the top corner. I’ve been unsure of this in updating my reset win 8.1 laptop since the start of the year. I wasn’t sure rollups overwrite instantly after new updates. This fact couldn’t be found online, leaving me wondering if my pc was malfunctioning. And it did not help that I find Ms Mvp saying in a slightly older MS answer forum that if it’s not in the Update history opposed to the Windows history that it is not installed.
          Sorry for my long-windedness but I wish there was a written notation by MS to affirm this. All this for being new to cumulative rollups.😌
          The Update history that was thought to be cleaned-up has reappeared whole again as well. So glad I got to do this in two parts. Thank you.

          • #2214170 Reply
            PKCano
            Da Boss

            Rollups are CUMULATIVE. That means the later one contains the one(s) before. SO, once the March Rollup is installed it would be redundant to have the Fem also listed b/c it is contained in the Mar Rollup. So the Feb, Jan, Dec, Nov…. Rollups are no longer listed.

            1 user thanked author for this post.
            • #2214185 Reply
              maisy2
              AskWoody Plus

              Oh yes that line of thought always made sense, but checking successful installs of many, many security patches on a new laptop produced confusion, especially reference to this pre-2016 answer made it worse. Thank you so much, one less worry for sure.😊

      • #2212231 Reply
        abbodi86
        AskWoody_MVP

        @Mcinwwl
        Universal C Runtime (KB3118401 or KB2999226) is part of VC++ 2015-2019 redistributable, which is used by Office 2016 and later, Firefox, Edge Chromium and others

        while most of them bundle it locally, it’s best practice to have it globally installed
        and it has nothing to do with telemetry or snooping

      • #2212235 Reply
        Moonbear
        AskWoody Lounger

        Windows 7 Home Group A

        March SSU and March SMQ rollup installed with no issues

        @abbodi86‘s script works like a dream.

        This was undoubtedly the smoothest update cycle I’ve ever done on a Windows system.

        3 users thanked author for this post.
        • #2277199 Reply
          MrChaz
          AskWoody Lounger

          I’m intrigued now, our trusty Windows 7 Pro 32bit is patched up to the end of january 2020 running with a third party antivirus avira. Would it be advisable to disconnect from the internet and disable the antivirus before attempting this to avoid any security interference?

          I would image the system before attempting as a keeper for the future.

          illegitimi Non Carborundum
          • #2277215 Reply
            PKCano
            Da Boss

            Disconnecting from the Internet is OK after you download the updates from the Catalog. Be sure you have either 1. all Security-only updates plus the latest IE11 CU (see AKB2000003) or 2. the latest Rollup. You will also need the latest Servicing Stack.

            Disabling the AV is probably not necessary if it hasn’t given you any problems with updating in the past. But it certainly wouldn’t hurt to do it.

          • #2277415 Reply
            Paul T
            AskWoody MVP

            There is no point disconnecting as you are not turning off your standard protections.
            Turning off AV for the duration doesn’t mean your machine will rush off to download a bunch of bad files, unless you tell it to. 🙂

            cheers, Paul

            1 user thanked author for this post.
          • #2280070 Reply
            MrChaz
            AskWoody Lounger

            Feedback: Downloaded respective kb’s for my system from the catalog and disconnected from the internet. I then disabled the AV and other security measures and continued to carried out the whole procedure as instructed above by abbodi86. (May) SSU and dotnet security patch, (June) monthly security and quality patch and SSU

            Thank you sir, my reliable and trusty windows 7 lives on until hardware or MS decides.

            illegitimi Non Carborundum
            1 user thanked author for this post.
      • #2212735 Reply
        anonymous
        Guest

        Hi,

        I have been installing the monthly roll-ups, the last updates I see when checking for updates with WU, is the 01-2020 monthly preview.

        So I understand I only need the latest march monthly roll-up and SSU, but what about the security roll-up for .NET, is that no longer being updated?

        Thanks

      • #2212854 Reply
        abbodi86
        AskWoody_MVP

        It will be updated when .NET need security fixes

        after January, all .NET updates (for other Windows) were non-security

        1 user thanked author for this post.
        KP
      • #2213311 Reply
        HanJohnJo
        AskWoody Plus

        I might have missed something, for sure. But we are now in April and the MS-defcon for the March updates is still at 2 but I can’t see the reason, at least for Win 7.  After almost one month patch reliability is still unclear? Maybe now MS-defcon applies only to Win 10 updates.

        Frangar non flectar

        • #2213313 Reply
          Paul T
          AskWoody MVP

          Defcon applies to all versions, but individual advice is provided for each version.

          cheers, Paul

          1 user thanked author for this post.
      • #2213316 Reply
        anonymous
        Guest

        Win7 ult x64 updated normally via WU, last update 3 updates were:
        Windows Malicious Software Removal Tool x64 – February 2020 (KB890830)
        2020-01 Servicing Stack Update for Windows 7 for x64-based Systems (KB4536952)
        2020-01 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4534310)

        I have extracted W7ESUI zip into a folder, along with the following files:
        windows6.1-kb4550735-x64_18117664b4a0482c3d34a2f05f70c6819296240f
        windows6.1-kb4540688-x64_70ad29faea4602dfa5c3159350afe6ec86e87e52

        I ran the cmd as admin, and it detected the files.

        It installed kb4550735, but it didnt prompt for restart, it just said “finished” and I had to press 9 and then manually restarted.
        I checked installed updates after restart and kb4550735 was there.

        I then did the same again, it extracted the kb4540688 cab, but then it finished stating ” All applicable updates are detected as installed”

        I tried also with the Feb SSU and Monthly rollup, but same thing.

        I did install the first SSU kb4550735 while the internet was disabled, but when installing the rollup the net was enabled, would that have anything to do with it?

        Also, just a note, would it be possible to not auto delete the extracted cab file or an prompt, as I tried many times, and each time it had to extract again.

        thanks.

        • #2213321 Reply
          PKCano
          Da Boss

          Did you have the prerequisites (KB4490628 and KB4474419) installed first?

        • #2213327 Reply
          abbodi86
          AskWoody_MVP

          The cab and temporary files are extracted to randomly-named temporary folder
          they cannot be preserved for later usage

          are you sure kb4540688 is not already installed?
          did you verify the integrity of downloaded msu file?

      • #2213430 Reply
        Douglas
        AskWoody Plus

        I am a Win7 x64 Pro Group B user. I just finished using the script to install the March updates, KB4540671 and KB4541500. Everything seemed to run fine. It reported both installs were 100% successful.

        However, just before it started removing the temporary files and asking me to press 9, it gave me the following message:

        ==== Error ====
        Windows6.1-KB4541500-x64 require SSU version 6.1.7601.24548

        Is that the servicing stack update KB4550735 that is also a March ESU-only update? I restarted and everything seems to be running just fine. But should I also download that update and use the script to install it?

        Thank you.

        • #2213434 Reply
          PKCano
          Da Boss

          KB4540671 is the IE11 Cumulative Update.
          KB4541500 is the Security-only Update

          You need to install the Servicing Stack KB4550735, which is REQUIRED. That must also be in the folder with the other updates.

          • #2213439 Reply
            Douglas
            AskWoody Plus

            Should I rerun the script with all 3 in the folder, or would it be okay with just KB4550735?

            Thanks.

            • #2213466 Reply
              PKCano
              Da Boss

              I’d put all three there just to be sure.
              It’s supposed to install the SSU first.

              1 user thanked author for this post.
      • #2213490 Reply
        honx
        AskWoody Lounger

        since we’re on defcon 3 now, do we already know if it’s “safe” to install esu updates using this script (without paid license)? or will windows 7 be not activated/”pirated” at some point in the future? i read something like this, so i’d rather ask before doing anything.

        PC: Windows 7 Ultimate, 64bit, Group B
        Notebook: Windows 8.1, 64bit, Group B

      • #2213514 Reply
        You.Are.Ah.Toyyyyy
        AskWoody Lounger

        Did you have the prerequisites (KB4490628 and KB4474419) installed first?

        I went into installed updates and found both of them:
        Update for Microsoft Windows (KB4490628)  Installed 21/03/2019
        Security Update for Microsoft Windows ( KB4474419 ) Installed on 19/09/2019

        The cab and temporary files are extracted to randomly-named temporary folder
        they cannot be preserved for later usage

        are you sure kb4540688 is not already installed?
        did you verify the integrity of downloaded msu file?

        Just checking Installed updates again.
        kb4550735 is there and also kb4537829, so the Feb ssu seems to have installed. But the rollups aren’t installing.

        windows6.1-kb4540688-x64_70ad29faea4602dfa5c3159350afe6ec86e87e52.msu
        sha512: D10FCB521D406564DBE2BFCA78BE9E0D95E22998A57EF204A02DE03CDF64619D3B210694F15CA351C89C39D3E992E0DB80E0C2B6AD3963395E0498D856ED5468

        windows6.1-kb4537820-x64_3ee2a66a320dfe4eea2bda70bf9b5471b014f2a3.msu
        sha512: F5ABF6072C73ECAD556F83F90778A04469785B5365B4941115FA8EEB76455189E550750361A239FB13AA9E7C3D1D8F5DA3CD6A1A5270B3038E9BDD934CB44FE1

        BTW, windows update is still popping up showing me updates to install:
        Windows Malicious Software Removal Tool x64 – March 2020 (KB890830)
        2020-01 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4539601)

        thanks again.

      • #2213569 Reply
        You.Are.Ah.Toyyyyy
        AskWoody Lounger

        After checking the AV and other things that might be interfering, I tried again and it still gave the message “All applicable updates are detected as installed”.

        So I looked over the readme a few more times, and thought I had better double check the storage space.  It was low, but I wasn’t sure how much space the final extracted files took, so I deleted some files to meet the recommended 10gb free space.

        After trying once more, it finally worked, and the installation completed and the update was visible in the Installed Updates list.

        Is there maybe a way to alert that there wasn’t enough storage when extracting the files during installation?  Because at the moment, even though it seems all the files were not successfully extracted, the final message was simply no update was necessary.

      • #2213602 Reply
        Cybertooth
        AskWoody Plus

        Shortly (~45 sec.) after running the script for the February patch batch, Bit Defender popped up an alert:

        CMD

        False positive? Unrelated coincidence?

         

        Attachments:
      • #2213632 Reply
        Paul T
        AskWoody MVP

        BD is looking for activities that change Windows itself and that is exactly what the script does, so the report is correct. You can safely ignore the warning because you want Windows changed.

        cheers, Paul

        2 users thanked author for this post.
      • #2213719 Reply
        EP
        AskWoody_MVP

        Shortly (~45 sec.) after running the script for the February patch batch, Bit Defender popped up an alert:

        CMD

        False positive? Unrelated coincidence?

         

        add the script to “exclusion” or Ignore list in BitDefender

        1 user thanked author for this post.
        • #2242782 Reply
          anonymous
          Guest

          How does the script W7ESUI.cmd  get added to “exclusions” in BitDefender?  No matter how I try to enter it I get an “Invalid Path” message.

          • #2242837 Reply
            Cybertooth
            AskWoody Plus

            To do this, open Settings in the BitDefender window (it’s the cog wheel at top right), then in the drop-down menu select Exclusions. From there, click on Add Exclusion and navigate to the file/folder that you want to exclude, and select it.

            That’s it!

             

            • #2242879 Reply
              anonymous
              Guest

              I got it to add but it looks like this w7esui[1].cmd.  Where did the [1] come from and what is it doing there?  Is it OK that way?

              • #2242881 Reply
                Cybertooth
                AskWoody Plus

                That suggests that you’ve ended up with two copies of that .CMD file in the same folder. For example, if you have a file called baberuth.jpg in your Downloads folder, and then from a USB flash drive you copy a file called baberuth.jpg onto the same Downloads folder, the file that you just copied over will have that “[1]” added to its file name so that you can tell it apart from the one you already had.

                Look for the folder(s) where you’re storing the files w7esui.cmd and w7esui[1].cmd. You should discover that you have a copy of each in the same folder somewhere.

                 

              • #2252964 Reply
                anonymous
                Guest

                You are very good at explaining things in a way that even I can understand.  Thank you.

                1 user thanked author for this post.
      • #2213721 Reply
        EP
        AskWoody_MVP

        Did you have the prerequisites (KB4490628 and KB4474419) installed first?

        I went into installed updates and found both of them:
        Update for Microsoft Windows (KB4490628)  Installed 21/03/2019
        Security Update for Microsoft Windows ( KB4474419 ) Installed on 19/09/2019

        The cab and temporary files are extracted to randomly-named temporary folder
        they cannot be preserved for later usage

        are you sure kb4540688 is not already installed?
        did you verify the integrity of downloaded msu file?

        Just checking Installed updates again.
        kb4550735 is there and also kb4537829, so the Feb ssu seems to have installed. But the rollups aren’t installing.

        windows6.1-kb4540688-x64_70ad29faea4602dfa5c3159350afe6ec86e87e52.msu
        sha512: D10FCB521D406564DBE2BFCA78BE9E0D95E22998A57EF204A02DE03CDF64619D3B210694F15CA351C89C39D3E992E0DB80E0C2B6AD3963395E0498D856ED5468

        windows6.1-kb4537820-x64_3ee2a66a320dfe4eea2bda70bf9b5471b014f2a3.msu
        sha512: F5ABF6072C73ECAD556F83F90778A04469785B5365B4941115FA8EEB76455189E550750361A239FB13AA9E7C3D1D8F5DA3CD6A1A5270B3038E9BDD934CB44FE1

        BTW, windows update is still popping up showing me updates to install:
        Windows Malicious Software Removal Tool x64 – March 2020 (KB890830)
        2020-01 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4539601)

        thanks again.

        install the KB4539601 rollup first.

        Jan. 2020 rollups (either KB4534310 or KB4539601) are also required before installing any new ESU based updates from Feb. 2020 and later

      • #2213810 Reply
        abbodi86
        AskWoody_MVP

        Neither KB4539601 or kb4537820 are needed, March rollup kb4540688 is enough

        @You.Are.Ah.Toyyyyy
        the numbers/letters before .msu extension are SHA1 hash, you should verify against that

      • #2213962 Reply
        You.Are.Ah.Toyyyyy
        AskWoody Lounger

        I already posted an update yesterday a few posts up, thanks.

        1 user thanked author for this post.
      • #2214174 Reply
        Chriski
        AskWoody Plus

        I have 3 Win 7 laptops I have been keeping up to date. I used this wonderful script on two of them, and it went without a hitch. I moved onto the 3rd today with full confidence…

        I have also been venturing into win7/kubuntu dual boot territory because of  the online implications of using win 7 for important things. This 3rd machine is the dual boot machine and my guess is that is why the update try went awry.

        The cmd file displays a line about a “patchable module etc.” and then exits. Opening up a cmd window as admin and executing the script yields the same start and an exit with “syntax of the command is incorrect.” I edited the cmd file, turned of echo, and turned on debug, but my capability with command files is limited and quite rusty.

        I fear this is a very lot to ask, but I was hoping that after a quick look (it doesn’t take long to exit) you might be able to suggest something simple that might help the script to get on it’s way.

        Or a simple answer (understandably) is that my situation is beyond the scope of the original design intent, and is not worth the time and effort.

        Thanks in advance,

        Chris

        Attachments:
        • #2223045 Reply
          davinci953
          AskWoody Plus

          The same thing is happening on my Windows 7 system. The command window opens, indicates that “Patchable module found: C:\Windows\system32\GDI32.dll with hash 4dd319b1e6b8a09d121ad669dbcbab95bacad64e”, and then closes. February updates ran as expected, and I have the March SSU installed, but I can’t get it to work with the March updates (security only).

      • #2223229 Reply
        abbodi86
        AskWoody_MVP

        Are you using 0patch?
        https://0patch.zendesk.com/hc/en-us/articles/360012826660–Patchable-module-found-string-appears-in-console-based-applications

        you don’t really need W7ESUI.ini for live os installation, so just delete it and try again

        for some reason, the script fail to set the required variables correctly because of W7ESUI.ini presence
        so it error and exit before doing anything

        • This reply was modified 4 months, 1 week ago by abbodi86.
        • This reply was modified 4 months, 1 week ago by abbodi86.
        • This reply was modified 4 months, 1 week ago by abbodi86.
        2 users thanked author for this post.
        • #2223290 Reply
          Chriski
          AskWoody Plus

          Are you using 0patch?
          https://0patch.zendesk.com/hc/en-us/articles/360012826660–Patchable-module-found-string-appears-in-console-based-applications

          you don’t really need W7ESUI.ini for live os installation, so just delete it and try again

          for some reason, the script fail to set the required variables correctly because of W7ESUI.ini presence
          so it error and exit before doing anything

          • This reply was modified 4 months, 1 week ago by abbodi86.
          • This reply was modified 4 months, 1 week ago by abbodi86.
          • This reply was modified 4 months, 1 week ago by abbodi86.

          I (of the 3 Win 7 laptops above) AM using 0patch. A study of running them together via this thread and 0patch lead me to conclude it would probably be ok, and I tried 0patch on the 3 machines first.

          Anyway, got rid of the .ini file, and the script is running and chugging along right now. Thanks for your help.

          (NB: I did NOT remove the ini file on the other 2 laptops, and the script ran fine. They also have 0patch. Also the “patchable module” message was gone on the latest one — 0patch probably updated. I saw a note to that effect.)

          Chris

          • #2223339 Reply
            Chriski
            AskWoody Plus

            abbodi’s suspicion that 0patch had a tie in to the script erroring out was right on.

            I circled back (out of curiosity) and put the ini file back in with the cmd script, and with 0patch now fixed (according to the link posted above from 0patch.zendesk), the script runs through to asking to proceed or exit, which is past where the problem was occuring.

            You are truly a wizard, sir!

            Thanks for all you do.

            Chris

            3 users thanked author for this post.
        • #2223319 Reply
          davinci953
          AskWoody Plus

          I deleted the ini file, and the script ran as expected. Thank you much. I have 0patch installed on the system, but it’s not active. That’s probably the reason the fix didn’t get installed.

          1 user thanked author for this post.
      • #2223870 Reply
        anonymous
        Guest

        I just downloaded W7ESUI and the March Cumulative Update (KB4540688).  I assume I do not need to install the February Cumulative Update first.

        Do I need to install Service Stack Updates?

        If I will need SSIs, how do I find out which ones I need?

         

        • #2223872 Reply
          PKCano
          Da Boss

          You need the Servicing Stack for March.
          If you read through this thread you will find the information you need.
          You should also read @abbodi86 ‘s ReadMe file.

          • #2224054 Reply
            anonymous
            Guest

            The script said it installed

            KB4537828 – Feb SSU

            KB4550735 – Mar SSU

            KB4537820 – Feb Monthly and

            KB4540688 – Mar Monthly in that order

            But KB4537820 – Feb Monthly does not show up as installed in Windows Update?

            The other three are there.

            • #2224058 Reply
              PKCano
              Da Boss

              Monthly Rollups are CUMULATIVE.
              By definition, Mar Rollup KB4540688 contains Feb Rollup KB4537820 and the preceding Rollups from Jan, Dec, Nov, etc, So it is no longer necessary to list the older Rollups (it would be redundant).

              • #2224091 Reply
                anonymous
                Guest

                Thanks much for all the help you give to me and everyone.

        • #2224092 Reply
          KP
          AskWoody Plus

          On one PC I run and installed successfully

          KB4550735 – Mar SSU
          KB4540688 – Mar Monthly

          in that order. There was no need to install the Feb SSU or Feb Monthly Rollup.

          • This reply was modified 4 months ago by KP.
      • #2224095 Reply
        KP
        AskWoody Plus

        0x800f081f – solution if this helps someone.

        First, thanks to @abbodi86 for the 5-star W7ESUI.cmd .

        This came about, installing patches in this order:
        2020-02 Service Stack Update – KB4537829
        2020-02 Monthly Rollup – KB4537820
        2020-03 Service Stack Update – KB4550735
        2020-03 Monthly Rollup – KB4540688

        (I know I did not need to run the February SSU and February Monthly Rollup, but I did it as an experiment.)

        You can see it failed on the 2020-03 Monthly Rollup – KB4540688 {Failed 0x800f081f(1).PNG}

        I let Windows Update run and you can see, it installed:
        .NET 4.8 KB4503548
        Windows 7 Update KB2952664
        2019-07 Windows 7 Update KB4493132

        {WindowsUpdates for W7ESUI.PNG}

        The last two are Telemetry
        KB2952664 – see AKB2000004, AKB2000007
        KB4493132 – see AKB2000003

        My guess is that .NET 4.8 (KB4503575) allowed KB4540688 (2020-03 Monthly Rollup) to succeed using W7ESUI. This you can see in the Program&Features picture{Program&Features.PNG}.

        oddities:
        1) .NET 4.8 shows up as KB4503548 in Windows Update and as KB4503575 in Program&Features
        2) KB4537820 (2020-02 Monthly Rollup) is missing in the Program&Features listing, as noted in previous posts.

        After you get the March patches installed, you can remove the Telemetry in the following order (or not install them in the first place):

        KB4493132

        KB2952664

         

        Failed-0x800f081f1

        WindowsUpdates-for-W7ESUI

        ProgramFeatures

        • This reply was modified 4 months ago by KP.
        • This reply was modified 4 months ago by KP.
        • This reply was modified 4 months ago by KP.
        Attachments:
        2 users thanked author for this post.
      • #2241397 Reply
        Mattchu
        AskWoody Lounger

        Just wanted to confirm the April updates installed 🙂

        April

        Attachments:
        2 users thanked author for this post.
        • #2241426 Reply
          PKCano
          Da Boss

          You also need the SSU KB4550738

          • #2241446 Reply
            Mattchu
            AskWoody Lounger

            Cheers bud, didnt know there was an SSU update this month…

            p.s. They installed fine without it anyway.

            p.p.s. Installed now on 2 boxes 🙂

            • This reply was modified 3 months, 4 weeks ago by Mattchu.
            • This reply was modified 3 months, 4 weeks ago by Mattchu.
            1 user thanked author for this post.
            KP
            • #2241608 Reply
              anonymous
              Guest

              I am on Windows 7 Home Premium 32 bit. I successfully installed SSU KB4550738 with the script and rebooted. Then I successfully installed the April 14, 2020 rollup—KB4550964. What’s weird is it did not ask me to reboot the system after installing the rollup. I checked installed updates and KB4550964 was listed. I rebooted anyway and my machine simply rebooted without configuring updates. This KB includes kernel updates so how could this install without configuring on a reboot?

      • #2241642 Reply
        EP
        AskWoody_MVP

        just to let folks know that there’s an 0.2 version of the script available several days ago from here

        (in case the very 1st post can’t be updated to point out the newest version)

        3 users thanked author for this post.
        • #2241663 Reply
          RDRguy
          AskWoody Lounger

          Can anybody comment on what/why it was changed (e.g. bug fixes, new capability, etc) and whether or not we should now be using the updated 0.2 version vs the original 0.1 version?

          Edit: Answered my own question …
          Opened the Changelog contained in the “W7ESUI-ReadMe” file which states …

          – 0.2:
          added support to install SHA2 updates KB4490628 and KB4474419 if detected

          That answers that 🙂

          Win7 - PRO & Ultimate, x64 & x86
          Win8.1 - PRO, x64 & x86
          Groups A, B & ABS

          • This reply was modified 3 months, 4 weeks ago by RDRguy.
        • #2241682 Reply
          abbodi86
          AskWoody_MVP

          I was waiting to confirm that the procedure is still working with April updates, before announcing v.0.2 🙂

          the second version simply add support to install SHA2 support updates, if not already installed
          meaning, put msu files for KB4490628 and KB4474419 along with ESU updates msu files, and the script will install them for you first

          5 users thanked author for this post.
          • #2241685 Reply
            Moonbear
            AskWoody Lounger

            Does that mean we don’t need the 0.2 version if we already have the SHA2 updates installed?

            Or would be a good idea to go ahead and download the newer script anyway?

            • This reply was modified 3 months, 4 weeks ago by Moonbear.
            1 user thanked author for this post.
            • #2241695 Reply
              abbodi86
              AskWoody_MVP

              No urgent need
              but it’s best to use the latest version, no installation needed 🙂

              2 users thanked author for this post.
      • #2242282 Reply
        anonymous
        Guest

        Any urgent need to install the April ESU updates?

        • #2242285 Reply
          PKCano
          Da Boss

          No emergencies at this point. You can wait for DEFCON-3 or above (or whenever you decide to do it).

      • #2242560 Reply
        anonymous
        Guest

        Do Monthly Rollups include updates to IE?  How about .NET Framework?  If I remember correctly .NET Framework were separate updates in Windows Update.

        • #2242570 Reply
          PKCano
          Da Boss

          Rollups include the Security-only updates, the IE11 Cumulative update and the non-security patches.
          .NET updates are not included in the Rollups.

          1 user thanked author for this post.
          • #2242784 Reply
            anonymous
            Guest

            So will .NET updates continue to show up in Windows Update if they are needed?

            1 user thanked author for this post.
            • #2247785 Reply
              EP
              AskWoody_MVP

              only if you have not installed the latest one

              latest .NET rollup for Win7 is KB4535102 (as I said below) before “free” support for Win7 ended in mid-January 2020

      • #2242793 Reply
        PKCano
        Da Boss

        See the “* How to use on live OS:” section in”#2209020 above.
        You should read the instructions (and the ReadMe file too).

        • #2242883 Reply
          anonymous
          Guest

          It says I need these items

          a) if you are Group A user, you need:
          latest Servicing Stack Update
          latest Security Monthly Rollup
          latest .NET rollup

          I see the SSUs that are needed listed in the docs for the Monthly Rollup.  But I can’t find anything on what .NET rollups (latest?) are needed.  Nor do I have any idea on where to find .NET rollups.

          Please excuse my lack of knowledge.

           

      • #2251961 Reply
        anonymous
        Guest

        Confused.  KB4535102 shows as successfully installed 1/24/2020 in update history,  but comes up as “No items match your search.” in Installed Updates.  Of course it does not come up in Windows Update.

        Is it installed or is it not installed?

        Should I pull it from the catalog and try installing it using W7ESUI?

        • #2251965 Reply
          PKCano
          Da Boss

          Look on the MS pages for KB4535102.
          KB4535102 is a .NET Rollup composed of a bundle of individual patches for each of the versions of .NET
          The Rollup’s KB number will not show up in Installed Updates, but any of the individual patches that were installed will be listed.
          Look under the section “Additional information about this update.” If any of those KB numbers show in Installed Updates, those are the version(s) of .NET installed on your computer that received updates.

          1 user thanked author for this post.
          • #2252014 Reply
            anonymous
            Guest

            KB4532945 shows in installed updates.  Now I can stop being concerned about this. Thank you.

      • #2255853 Reply
        glnz
        AskWoody Plus

        It’s April 27.  Is this still working?  Thanks,

        • #2255855 Reply
          PKCano
          Da Boss

          The script and instructions were revised for the April updates.

      • #2255873 Reply
        glnz
        AskWoody Plus

        PKCano – what would we do without you?  What is Defcon for the April updates for Win 7 Pro 64-bit?

        • #2255874 Reply
          PKCano
          Da Boss

          The DEFCON number displayed at the top of the site applies to ALL versions of WIndows. Current month = April

      • #2257425 Reply
        anonymous
        Guest

        Hi,
        May be I am actually a dim person but I can’t work out from the instructions for th Stand alone script for Win7 ESU.

        No problem with downloading the W7ESUI.cmd and W7ESUI.ini, the next part is where I fail. . . . .   what exactly does place W7ESUI.cmd next to the download files mean?
        Put them all in a new folder?
        I tried that and nothing happened. So I tried entering the Windows 7 update file location in  2] select updates location in the command window and the returned message is ‘specified location is not valid’.
        The update is in a folder on the C: drive –  c:\win7sp1_esu\Win7SP1-kb4550964-x86

        Any advice, suggestion, instruction would be most welcome.

        Many thanks.

        • #2257453 Reply
          PKCano
          Da Boss

          what exactly does place W7ESUI.cmd next to the download files mean? Put them all in a new folder?

          Yes, everything in the same folder then execute the script.

          • #2257491 Reply
            Gordski
            AskWoody Plus

            Yes, and I already did that to no avail. Does it not need me to enter the location of the update at line 2] of the script. But when I do that it doesn’t accept the location of the Windows7 update file, as I pointed out in the previous post (please refer back to it).

            Any other suggestions?

            Thank you and best regards,
            Gordon

            • #2257497 Reply
              PKCano
              Da Boss

              Extract W7ESUI.cmd from the zip file, or extract the whole zip file

              Copy or move W7ESUI.cmd and place it next to (in the same folder as) the downloaded msu files
              ini file W7ESUI.ini is not really necessary in this case

              Right-click on W7ESUI.cmd and “Run as administrator

              If all goes well, you should get cmd window

              Now press the zero 0 number on keyboard to start the process

              At the end, restart the system if prompted

              • #2257520 Reply
                Cybertooth
                AskWoody Plus

                The wording about placing the CMD file “next to” the MSU files has generated more than one question. (I would have been added to the list had I not seen the first time it was posed.) It may help to edit the original instructions to direct the user to place the CMD file in the same folder as the MSU files; that way you won’t have to keep explaining what “next to” means.

                2 users thanked author for this post.
              • #2257583 Reply
                Gordski
                AskWoody Plus

                Problem solved.

                Because I had changed the name of the update slightly the script was not happy with the new name.

                I binned the first update file that I renamed and another original and left it as is, put it in the folder with the  W7ESUI enabler pressed the button and hey-ho it all works.

                (Moral of that saga is don’t mess with stuff unecessarily)

                Thank you me.

      • #2257904 Reply
        Duncan
        AskWoody Plus

        As Windows 7 and Windows Server 2008 R2 are on the same software base, is it possible to use this on Server 2008 R2 ? Any suggestions?

        • #2258246 Reply
          abbodi86
          AskWoody_MVP

          Yes, it will work for Server too

          1 user thanked author for this post.
      • #2258001 Reply
        anonymous
        Guest

        Is W7ESUI_0.2.ZIP the revised script for April?  Thanks.

      • #2258220 Reply
        anonymous
        Guest

        I just installed the March update by following your instruction “Put SSU KB4550735, all the Security-only updates, and the latest IE11 CU KB4540671 in the folder with the script. The script will install the SSU first and then the rest of the updates.”  dated March 22, 2020.

        A big THANK YOU.

      • #2260523 Reply
        honx
        AskWoody Lounger

        i still haven’t installed any post esu-group b windows 7 and ie patches (february, march, april) and that ssu kb4550734. if i decide to risk it this month, will that new script work through all these patches in the right order (including that ssu)?.

        PC: Windows 7 Ultimate, 64bit, Group B
        Notebook: Windows 8.1, 64bit, Group B

        • #2260529 Reply
          PKCano
          Da Boss

          See here and here and here.
          Be sure you have the prerequsites installed (see instructions at the top).
          Put the script .cmd file, the latest SSU (April), the latest IE11 CU, and all SOs (Feb-April) in a folder. See #2257497.
          Right-click and run the .cmd file as Admin.
          Press 0 (zero) to install.
          Wait till it finishes and reboot.

          2 users thanked author for this post.
          • #2260546 Reply
            honx
            AskWoody Lounger

            thx, according to wmic qfe | find “…” both prerequsites kb4490628 and kb4474419 are both installed.

            do we already know if there will be some disadvantages in future if we i go this route inofficially installing post-esu-patches without paying. something like os not “genuine” any more or other shenanigans this kind? i really fear installing these updates!

            PC: Windows 7 Ultimate, 64bit, Group B
            Notebook: Windows 8.1, 64bit, Group B

            • #2260552 Reply
              PKCano
              Da Boss

              So far no problems on mine.
              I’m sure @abbodi86 will handle whatever comes up 🙂

              2 users thanked author for this post.
              • #2261224 Reply
                honx
                AskWoody Lounger

                i just read about another ssu kb4550738 (april). is this covered by the 0.2 script or will it be only subject for future script version (may)?

                if latter i think it’s better to wait until defcon 3 or higher for may to install all missing post-esu-updates and corresponding ssu using that script…

                and will i still need march ssu as well (both ssu in same folder with that script) or only newer one?

                PC: Windows 7 Ultimate, 64bit, Group B
                Notebook: Windows 8.1, 64bit, Group B

                • This reply was modified 3 months ago by honx.
              • #2261228 Reply
                PKCano
                Da Boss

                The 2 script covers all updates to date.
                The list of updates you need is in #2260529.

      • #2261021 Reply
        byteme
        AskWoody Plus

        Win7 Home Premium 64-bit. Group B.

        I just used abbodi86’s .cmd script to install the April Win7 64-bit security-only updates — having previously used it for February (as described in a previous post) and March.

        SHA2 support updates KB4490628 and KB4474419 had already been installed on my PC (in 2019), and I’m helping another Group B-er to install each month’s updates, so I kept things simple and stuck with the original version of the script.

        I put four files in an otherwise-empty folder: (1) abbodi86’s .cmd file, (2) the April SSU (KB 4550738), (3) the April Win7 SO update (KB 4550965), and (4) the April IE SO update (KB 4550905).

        Then I right-clicked on the .cmd file, chose Run as Administrator, and hit 0 in response to the opening menu.

        The script took just under 30 minutes to complete, and I hit 9 at the end (as instructed) to exit.

        Then I restarted Windows (also per the script’s instructions), and it was the usual more involved (“Configuring Windows updates…”) post-updates restart, and it took around 10 minutes.

        Everything seems normal, and I once again thank abbodi86 for his script.

        5 users thanked author for this post.
      • #2261097 Reply
        glnz
        AskWoody Plus

         

        WOW – IT WORKED!

        Now I can update the old 7 machine in my wife’s SOHO.

        THIS IS GREAT!!!

        Will this work again in a month when Woody gives us Defcon 3 for the May updates?

        Thanks to abbodi86 and PKCano for translating some of the details!!!

         

        • This reply was modified 3 months ago by glnz.
        1 user thanked author for this post.
      • #2261131 Reply
        Paul T
        AskWoody MVP

        Will this work again in a month

        No guarantee MS won’t try to plug this gap, but details will be provided here.

        cheers, Paul

      • #2261696 Reply
        Qnu
        AskWoody Lounger

        Will this work again in a month

        No guarantee MS won’t try to plug this gap, but details will be provided here.

        cheers, Paul

        I think the chances are slim to none, how many people use this? A couple hundred? Not really worth the trouble to go out of your way to plug it. Also, the majority of us are using it on HOME PCs, so they are not losing money simply because we can’t even buy it. We “steal” updates we can’t pay for anyway. And Win10 is still for free as far as I know if you have a Win7 key. Correct me if I am wrong. 🙂

        It’s an issue that costs MS money to fix, but gains them 0 money. Almost all business would not bother with this.

        • This reply was modified 3 months ago by Qnu.
        1 user thanked author for this post.
      • #2261944 Reply
        Mattchu
        AskWoody Lounger

        Just to confirm that the May Windows 7 updates have installed using the v2 script on:

        Windows 7 x64 Cumulative and Security.

        Windows 7 x32 Cumulative [will be trying security layer]

        Cheers…

        4 users thanked author for this post.
      • #2262010 Reply
        Qnu
        AskWoody Lounger

        I am on March ESU updates.

        I skipped April ESU update, now with May I wanna get up to date again.

        All I need is the v.02 Installer, the April SSU and the May monthly rollup, right? I am group A.

        • This reply was modified 3 months ago by Qnu.
      • #2262229 Reply
        A1ex
        AskWoody Plus

        I installed the May SSU ok, are there some update files I need.

        I would appreciate a monthly list of the required kb files for each months updating process, if that’s possible.

        A1ex

      • #2262363 Reply
        Mattchu
        AskWoody Lounger

        So as folks may by now know there was an “issue” with the .Net update for May, Abbodi86 has posted a solution but there was another [not sure if posted] which is easy and worked for me.

        All credit to vinzf and pesho_georgiev from mdl.

        Here’s how to successfully install the infamous .NET May Update:
        1. Download this:
        http://download.windowsupdate.com/d/msdownload/update/software/secu/2020/05/ndp48-kb4552921-x86_608b67e4011b9e103ca18deadbfc013d1c328508.exe (x86)
        http://download.windowsupdate.com/d/msdownload/update/software/secu/2020/05/ndp48-kb4552921-x64_6912af0422fc16a14f4f398fda98117f1e2f01b8.exe (x64)
        2. Create a shortcut of the executable.
        3. Right click on the shortcut and go to Properties.
        4. On the Target box, add this: /msioptions “ESU_LOCK=2D40812E-974C-4EA2-8DCC-63C992D505B9” (make sure to add a space before adding it)
        5. Click Apply and OK.
        6. Run the shortcut and proceed with the installation.

        On the “Properties Box” of the right clicked shortcut, make sure you add the /msioptions, etc line from number 4. after the .exe that is already in the box [dont overwrite the lot].

        Cheers…

        4 users thanked author for this post.
      • #2262530 Reply
        Qnu
        AskWoody Lounger

        You better go ahead with May SSU KB4555449

        Do I need to install the April SSU before installing the May SSU?

        • #2262532 Reply
          PKCano
          Da Boss

          You need the April SSU preinstalled before you can install the May Rollup or SO/IE11 if you don’t install the May SSU at the same time as the May patches.
          The May SSU will be necessary for the June patches.
          But if you install the May SSU along with the May Rollup or SO/IE11, you do not need to install the April SSU first.

          3 users thanked author for this post.
          • #2262535 Reply
            Qnu
            AskWoody Lounger

            Thanks, so basically, May SSU, May Rollup and then run the script and it will install the SSU prior to the Rollup automatically.

      • #2262704 Reply
        Qnu
        AskWoody Lounger

        Reporting that I installed May Rollup, May SSU as well as NET. Framework 3.5.1 and 4.7.2 update with aforementioned methods. No issues and everything works smoothly. Thanks for all the help and assistance, as usual. 🙂

        Out of curiosity: What would happen if you try to install a NET. Framework update version that you don’t have installed on your windows? I used a tool to determine which I had, it showed 3.5 and 4.7.2 so I only installed those two.

        • This reply was modified 2 months, 4 weeks ago by Qnu.
        • This reply was modified 2 months, 4 weeks ago by Qnu.
        2 users thanked author for this post.
        • #2262824 Reply
          abbodi86
          AskWoody_MVP

          It give you error message about blocked or mismatched situation

      • #2263194 Reply
        RDRguy
        AskWoody Lounger

        Referencing @Mattchu‘s post above #2262363, a word of warning … if you copy & paste:

        /msioptions “ESU_LOCK=2D40812E-974C-4EA2-8DCC-63C992D505B9”

        … the ESU .NET update will fail to install & you’ll get the 643 error.

        But, if you copy & paste:

        /msioptions "ESU_LOCK=2D40812E-974C-4EA2-8DCC-63C992D505B9"

        … from @abbodi86‘s post #2262211, the ESU .NET update should install correctly.

        Though both look the same, the difference is the “” marks … “” (fails) vs “” (works)

        This is true for both @abbodi86‘s command prompt method or @Mattchu‘s shortcut method.

        EDIT: when this reply is submitted for posting, both “” marks end up looking the same – probably due to @Mattchu‘s post being originally submitted using “visual” text while @abbodi86‘s post was submitted using plain “text” mode and now because my post contains @Mattchu‘s “visual” quote marks, even though I’m submitting this post in plain text mode, after processing, it’s being posted as “visual” text so everyone’s “” marks in my post look exactly the same.

        You need to actually look at both @Mattchu‘s & @abbodi86‘s posts to see the difference in their “” marks. Again, @Mattchu‘s fails & @abbodi86‘s works.

        Moderator note: I’ve fixed the “correct” post so it copies correctly.

        Win7 - PRO & Ultimate, x64 & x86
        Win8.1 - PRO, x64 & x86
        Groups A, B & ABS

        • This reply was modified 2 months, 3 weeks ago by RDRguy.
        4 users thanked author for this post.
        • #2263242 Reply
          Qnu
          AskWoody Lounger

          Can confirm, that happened to me too. Only abbodi86 works.

          1 user thanked author for this post.
        • #2264385 Reply
          Mattchu
          AskWoody Lounger

          Cheers RDRguy, never knew the board formatted quotation marks differently in visual or plain, I will remember to do plain next time if there are any “” 🙂  It even messes up when you put 2 single quotation marks in sentences, like I`m, etc…

          1 user thanked author for this post.
          KP
      • #2263276 Reply
        7ProSP1
        AskWoody Lounger

        First of all, a sincere thank you to everyone for your informative contributions to this topic which allow us to continue staying safe while using Windows 7.

        This has given me both a revelation and resulted in a few additional .NET related questions:

        I have both 4.5.2 and 3.5.1 installed on my system but I ignorantly and erroneously assumed that by keeping 4.5.2 continually updated with 4.5.2 security fixes that 3.5.1 would also be updated. Oops. After checking my Windows Update history I have learned that the last time a security update to 3.5.1 was applied was with KB3163425 on July 12, 2016. (Did I say Oops?) I immediately went ahead and successfully installed 3.5.1 security only update KB4552965.

        Here are my questions:

        1. I assume .NET security and quality rollup updates are cumulative while .NET security only updates have to be applied successfully to get the full benefit of their intended protection, correct? While I’m OK with 4.5.2, I’m obviously way out of sync with 3.5.1.

        2. What is the risk of installing the .NET security and quality rollups? Is there telemetry hidden in these updates like the regular Windows 7 security and quality rollups? I have always been a Group B user and I prefer to remain that way but I’m obviously concerned what risks are posed by not taking the appropriate sooner-than-later steps to plug the holes that are still present in 3.5.1.

        Finally, rhetorically, why does Microsoft have to have such disdain towards Windows 7 users?

        1 user thanked author for this post.
        • #2263280 Reply
          abbodi86
          AskWoody_MVP

          .NET rollups are free from telemetry, and they hardly cause any issues

          2 users thanked author for this post.
        • #2263281 Reply
          PKCano
          Da Boss

          .NET has never been included in Group B patching. The telemetry Group B is avoiding is in the Windows Security and Quality Monthly Rollup and in the individual telemetry patches like KB2952664.
          There is no problem with installing the .NET Rollup.

          2 users thanked author for this post.
          • #2263349 Reply
            7ProSP1
            AskWoody Lounger

            I know AKB 2000003 has never included .NET updates when there were some issued but I erroneously assumed they included telemetry of some sort.

            It’s a rather unusual feeling when a Windows 7 user realizes that Microsoft is issuing quality updates that actually only include quality updates.

             

            1 user thanked author for this post.
      • #2263345 Reply
        PKCano
        Da Boss

        I have updated one of my WIn7 Ultimate VMs with the MAY patches on May 17, 2020.
        It have .NET 3.5.1 and 4.7 installed.

        I put KB4556836 (Rollup), KB4555449 (SSU) and KB4552940 (the .msu patch for .NET 3.5.1) in a folder with @abbodi86 ‘s script. Then executed the script as admin.
        I executed (as admin) the .exe patch for .NET 4.7 KB4552919 with the Bypass switches as per @abbodi86 in #2262211.

        Everything installed correctly.


        Update
        : Two more done (same versions of .NET) without problems.

        5 users thanked author for this post.
        • #2263386 Reply
          alpha128
          AskWoody Plus

          I’m also running .NET 4.7, so the procedure you outlined above is exactly what I plan to do.  Glad to learn it works!

        • #2268380 Reply
          Moonbear
          AskWoody Lounger

          Where do I need to put the bypass switch to get 4.7 to install?

          Do I need to run the switch in a command prompt?

          • #2268381 Reply
            PKCano
            Da Boss

            You do it the same way you do “sfc /scannow”
            You run “filename /bypass”
            One easy way is to make a shortcut to the file, right click on the shortcut, choose properties.
            In the “target” box where it shows the file name, add the bypass switch to the end of the string.
            Click OK and double click on the shortcut.

            See @mattchu in #2262363.

            1 user thanked author for this post.
      • #2263545 Reply
        analogkid
        AskWoody Plus

        Just a question for us 0patch users….

        I purchase 0patch pro in March after my one month trial. I have also installed the Win 7 ESU updates through April using the “abbodi86” method and everything seems to be running well.

        The AskWoody PLUS Newsletter that arrived this morning in my inbox had and article entitled  “.NET Framework oddities and ESU issues highlight May patching”.

        In it there is the recommendation to purchase an ESL key but what about those of us who have purchase 0patch pro? Are we still vulnerable?

         

        "An analog kid in a digital world"

        Win7 Ultimate home built desktop Running 0patch Pro

        Win 8.1 desktop and two 8.1 laptops

        Win 10 Dell desktop (took the plunge)

        and two very old home built Win XP desktops (offline for use with an old Epsom Photo scanner)

      • #2263866 Reply
        Paul T
        AskWoody MVP

        0patch would say “no, you are not vulnerable”, which is the whole point of switching to an alternative update mechanism. If 0patch misses stuff I’m sure we’ll hear about it, but in the meantime, continue to backup regularly.

        cheers, Paul

        1 user thanked author for this post.
      • #2263931 Reply
        anonymous
        Guest

        Hello,

        I would really love to install the W7 ESUs, but have seen a report that they break Sandboxie.

        htxxs://community.sophos.com/products/sandboxie/f/forum/119455/can-t-install-any-version-on-win7-with-windows-7-extended-security-updates-esu

        Any help would be very much appreciated.

        Many thanks 🙂 .

        • #2264043 Reply
          EP
          AskWoody_MVP

          contact Sophos about the problem between Sandboxie & Win7 ESU

          • #2264069 Reply
            anonymous
            Guest

            Hi @EP. Thanks for the reply.

            Unfortunately, Sophos are no longer supporting Sandboxie. Thought I’d take a chance there might be a Sandboxie user or two hereabouts, that might be able to confirm if it works with the W7 ESUs, or not.

            • #2268424 Reply
              Mattchu
              AskWoody Lounger

              Sanboxie user here and I can report no problems with the latest Sbie [5.33.3] and windows 7 updates up to May, x32 and x64 using the above script. Not sure about the official ESU way though!

              Good luck.

              1 user thanked author for this post.
      • #2264316 Reply
        glnz
        AskWoody Plus

        So I have now run the APRIL updates on my wife’s Win 7 Pro 64-bit PC in her SOHO.

        BUT … normal Windows Update is now prompting me to install this update from 2014:

        System Update Readiness Tool for Windows 7 for x64-based Systems (KB947821) [May 2014]

        This tool is being offered because an inconsistency was found in the Windows servicing store which may prevent the successful installation of future updates, service packs, and software. This tool checks your computer for such inconsistencies and tries to resolve issues if found.

        More information:   http://support.microsoft.com/kb/947821

        I do not recall seeing anything like this when I ran the last normal Group A rollup update in January.

        ALSO … just now, when I used this tool to install the April updates (KB4550738 and KB4550964), I was NOT prompted to reboot.  Is that expected?  I rebooted anyway.

        Any thoughts about these two?  Thanks.

        • This reply was modified 2 months, 3 weeks ago by glnz.
        • #2264320 Reply
          PKCano
          Da Boss

          Hide KB947821, you don’t need it.

          ALSO … just now, when I used this tool to install the April updates (KB4550738 and KB4550964), I was NOT prompted to reboot. Is that expected? I rebooted anyway.

          The prompt to reboot is not the one you used to see when using regular updates. It is only a line at the bottom of the Command Prompt when it finishes install telling you a reboot is necessary for the changes to take place.

          • #2264325 Reply
            glnz
            AskWoody Plus

            PKCano – thanks again.

            Just to be clear, when this special ESU tool finished installing KB4550738 and KB4550964, I did not get ANY prompt to reboot, including in the cmd window.  But since I thought these two included the April Group A rollup, I had expected a prompt somewhere to reboot.

            So – was NO prompt to reboot expected for the April Group A rollup?  Or did I have the Group B security-only update only (which would be wrong for me)?

            • #2264326 Reply
              PKCano
              Da Boss

              KB4550964 is the Rollup and KB4550738 is the correct SSU for April.
              You did good to reboot.
              Check Installed Updates to be sure both installed correctly. If so, you should be fine.

              • #2264327 Reply
                glnz
                AskWoody Plus

                PKCano – yes – both are listed in Installed Updates.  So I feel fine!  Thanks!!!

      • #2264328 Reply
        glnz
        AskWoody Plus

        New question – when Woody gives us the Defcon3 “go ahead” for the May updates, should we use this special tool also to install

        4538483    5/9/2020   SPECIAL ESU UPDATE  (from Susan Bradley’s patch list)

        Or does abbodi86’s special tool NOT need that?

        • #2264336 Reply
          abbodi86
          AskWoody_MVP

          KB4538483 is not needed for manual installation of ESU updates, until now at least

          but it will not hurt to install it

          2 users thanked author for this post.
        • #2264558 Reply
          Qnu
          AskWoody Lounger

          Can you link me to the post, I don’t see it. 😮

          • #2271097 Reply
            EP
            AskWoody_MVP

            Here from MS Update Catalog, Qnu. KB4538483 is only available from the MS Catalog site & WSUS and not available thru Windows Update

            manually download the 5-5-2020 version of KB4538483 for your Win7 system, install it and reboot

            • This reply was modified 2 months ago by EP.
            • This reply was modified 2 months ago by EP.
      • #2264478 Reply
        glnz
        AskWoody Plus

        Finished using this on our third and final Win 7 Pro 64-bit PC, a slow Dell Optiplex 3010.

        Two odd small consequences —

        1) In Belarc Advisor, the long list of installed updates to Win 7 is gone.

        2) Normal Windows Update is now showing me “Update for Windows 7 for x64-based Systems (KB2952664),” whose MS article is captioned “Compatibility update for keeping Windows up-to-date in Windows 7”, and whose WUD Details say it has been superseded by numerous Monthly Security Quality Updates (rollups), including the 04-20 one I just installed using this tool.

        Just a bit of static, I suppose.

        • This reply was modified 2 months, 3 weeks ago by glnz.
        • #2264480 Reply
          PKCano
          Da Boss

          KB2952664 functionality has been included in the Win7 Rollup since Sept or Oct of 2018 (I think). That would supersede the any older copy of the stand-alone patch.

          • #2264492 Reply
            glnz
            AskWoody Plus

            PKCano – I am guessing that KB2952664 has shown up because something in the special tool or the 04-2020 update deleted the long historic list of past updates, so the PC is not picking up that the superseding Monthly Security Quality Updates were installed.

            Is there a way to get the old list restored to wherever it used to be?

          • #2264585 Reply
            abbodi86
            AskWoody_MVP

            W7ESUI don’t clean or remove any update history 🙂

            KB2952664 show up in WU because of missing metadata for ESU updates

            meaning, on metadata level, WU has knowledge only for 2020-01 Monthly Rollup KB4534310, but now 4534310 is superseded by the manually installed 2020-05 Monthly Rollup KB4556836
            which lead to WU thinking that KB2952664 is not superseded

            3 users thanked author for this post.
            • #2264590 Reply
              glnz
              AskWoody Plus

              abbodi86 – you are correct, and I owe you an apology.  I rechecked, and in Belarc Advisor, the long Win 7 update history has returned.

              Thanks for your explanation, and thanks with BIG KISSES WITH NO SOCIAL DISTANCE for your update tool.

              … And let me add that this thread is a great reason for everyone reading this to donate a little something to Askwoody, as I have.  A little something multiplied by each of us would let Woody and PKCano have a much-deserved vacation (as long as they don’t take breaks at the same time).

              • This reply was modified 2 months, 3 weeks ago by glnz.
      • #2265295 Reply
        Larry B
        AskWoody Plus

        Keep getting error 1188 “Element not found”.  KB4490628 and KB4474419 are both installed.  I tried to install kb4550738-x64 and kb4550964-x64 using the script.

        • #2265299 Reply
          PKCano
          Da Boss

          Create a folder.
          Put kb4550738 April SSU, kb4550964 April Rollup in the folder.
          Extract W7ESUI.cmd from the zip file, or extract the whole zip file.
          Copy or move W7ESUI.cmd and place it in the same folder.
          Right-click on W7ESUI.cmd and “Run as administrator”
          In the cmd window press 0 (zero) and wait for the script to run.
          When it is finished, press 9 to exit.
          Reboot the computer.

          • #2265334 Reply
            Larry B
            Guest

            All of those were in a folder I was running from a USB drive.  I will try putting that folder on my HDD, not sure if that will make a difference.

            • #2265349 Reply
              Larry B
              Guest

              Putting the same folder from my USB drive on my HDD did the trick.  On another PC I installed this from another partition on the same HDD with no issues, but a USB drive with >26GB of free space would not work.

      • #2268391 Reply
        Geo
        AskWoody Lounger

        The easier thing to do is pay about $25 for 0patch pro.

      • #2268480 Reply
        glnz
        AskWoody Plus

        So now that we are Defcon 4 for the May patches, I am running this installer script for KB4555449 and KB4556836 on one of my Win 7 Pro 64-bit machines.

        However, Susan B also recommends
        >>>>  4556399   5/12/2020   Install   .NET Framework security/quality update

        When I went to download that from MS Update Catalog, the subwindow that popped up showed me at least ten sub-files, and I don’t know which one(s) to pick.  The dotnet.exe tool says I have these versions of .NET on my machine:  2.0,  3.0,  3.5 and 4.8.

        So, what should I do?  Thanks.

        • #2268482 Reply
          PKCano
          Da Boss

          You need KB4552940 (3.5) and KB4252921 (4.8).

          KB 4556399 is a Rollup – it is a bundle of updates for the different versions of .NET.
          When you go to the Catalog, instead of clicking on “Download,” click on the Namd of the update. In the popup choose “More Information.”
          That will take you to the MS Support page for that Rollup and an explanation of which patch is for which version.

          • #2268485 Reply
            glnz
            AskWoody Plus

            Thank you, PKCano.  I see what you mean.

            Now, should I put those two KBs into abbodi86’s Standalone ESU tool on this thread and run it again, or should I go to the other thread about .NET and follow those odd instructions?  (And where is that again?)

      • #2268673 Reply
        glnz
        AskWoody Plus

        Just FYI that, after running abbodi86’s tool for the May updates in my third Win 7 Pro 64-bit machine (a Dell Optiplex 3010 with 8GB RAM), the May updates show in Installed Updates, but the long list of historic updates in Belarc Advisor is now mostly gone – none of the Win 7 updates show, from 2014 to now.  This has continued after a reboot, etc.

        The last time, they came back after a while.  But not yet this time.

        • This reply was modified 2 months, 1 week ago by glnz.
        • #2268737 Reply
          glnz
          AskWoody Plus

          Update – checked that machine again, and Belarc Advisor got back its long list of Windows 7 updates.

          abbodi86 and PKCano – curious whether you might have a guess as to why this happens.

          But I’m super-happy about doing these updates – many thanks again.

      • #2268741 Reply
        Silenus
        AskWoody Lounger

        Hello to all member of AskWoody.com! This is my first post here, though I’ve been following this site from long ago.

        I wanted to thank everyone who made and refine this tool to let us keep using our beloved OS.

        I’ve never update my system since ESU came in, so here’s what I did. I put the following files in the same folder as the installer:

        • February SO Update – KB4537813
        • March SO Update – KB4541500
        • April SO Update – KB4550965
        • May SO Update – KB4556843
        • May IE Update – KB4556798
        • .NET 3.5.1 Update – KB4552940
        • May SSU – KB4555449

        then ran it as administrator. Everything went super smooth, and these updates appear on the installed list in Windows Update.

        Then I’ve installed .NET 4.7 Update (KB4552919) as explained here.

        Again, everything was good, and my PC seems to run perfectly fine.

        I did not install March and April SSU. Do I need them?

        Is there any other important update that I miss?

        Thanks again!

        1 user thanked author for this post.
        • #2268745 Reply
          PKCano
          Da Boss

          You only need the latest (May) SSU.
          Looks like you are up to date.

          1 user thanked author for this post.
      • #2270211 Reply
        Cybertooth
        AskWoody Plus

        May I suggest a KB-style article that lists all of the files needed each month to keep a Windows 7 system up to date with @abbodi86‘s method? This would include not only Windows and IE11 patches, but also any new .NET patches and whatever else comes down the chute–especially the SSU for the corresponding month and any new versions of the installation script.

        Having everything (or at least the links for it) together in one place would save considerable time hunting around for this bit “here” and that bit “over there.” A thread such as this one that’s currently running to 257 replies may not be the most practical method for listing new files, as they inevitably get buried in an avalanche of new comments and questions.

        At the very least, it would be helpful to formally and regularly post availability of, and links for, the new SSU in a predictable place. The reason I’m asking is that two days ago, I installed the May patches on a Win7 laptop without problems. But today I used the same folder containing the same files (copied over, of course) on a different Win7 machine, and the installation kept failing. Eventually, I discovered somehow that another new SSU had been released, and put that in the folder for May, and then the installation worked. But then, why did the installation of the same set of patches (minus the May SSU) work just fine on the first laptop?

        The greatest benefit IMO would come from posting announcements and links to each month’s new SSU in a fixed location. If this is already taking place, please let me know the page so that I can bookmark it.

        Thank you.

         

        • This reply was modified 2 months ago by Cybertooth.
        4 users thanked author for this post.
        • #2271103 Reply
          alpha128
          AskWoody Plus

          “May I suggest a KB-style article that lists all of the files needed each month to keep a Windows 7 system up to date with @abbodi86‘s method? This would include not only Windows and IE11 patches, but also any new .NET patches and whatever else comes down the chute–especially the SSU for the corresponding month… – Cybertooth

          Plus Members like us can use Susan Bradley’s month-end master patch list for this purpose, e.g., 2020-05-29-Pre-Win10-Updates-.pdf

          Susan’s file includes links to the Microsoft support pages for all the various patches.  That’s what I used to locate and download the appropriate 2020-05 updates from the Microsoft Update catalog.

          • This reply was modified 2 months ago by alpha128.
          • This reply was modified 2 months ago by alpha128.
          • This reply was modified 2 months ago by alpha128.
          1 user thanked author for this post.
          • #2271136 Reply
            Cybertooth
            AskWoody Plus

            Thanks @alpha128, the Master Patch List does give all the MS patches for the month, and that’s good. However, note that using this method involves:

            1. Visiting the Master Patch List page, from where one then
            2. Clicks on the link for the PDF list, which contains links that
            3. Lead one to a MS Support page that still doesn’t provide a download link to the actual patches (example). You need to look around the page to locate the link for the listings to that patch on the MS Update Catalog, then
            4. Click on that link, and then finally once on the Update Catalog listings
            5. Click on the download link for the patch.

            This is a rather more cumbersome process than, for example, the AKB2000003 page for Group W patchers, which not only lists the patches but also provides direct links to the patches on the MS Update Catalog. Relative to the Master Patch List procedure, this saves three steps (clicking on a PDF, then clicking on a MS Support page, then clicking to reach the Update Catalog list).

            And of course, the Master Patch List doesn’t mention updated versions of the W7ESUI script, of which there have now been two versions and doubtlessly will be more in the future. So this still involves looking in a variety of places for all the parts.

            Remember, the suggestion is to have a single place listing everything that’s needed to keep Windows 7 patched. Basically, a page that combines the completeness of the Master Patch List with the simplicity of the AKB system–and throws in the W7ESUI to boot.

             

            • #2271196 Reply
              alpha128
              AskWoody Plus

              “Remember, the suggestion is to have a single place listing everything that’s needed to keep Windows 7 patched. Basically, a page that combines the completeness of the Master Patch List with the simplicity of the AKB system–and throws in the W7ESUI to boot.” – Cybertooth

              The procedure I outlined above isn’t that onerous.  A find for the word “catalog” on each support page takes you right to the updates you need.

              For April, I just searched the Update Catalog for “2020-04 Windows 7 x64” and was able to easily find the needed patches.  But a search for “2020-05 Windows 7 x64” produced a long confusing list, and I discovered that using the Master Patch list for this purpose is much easier.

              About the only thing the Master Patch list lacks is info about the W7ESUI script itself, so I just check the opening post of this thread for updates to the script.

            • #2271199 Reply
              PKCano
              Da Boss
          • #2271200 Reply
            PKCano
            Da Boss
        • #2271161 Reply
          PKCano
          Da Boss

          Have any of you looked at the first post in the Patch Tuesday Main Blog thread?
          Most of what you need is listed there with download links.

          That happens every month, thank you very much.

          2 users thanked author for this post.
      • #2271066 Reply
        WSandrewcee
        AskWoody Lounger

        Any help here would be appreciated – I have been able to install all updates up to May 2020 on Win7 x86  ( old machine ) However now when I run W7ESUI.cmd ( 0.2 version) it won’t accept the 0 to proceed with install ( but it will accept 9 to exit )….I am running 0patch (free) as well – I have tried disabling it to run the command with the same result…any ideas would be very appreciated ( the keyboard works fine )

        Thanks

        • #2271071 Reply
          PKCano
          Da Boss

          You need to wait on the installation of the June patches until @abbodi86 has a chance to evaluate the situation. DO NOT try to install the June patches yet.

          UPDATE: It appears that W7ESUI_0.2 still works for June patches.

          • This reply was modified 2 months ago by PKCano.
          2 users thanked author for this post.
        • #2271072 Reply
          abbodi86
          AskWoody_MVP

          The script won’t proceed if required options are not met, specially “updates location”

          can you post screenshoot of cmd window?

          1 user thanked author for this post.
      • #2271156 Reply
        WSandrewcee
        AskWoody Lounger

        When I try that ( shift+right click ” copy as path ” to the folder ) it says “specified location is not valid”

        Attachments:
        • #2271164 Reply
          Paul T
          AskWoody MVP

          All the update files need to be in the same folder as W7ESUI. If not you need to specify the location of the update files.

          cheers, Paul

      • #2271176 Reply
        Mattchu
        AskWoody Lounger

        Just wanted to confirm the June updates worked for me using the V2 script [not tried the V1].

        Win7 x64 and x32 Security + cumulative all installed fine 🙂

        Couldn`t find a June SSU for Windows 7

        Matt

        Attachments:
        1 user thanked author for this post.
        KP
      • #2271235 Reply
        WSandrewcee
        AskWoody Lounger

        All the update files need to be in the same folder as W7ESUI. If not you need to specify the location of the update files.

        cheers, Paul

        They are – there are 2 update files and the installer .cmd in that folder ( and only that )

        • #2271242 Reply
          PKCano
          Da Boss

          Do you have the May SSU KB4555449 installed? It is a prereq for the June patches.
          If all are in the same folder, in an elevated Command Prompt, all you have to do is press 0 (zero). You don’t have to change any of the other settings.

      • #2271241 Reply
        Cybertooth
        AskWoody Plus

        Have any of you looked at the first post in the Patch Tuesday Main Blog thread? Most of what you need is listed there with download links.

        The answer to the question is, “No.”  🙂  Reason is, I wait for Woody to set the MS-DEFCON level above 2. But then, by the time that happens, the blog post announcing the patches, and its associated discussion thread, are long since buried in the silt of newer posts.

        And one would still have to find out if there is an updated W7ESUI script.

        That’s why it would be preferable to have a single place that puts all of this together. Heck, I’d even be willing to do the work myself, to save others the effort of gathering the parts every month. But again, like an AKB it would have to be a singular, fixed location where users know they can go to each month for the needed information.

        The idea is to make it as easy and convenient as possible for the user to get this done.

         

        • #2271243 Reply
          PKCano
          Da Boss

          The updated script is always HERE.
          The patches for the month are released on Patch Tuesday.
          If you want a list of the patches, look on the Patch Tuesday for the month you want the patches.
          As a matter of fact, you could even download them and save them (in the folder you intend to use for the updates) on Patch Tuesday, then wait for the DEFCON to change.

          • #2273738 Reply
            Qnu
            AskWoody Lounger

            That’s a good idea, I did just that because I usually wait 1 month before installing. 🙂

      • #2272382 Reply
        Steve
        AskWoody Plus

        Whew.
        A big ‘thank you’ to abbodi86 for this installer.
        One of the major disruptions of the COVID-19 pandemic was that the “Stay at home” command meant I could not go to a venue to download these Windows® 7 ESU patches. Yes people, the only connection from the abode here to the Internet is a v.92 one.
        No way I could download all of these patches (or for that matter, the newest versions of Firefox and TorBrowser) in any semblance of reasonable time.
        The pandemic even shut down the Chicago Public Library branch where I could (and have) do this.
        I’m keenly considering writing my Aldercritter. Yes, he has a few more crucial items now on his list, but I will allege that broadband internet connectivity is a utility, necessary as much as electricity and home heating. It is pathetic that the choices for broadband connectivity here is limited to corporations earning windfall profits for their abysmal product; laden with impossible to avoid fees, requiring two-year contracts, and dramatically escalating monthly charges with ‘cancellation‘ fees equal to the cost of the service if the contract was not cancelled.
        I was without broadband internet access for 90 days. This past week, the Library finally reopened. Thankfully, it was not vandalized. However, due to its closed-air circulation, a patron is limited to one hour inside.
        Downloading all these updates via the Library’s wi-fi network (onto a flash drive inserted into my Windows® 8.1 laptop) took 57:36. Yikes.
        Bringing it back here and setting it up to execute was simple to follow. I have put prior updates from Microsoft into a specified folder, and that is where abbodi86’s script and the seventeen patches (February [Win7], March, April, May) went. I would have downloaded June’s, but owing to how little time I had left, did not.
        The program ran exactly as described. (I also enjoyed the magenta text.)
        Here is the picture of the patches installed on this Windows® 7 computer . (I also installed the regular patches on Windows® 8.1; but they are not shown in this picture.) This computer is finally caught up.

        Important links you can use, without all the fluff or sales pitch = https://v.gd/sdr28
        4 users thanked author for this post.
      • #2274038 Reply
        Microfix
        AskWoody MVP

        After an image backup, I gave this a try..
        RESULT! x86Pro Test

        RemovalofTemp

        Note for @abbodi86; close attention to screenshot above – minor really, Telemetry script didn’t appear on desktop upon douuble restart (no biggie) using the sandscript 😉

        SFCintegrity

        May the force AND your god be with you always!

        No problem can be solved from the same level of consciousness that created IT -AE
        Attachments:
        2 users thanked author for this post.
      • #2274291 Reply
        JimBean
        AskWoody Lounger

        Hi,

        W7 HP x64, W7ESUI_0.2.

        Installed:

        • Jun Service Stack update
        • Jun IE cumulative update
        • Feb – Jun SO updates
        • May .NET 3.5.1 SO update

        Everything ran super smooth, took about 25 mins. After reboot, ran  the Telemetry script.

        No problems to report. Very happy 🙂 .

        A thousand thanks, @abbodi86.

        -JB

        1 user thanked author for this post.
      • #2275523 Reply
        Moonbear
        AskWoody Lounger

        Is the a way to tell if we need any of the .NET patches every month?

        I ask since it seems highly likely that going forward we won’t be able to simply install the ESU script anymore, so if at all possible I’d dearly love the option to just skip them.

        • #2275525 Reply
          PKCano
          Da Boss

          If the updates are optional non-Security patches, it probably is not necessary to install them.

          If the updates are rated important = Security patches, I would recommend installing them.

          1 user thanked author for this post.
          • #2275544 Reply
            Moonbear
            AskWoody Lounger

            That’s exactly what I’m talking about.

            How do you tell if the update is recommended or not?

            • #2275545 Reply
              PKCano
              Da Boss

              It should have “Security” in the title if that’s what it is. Like “Security Rollup.” You can also look at the MS Support pages for information.

              2 users thanked author for this post.
            • #2275546 Reply
              Microfix
              AskWoody MVP

              Have a look at Susan Bradley’s Master Patch list.
              For instance: the last security/quality .net was in May kb4556399 and with this KB you can go directly to it in the catalog to download.
              Listings of just May updates excel/pdf/html
              Listings for that particular month shows what you need.

              No problem can be solved from the same level of consciousness that created IT -AE
              1 user thanked author for this post.
      • #2277715 Reply
        glnz
        AskWoody Plus

         

        All – Happy and relentlessly safe Fourth!

        I imagine we’ll soon see Woody’s DefCon “Go Ahead” for the June updates to Win 7.  Susan Bradley has already indicated corporate users can go ahead.

        Will aboddi86’s fabulous method work again?  Also the .NET method?

        Thanks!

         

        1 user thanked author for this post.
        • #2277716 Reply
          PKCano
          Da Boss

          @abbodi66 ‘s script work with the June updates. We’re just waiting on the DEFCON go-ahead from Woody.

          2 users thanked author for this post.
          • #2277886 Reply
            alpha128
            AskWoody Plus

            Susan Bradley’s latest Master Patch list already gave the go-ahead on the June updates.  So, on July 2nd, I used the script to install 2020-06 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4561643) and 2020-06 Servicing stack update (KB4562030).

            No problems with either the script or the updates it installed.

             

            1 user thanked author for this post.
      • #2277959 Reply
        Alex5723
        AskWoody Plus

        Susan Bradley’s latest Master Patch list already gave the go-ahead on the June updates.

        Susan Bradley’s OK is aimed at Businesses which have an IT department to thoroughly test monthly patches.
        Woody’s DefCon is aimed at small SMBs, home users…and June updates are still at Defcon = 2.

        • #2278098 Reply
          alpha128
          AskWoody Plus

          The MS DEFCON rating is one size fits all, while Susan’s Master Patch List is version and patch specific.

          You can wait if you want.

          But after waiting for almost a month, with Susan’s recommendation, and a three day holiday weekend, I went ahead.

      • #2278602 Reply
        glnz
        AskWoody Plus

         

        On our spare (test) Win 7 Pro 64-bit machine, I have just now installed KB4562030, KB4561603 and KB4561643.

        Thank you again abbodi86 and PKCano!!!  And Woody for making this all possible.  And Woody’s mom for making Woody possible !!!

        Reminder to all to donate!!!  I did, and it’s certainly worth it.

         

        2 users thanked author for this post.
        • #2278654 Reply
          anonymous
          Guest

          glnz wrote:
          On our spare (test) Win 7 Pro 64-bit machine, I have just now installed KB4562030, KB4561603 and KB4561643.

          KB4561603 is Jun’20 Cumulative Security Update for IE.
          KB4561643 is Jun’20 Cumulative Update/Monthly Rollup for Win7.

          Unless I’m mistaken, if you installed (or planned to install) KB4561643, then KB4561603 should be redundant and so shouldn’t need to be installed.

          Hope this helps.

          • #2278658 Reply
            PKCano
            Da Boss

            You are correct. The IE11 CU is included in the Rollup. You only need it if you install the Security-only Updates following Group B.

      • #2278724 Reply
        byteme
        AskWoody Plus

        Win7 Home Premium 64-bit. Group B.

        I neglected to report on the May updates, which I successfully installed using abbodi86’s script. That install also included the May .NET update — as a two-part task, with the script updating the older .NET versions and the separate .exe file we were linked to updating the bigger-than-4 .NET version. Or maybe it was the other way round; it’s been a month. In any case, I’m glad there isn’t a recommended .NET update every month.

        In fresher news, I have just installed the June SSU, Win7 update and IE update using abbodi86’s script — Version 1! (I’m old fashioned) — and all seems normal. Including the post-installation reboot, the whole process took around 35 minutes.

        The one little burp that’s maybe worth mentioning is that, as part of that post-installation reboot, I got a black screen that hung in there for quite a while, and for most (I think) of that time, there was a small message box in the upper left that said, “Setting up personalized settings for Windows Desktop Update.” I don’t recall ever seeing that message before, in any context — but in any case, the black screen yielded to my desktop after two or three minutes. And a while later I did another reboot, and it was completely normal.

        And I once again thank abbodi86 for his script.

        3 users thanked author for this post.
      • #2278765 Reply
        anonymous
        Guest

        Are there a June updates to NET Framework?  Specifically version(s) 3.5 and/or 4.8.

      • #2278858 Reply
        TonyC
        AskWoody Lounger

        While planning to do the June updates for my Windows 7 system, I have just noticed that W7ESUI_0.2 is available. Hitherto, ever since the February updates, I have been using W7ESUI_0.1.

        I presume that there is no problem switching to use W7ESUI_0.2 for the June updates instead of using W7ESUI_0.1?

        And I apologise if this is a daft question but is there any way of being informed when a new version of W7ESUI.cmd becomes available? Or is it simply a matter of inspecting this topic every month before doing my updates?

        • #2278865 Reply
          PKCano
          Da Boss

          Use W7ESUI_0.2 – it is not updated every month, only when necessary. So you have to keep watching.
          I think W7ESUI_0.2 covers .NET 3.5, but you have to install the later .NETs manually using the switch after the file. See @Mattchu ‘s post #2262363 for an easy way to do this.

          2 users thanked author for this post.
          • #2278889 Reply
            TonyC
            AskWoody Lounger

            Thank you for the reply.

            My Windows 7 system has only .NET 3.5.1 and, last month (for the May updates), W7ESUI_0.1 installed KB4552940 (the Security and Quality Rollup for .NET 3.5.1) without any problem. So I don’t need to worry about the later versions of .NET.

            Anyway, for the June updates, I will use W7ESUI_0.2.

      • #2279387 Reply
        jburk07
        AskWoody Plus

        Results for June 2020 Windows 7 patching:

        Win7 Home Premium x64:

        After the regular image backup, used abbodi86’s script to install the June Rollup KB4561643 and June SSU KB4562030. Took about 10 minutes including the restart and both patches are showing up in Installed Updates.

        I’m using primarily Linux Mint these days but I still occasionally need to use Windows 7 online. It’s great to be as up-to-date as possible. Thanks to abbodi86 and PKCano for all your help on this!

        Linux Mint Cinnamon 19.2
        Group A:
        Win7 Pro x64 SP1 Haswell, 0patch Pro, dual boot with Linux
        Win7 Home Premium x64 SP1 Ivy Bridge, 0patch Pro, mostly offline
        Win 10 Pro x64 v1909 Ivy Bridge, dual boot with Linux

        2 users thanked author for this post.
      • #2280450 Reply
        Mattchu
        AskWoody Lounger

        July updates installed successfully with the script. x64 Security [KB4565479 + KB4565539] and Cumulative [KB4565524] and x86 Cumalitive [KB4565524] done so far with no issues.

        Latest SSU [KB4565354] installed as well.

        Just the .net one to do now.

        6 users thanked author for this post.
        • #2280471 Reply
          Qnu
          AskWoody Lounger

          The 3.5.1 should work with the script again, right? Can someone post the “code” again to install the update for the 4.7.2 .net framework?

          • #2280473 Reply
            Microfix
            AskWoody MVP

            July patches KB4566466 for security only (askwoody group B)
            and KB4566517 for Security and monthly quality (askwoody Group A) 4.7.2 dotnet
            Remember to download the one that matches your OS x64 for 64bit or x86 for 32bit.

            No problem can be solved from the same level of consciousness that created IT -AE
            • #2280508 Reply
              Qnu
              AskWoody Lounger

              Do you know why there are 2 versions for it in the KB4566517?

              windows6.1-kb4019990-x64_35cc310e81ef23439ba0ec1f11d7b71dd34adfe5.msu
              windows6.1-kb4565612-v2-x64_0b0093d044fe0b7bd96f45a9653be0375c7b7e97.msu
              The bottom one has “v2”.
              • This reply was modified 3 weeks, 6 days ago by Qnu.
              • #2280532 Reply
                abbodi86
                AskWoody_MVP

                KB4019990 is D3DCompiler_47.dll component update companion for .NET 4.8/4.7.2

                it should already be installed with .NET 4.8/4.7.2

                2 users thanked author for this post.
          • #2280480 Reply
            PKCano
            Da Boss
            filename.exe /msioptions "ESU_LOCK=2D40812E-974C-4EA2-8DCC-63C992D505B9"

            UPDATE: See post #2280539 below:

            The ESU_LOCK workaround is removed and no longer working

            4 users thanked author for this post.
      • #2280538 Reply
        7ProSP1
        AskWoody Lounger

        Is anyone having issues installing the Security Only update for .NET Framework v4.5.2?

        I have followed the above instructions to the T (just like when the May Security Only .NET update for v4.5.2 was installed) but this time I keep getting a fatal error during installation message stating installation failed with error code: (0x80070643).

        If it makes any difference, I successfully installed the Security Only .NET update for v3.5.1 just prior to this.

      • #2280543 Reply
        7ProSP1
        AskWoody Lounger

        A-ha. It’s been driving me nuts trying to figure out what the problem might be, so this explains everything.

        I am confident, as I type this, there are great minds working on a fix to allow for the continued successful installation of security only .NET updates that relied on the previous ESU_WORKAROUND.

      • #2280551 Reply
        7ProSP1
        AskWoody Lounger

        Oops, I meant ESU_LOCK workaround (not ESU_WORKAROUND) above.

        Also, I noticed when downloading the Security Only .NET update for v4.5.2 (KB4565583) that a file named 32114089_6572f8ca4563143988d5e724d4632a35703c0975.cab was also presented. Is it necessary to download this as well and, if so, what does it do?

        • #2280580 Reply
          abbodi86
          AskWoody_MVP

          those cab files are WU metadata, not needed for us, they accidentally included them in MU catalog download

          there is no alternative for ESU_LOCK workaround, except using BypassESU v7
          not to be discussed here 🙂

          1 user thanked author for this post.
          • #2280583 Reply
            Moonbear
            AskWoody Lounger

            Can you give any possible insight into why MS is targeting the ..NET updates as the ones to mess with?

            • #2280885 Reply
              abbodi86
              AskWoody_MVP

              It’s not targeting particularly
              they put same effort to validate ESU licenses in both Windows and .NET 4 updates

              but the design of Windows updates and WinSxS component store, allowed us to find a way to suppress the validation check
              that’s cannot be done with .NET 4 updates

              there are two ways to bypass the validation for .NET 4
              1- use external BypassESU hook
              2- create administrative installation including the updates

              the first one allow to install .NET 4 updates directly
              while the second way require uninstalling .NET 4 Framework, then reinstall the created updated pack

              3 users thanked author for this post.
              • #2280911 Reply
                Moonbear
                AskWoody Lounger

                Option 2 sounds like it’d be way above my pay-grade.

                The thought of uninstalling anything as deep in the system as a .NET package makes me very nervous.

                I thought the ESU bypass for the .NET updates wasn’t working anymore?

              • #2281099 Reply
                abbodi86
                AskWoody_MVP

                The built-in workaround in May .NET 4 updates is the one not working anymore

                .NET 4 ESU Bypass is external tool, was and still working

                1 user thanked author for this post.
              • #2281139 Reply
                Moonbear
                AskWoody Lounger

                Is there any chance of a new workaround like the one for the May updates?

              • #2281144 Reply
                abbodi86
                AskWoody_MVP

                I already listed the only two ways

                2 users thanked author for this post.
          • #2280655 Reply
            Qnu
            AskWoody Lounger

            Just to be sure: The 3.5.1 update should still work with your script since it didn’t rely on the workaround before, right?

            • #2280665 Reply
              PKCano
              Da Boss

              I believe the 3.5.1 .NET (.msu file) should install with the CU and SSU. The later versions of .NET (.exe files) will not install.

              2 users thanked author for this post.
              • #2280742 Reply
                Qnu
                AskWoody Lounger

                I have 3.5.1 and 4.7.2, so having one update is better than none I guess. But seems like I have to switch to Win10 soon, if I can’t get the 4.7.2 update to work. 🙁

              • #2280745 Reply
                PKCano
                Da Boss

                0Patch is an alternative to Microsoft updating. Check it out.

                1 user thanked author for this post.
              • #2280813 Reply
                7ProSP1
                AskWoody Lounger

                Yes indeed, that is my experience exactly as the v3.5.1 .NET Security Only (.msu file) installed successfully while the later version of .NET (.exe file, v4.5.2 Security Only in my case) would not install.

                Interestingly, I had neither the June nor July SSU installed and the v3.5.1 .NET Security Only update installed just fine using the May SSU.

                YMMV, I suppose.

                • This reply was modified 3 weeks, 5 days ago by 7ProSP1.
      • #2281224 Reply
        Moonbear
        AskWoody Lounger

        If I were to begin using 0patch PRO, will I still need to install the monthly updates?

        • #2281251 Reply
          Alex5723
          AskWoody Plus

          No. 0Patch pro takes care of any Windows 7 and even 3rd party software, updates.

          1 user thanked author for this post.
      • #2281507 Reply
        Microfix
        AskWoody MVP

        Using the external BypassESU hook works for x86 with all pre-requesits 🙂
        however, on x64 with all pre-requesits, it fails 🙁
        screenshot of x86 post unhook:
        DotNET-July

        EDIT 21st July: Winx64 .NET update succesful on 2 devices over the w/end, happy days!

        No problem can be solved from the same level of consciousness that created IT -AE
        • This reply was modified 3 weeks, 2 days ago by Microfix.
        • This reply was modified 2 weeks, 6 days ago by Microfix.
        Attachments:
        1 user thanked author for this post.
      • #2281524 Reply
        Guest
        AskWoody Lounger

        Thank you for this script.

        Well written also as I had Malwarebytes block it as ransomware (had to exclude it) when it was nearly complete (during the cleanup stage) so I had to run it again. It was much faster the second go around as it recognized what was previously installed so basically just double checked everything and then picked up where it left off.

        I did notice for me, that the neutralize telemetry run once file didn’t catch everything so did some additional cleanup based on the other thread here and the other wintel file also.

        One question, I noticed in Event Viewer a couple of listings for the following. These are as expected for some of the patches (I hadn’t updated since February)?

        Reservation for namespace identified by URL prefix http://+:80/Temporary_Listen_Addresses/ was successfully added.
        Reservation for namespace identified by URL prefix http://*:2869/ was successfully added.

      • #2281894 Reply
        PKCano
        Da Boss

        Successfully installed the Rollup, the SSU, .NET 3.5 on both 32-bit and 64-bit Win7 Pro SP1 using W7ESUI_0.2.
        Successfully installed .NET 4.7 (KB4565623 v4.6-4.7.2) on both 32-bit and 64-bit Win7 Pro SP1 using dotNetFx4_ESU_Installer.

        I created two folders in the root of the C: drive, one for the OS and .NET 3.5 updates, one for the .NET 4.7.2 updates, along with the .cmd that was applicable.
        I installed the Rollup, SSU, and .NET 3.5 first, then without rebooting, installed .NET 4.7.2.
        After the install completed, I rebooted and verified the successful install.
        Removed the install folders from the C: drive.

        Correction: I was mistaken. On a second inspection, I realize the 64-bit KB4565623 for .NET 4.6-4.7.2 did NOT install.

        • This reply was modified 2 weeks, 6 days ago by PKCano.
        3 users thanked author for this post.
      • #2282080 Reply
        7ProSP1
        AskWoody Lounger

        As mentioned previously, this has been my experience exactly.

        How were you able to get your .NET 4.7.2 update to install using the dotNetFx4_ESU_Installer on 64 bit Windows 7 as you described above, @PKCano?

        As I understand it, there’s no issue installing the July .NET 4.x updates on 32 bit versions of Windows 7, only the 64 bit variety, correct?

      • #2282233 Reply
        Microfix
        AskWoody MVP

        ok, I managed to get the x64 .NET 4.5.2 in for July on two devices.
        How I done it was:
        Restarted the device and do absolutely nothing other than:
        go to services, stop BITS, Cryptographic Services and WU whilst offline.
        then use the dotNetFx4_ESU_Installer and do everything in the readme file as admin
        even install the .exe as admin.
        Worked a treat here 🙂

        No problem can be solved from the same level of consciousness that created IT -AE
      • #2282263 Reply
        7ProSP1
        AskWoody Lounger

        @Microfix:

        Using Windows 7 x64, I followed your steps exactly as you listed them and after the dotNetFx4_ESU_Installer finished doing its thing, it said “done”; however, upon going to Windows Update → View update history → Installed Updates, the .NET update for 4.x is, in fact, NOT listed.

        Thinking I did something wrong, I rebooted and re-did the steps with the same result but this time I noticed the word “rollback” flashed very quickly in the bottom left corner of the Microsoft .NET framework installer screen.

        An error screen is not shown using the dotNetFx4_ESU_Installer script (as when you try to install the .NET 4.x updates manually using the filename.exe /msioptions “ESU_LOCK=2D40812E-974C-4EA2-8DCC-63C992D505B9” command), so anyone would conclude the installation was successful; unfortunately, this is not the case and, as @abbodi86 stated above, “dotNetFx4_ESU_Installer… no longer works for July updates.”

        Microsoft is supposedly working on a fix to allow for the successful installation of the July .NET 4.x updates on Windows 7 x64 systems as they are failing on all of them at the moment. Maybe @abbodi86 will beat them to the punch. 🙂

      • #2282269 Reply
        Microfix
        AskWoody MVP

        Looks like you checked the wrong thing as WU isn’t reliable for checking updates installed.
        check control panel> Programs Features> Installed updates instead.
        The ESU_Lock no longer works for July, it’s stated further up this thread but the dotNetFx4_ESU_Installer does work! see #2282005 🙂

        No problem can be solved from the same level of consciousness that created IT -AE
      • #2282283 Reply
        7ProSP1
        AskWoody Lounger

        In my above post, I went into Control Panel → Windows Update → View update history → Installed Updates (which brings me to the same screen as Control Panel → Programs Features → Installed updates) and Under Microsoft .NET Framework, and after following all your helpful steps and advice, the July update is still NOT listed.

        I don’t understand where I’m going wrong or what I’m doing wrong. If you don’t mind, could you please check your Installed Updates and/or provide a screenshot of your successful July .NET update install?

        • This reply was modified 2 weeks, 6 days ago by 7ProSP1. Reason: fixed typo
        • This reply was modified 2 weeks, 6 days ago by 7ProSP1.
        • #2282286 Reply
          Microfix
          AskWoody MVP

          W7x64NET
          Happily 🙂

          No problem can be solved from the same level of consciousness that created IT -AE
          Attachments:
        • #2282291 Reply
          Moonbear
          AskWoody Lounger

          Go into Control Panel click Windows Update then look at the bottom and click Installed Updates.

          That will show you the list @Microfix is talking about.

          Hope this helps.

          • #2282295 Reply
            Microfix
            AskWoody MVP

            check control panel> Programs Features> Installed updates instead.

            really! lol
            @PKCano will be along shortly to verify my findings and methodology 🙂

            No problem can be solved from the same level of consciousness that created IT -AE
      • #2282290 Reply
        7ProSP1
        AskWoody Lounger

        I notice in your screenshot that you installed the Security and Quality Rollups for all your installed .NET updates, while I have only installed and am trying to install the Security Only .NET update for July (KB4565583).

        I wonder if this difference is what may be causing my issue?

        It would be helpful if someone else here could try to duplicate the same result.

        • This reply was modified 2 weeks, 6 days ago by 7ProSP1.
      • #2282294 Reply
        7ProSP1
        AskWoody Lounger

        I did what you said @Moonbear and the last .NET update I have installed is the Security Update for Microsoft .NET Framework 4.5.2 (KB4552952) on 05/14/2020.

        The July Security Update for Microsoft .NET Framework 4.5.2 (KB4565583) did not/will not install for me using the dotNetFx4_ESU_Installer.

      • #2282302 Reply
        7ProSP1
        AskWoody Lounger

        OK, I have checked this three ways now:

        Control Panel → Windows Update → View update history → Installed Updates

        Control Panel → Programs Features → Installed Updates

        Control Panel → Windows Update → Installed Updates (in the bottom left corner)

        The results, after following @Microfix ‘s steps, all tell me the exact same thing:

        The last .NET update I have installed is the Security Update for Microsoft .NET Framework 4.5.2 (KB4552952) on 05/14/2020.

      • #2282742 Reply
        anonymous
        Guest

        Hi to all.

        7ProSP1, I have your same problem while using the script.

        I tried to apply Microfix’s advice, but the installation log file still report error 1603.

        I’m on a 32 bit machine.

        1 user thanked author for this post.
      • #2282814 Reply
        Microfix
        AskWoody MVP

        On July 23, 2020, update KB4565583 v2 was released to replace v1 for .NET Framework 4.5.2 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and Windows Server 2008 SP2. The v1 update did not install for customers who had certain ESU configurations. The v2 update corrects the issue for customers who could not install the v1 update.

        Source: https://support.microsoft.com/en-us/help/4565583/kb4565583

        Remember, v1 needed some workarounds v2 may not??
        so you’re on your own here at MS-Defcon2

        No problem can be solved from the same level of consciousness that created IT -AE
        1 user thanked author for this post.
        • #2282819 Reply
          PKCano
          Da Boss

          There were version-2 for all the Win7 .NET updates (Rollup and Security-only, 4.5.2 to 4.8) released on 7/23/2020.

          1 user thanked author for this post.
          • #2282820 Reply
            Microfix
            AskWoody MVP

            Yes, that was only an example of what the MS support document states across all versions so that everyone could quickly view it.

            No problem can be solved from the same level of consciousness that created IT -AE
      • #2282849 Reply
        7ProSP1
        AskWoody Lounger

        Despite MS re-issuing all July .NET 4.x patches and following all steps and instructions here:

        Installation Did Not Succeed.

        Software update KB4565583 has not been installed because:

        Fatal error during installation.

        MSI returned 0x643
        Entering Function: MspInstallerT >::Rollback

        I would appreciate it if anyone else could report their results.

        I don’t know how you managed to get your July .NET update to install successfully, @Microfix, but I’m sure glad you were able to. 🙂

        • #2282924 Reply
          abbodi86
          AskWoody_MVP

          Non-ESU users cannot install the .NET updates without external bypass

          3 users thanked author for this post.
      • #2282957 Reply
        7ProSP1
        AskWoody Lounger

        I finally got the original version 1 of KB4565583 to successfully install using your revised dotNetFx4_ESU_Installer.

        • This reply was modified 2 weeks, 3 days ago by 7ProSP1. Reason: fixed typo
        • This reply was modified 2 weeks, 3 days ago by 7ProSP1.
      • #2283089 Reply
        anonymous
        Guest

        Link for the revised dotNetFx4_ESU_Installer please.

        • #2283107 Reply
          anonymous
          Guest

          A browser search will find it.

          • #2283265 Reply
            Qnu
            AskWoody Lounger

            A browser search will find it.

            Typed in “revised dotNetFx4_ESU_Installer”

            found 3 links with nothing of help.

            • #2283268 Reply
              PKCano
              Da Boss

              Search on “dotNetFx4_ESU_Installer”
              The name of the file is dotNetFx4_ESU_Installer_r

              2 users thanked author for this post.
              • #2283323 Reply
                alpha128
                AskWoody Plus

                I found it.

                The ReadMe.txt says, “Extract the zip file contents to a folder with simple path.”  What constitutes a simple path?  Is something like “2020-07-DotNet4” simple enough?

              • #2283325 Reply
                anonymous
                Guest

                alpha128 wrote:
                What constitutes a simple path?

                Maybe something like this?
                c:\temp\

                Or maybe this?
                c:\dnfx4\

                Hope this helps.

              • #2283331 Reply
                anonymous
                Guest

                A simple path would be any folder 1 or 2 levels deep in the drive’s root directory like c:\DotNet4 or maybe even c:\ESU\DotNet4 but c:\2020-07-DotNet4 would work just fine.

                A not so simple path might be a folder several levels deep and include spaces in the folders or sub-folders name(s) like c:\folder name 1\sub-folder name 1\sub-sub-folder name 2\etc-1\etc_2\etc~3

                In reality though, a complex folder path will still work just fine only it’ll require a lot more typing setting the administrators command prompt path to the location of the folder containing the extracted “.bat” command file in order to execute it.

                4 users thanked author for this post.
              • #2283381 Reply
                alpha128
                AskWoody Plus

                “A simple path would be any folder 1 or 2 levels deep in the drive’s root directory like c:\DotNet4 or maybe even c:\ESU\DotNet4 but c:\2020-07-DotNet4 would work just fine.”

                Actually, the full path  of the folder I created is “C:\W7ESUI\2020-07-DotNet4”.  So I’ll leave it that way.  Thanks!

          • #2283366 Reply
            A1ex
            AskWoody Plus

            I found it ok and downloaded the zip file, but it’s password protected!

            A1ex

            • #2283385 Reply
              Paul T
              AskWoody MVP

              I downloaded the zip linked in #2281924 above and didn’t need a password to open it.

              cheers, Paul

              • #2283387 Reply
                Microfix
                AskWoody MVP

                Without verifying checksums that were issued with the original?
                If there is no zip password, it’s not the original file.

                No problem can be solved from the same level of consciousness that created IT -AE
              • #2283391 Reply
                PKCano
                Da Boss

                The correct file needs a password.

                1 user thanked author for this post.
              • #2283404 Reply
                alpha128
                AskWoody Plus

                The correct file needs a password.

                The version I found does not have a password.

                 

              • #2283408 Reply
                alpha128
                AskWoody Plus

                Here is the checksum information for the version I downloaded.  Do I have the correct version?  Please let me know!  Thank you.

                Name: dotNetFx4_ESU_Installer_r.zip
                Size: 8126 bytes (7 KiB)
                CRC32: 4A837AD0
                CRC64: 7BECD50A61C1CC9A
                SHA256: 3E1F48478404CC3FC372D4B8D00CC5E5B532BEE64AB9D78F5ECF2DDDA49E1227
                SHA1: 574937759D3DFACE77AA91082D80808EF093D65F
                BLAKE2sp: 732BB16B10CF115C13362624FBB42A1D6C1BACFD5B70E98B309AE867B48120F2
                
                • This reply was modified 2 weeks ago by alpha128.
                1 user thanked author for this post.
              • #2283487 Reply
                Chriski
                AskWoody Plus

                Just curious if the checksum info you posted was for a PW protected zip file or did it just extract without a password? Did you find a .zip with a PW? (The ones I found match yours and have the same SHA256 checksum, no password.)

                1 user thanked author for this post.
              • #2283411 Reply
                Microfix
                AskWoody MVP

                ORIGINAL zip file contains a password with an SHA-256 checksum as follows:
                3e1f48478404cc3fc372d4b8d00cc5e5b532bee64ab9d78f5ecf2ddda49e1227

                No problem can be solved from the same level of consciousness that created IT -AE
                • This reply was modified 2 weeks ago by Microfix. Reason: wrong checksum
                1 user thanked author for this post.
              • #2283421 Reply
                Chriski
                AskWoody Plus

                I’m certainly confused.

                I found: https://host-a.net/u/abbodi86

                and:

                dotNetFx4_ESU_Installer_r.zip

                which certainly seems legitimate (has abbodi86 ref), and yields the SHA256 checksum displayed in #2283411, but extracts just fine with NO password.

                Is there another REAL file somewhere else?

                (BTW the CMD in this file runs and installs the 7/23 .Net updates for Net 4.6 for x32 and Net 4.7 for x64; does it do something else I should worry about?)

                Thanks.

              • #2283422 Reply
                PKCano
                Da Boss

                Perhaps the password has been removed by @abbodi86?

              • #2283425 Reply
                Chriski
                AskWoody Plus

                Perhaps…

                The same named file in the other abbodi86 repository from the initial post in this thread is an exact binary compare, and it too extracts with no password.

                Why are people being cryptic about locations etc.? Are we giving up secrets we shouldn’t? I mean if we’re participating in this thread, and doing the operations mentioned, then we’ve already given consideration to all the implications, and we’re “in”. In for a penny, in for a pound, no?

                Chris

              • #2283482 Reply
                Chriski
                AskWoody Plus

                More confused …

                Verifying newly downloaded files and those that I used the past couple days … (all the same by the way)

                It comes to mind that the hash for a PW protected zipped fileset would be different than for the same fileset without a password. Wouldn’t it? (The password would need to be stored inside the zip file I would think.)

                My head is starting to hurt.

                 

                [old proverb: “one fool can ask more questions than 20 wise men can answer”]

              • #2283492 Reply
                Microfix
                AskWoody MVP

                Correction, my error, (copied from wrong folder on my PC)
                The original password locked dotNetFx4_ESU_Bypass.7z
                size 3455bytes (3kb)
                SHA256:
                0EA25AE5023145BE8C1D8B1836F4AF5A2C36E7D93538429B05EF1ECFF1C5F3F1
                sincere apologies for the confusion.
                It is impossible to change any file without affecting checksums.

                No problem can be solved from the same level of consciousness that created IT -AE
              • #2283508 Reply
                Chriski
                AskWoody Plus

                Thank you very much for this!

                The .ZIP file is NOT password protected; in the one repository there is also a .7z file that IS password protected.

                Not having the password, I cannot check the actual file contents to see if they are the same …

                But since they are (as near as I can tell) abbodi86’s repositories, and I’ve been happily using the main ESU script from his repository for months, I’m confident all is good.

                Chris

              • #2284585 Reply
                Moonbear
                AskWoody Lounger

                How do you find the checksums for the non password protected dotNetFx4_ESU_Installer_r.zip?

              • #2284588 Reply
                PKCano
                Da Boss

                right click on the file/zip. There should be a menu choice the shows the checksum. It’s 256, I think.

              • #2284591 Reply
                Moonbear
                AskWoody Lounger

                I don’t see an option to see the checksum when I right click on the zip.

              • #2284594 Reply
                abbodi86
                AskWoody_MVP
                    File: dotNetFx4_ESU_Installer_r.zip  
                
                   SHA-1: 574937759d3dface77aa91082d80808ef093d65f  
                
                 SHA-256: 3e1f48478404cc3fc372d4b8d00cc5e5b532bee64ab9d78f5ecf2ddda49e1227
                1 user thanked author for this post.
              • #2284596 Reply
                PKCano
                Da Boss

                OK, the reason I had the menu selection is because I have 7zip installed. It puts the selection in the context menu.
                See the information on 7zip here, as well as the command line you can use.

                Or hashmyfiles from Nirsofe.

                1 user thanked author for this post.
              • #2284626 Reply
                Moonbear
                AskWoody Lounger

                After some careful consideration, I’ve decided that I’ll just install 7-zip. Is this the right site? https://www.7-zip.org/

              • #2284628 Reply
                PKCano
                Da Boss

                That looks right

                1 user thanked author for this post.
              • #2284630 Reply
                Moonbear
                AskWoody Lounger

                My admin password prompt is saying my 7-zip download is from an unverified publisher, maybe I won’t be using this after-all.

                • This reply was modified 1 week, 3 days ago by Moonbear.
              • #2284634 Reply
                PKCano
                Da Boss

                Try downloading from MajorGeeks

              • #2284635 Reply
                Moonbear
                AskWoody Lounger

                Ok will do, sorry for taking up so much of your time with this.

              • #2284646 Reply
                Moonbear
                AskWoody Lounger

                Still showing as an unverified publisher even though Majorgeeks. I’m assuming that isn’t normal?

              • #2284653 Reply
                PKCano
                Da Boss

                A lot of people here use 7zip. Guess it’s your choice. There are other ways to get the checksum, mentioned in the links above.

                1 user thanked author for this post.
              • #2285383 Reply
                Chriski
                AskWoody Plus

                Also, opening a command window and using:

                certutil -hashfile <file_of_interest> SHA256

                will give the hash for the file of interest, for the algorithm, in this case SHA256.

                It will do: MD2 MD4 MD5 SHA1 SHA256 SHA384 SHA512

                Win 7 and later I believe. Supposedly case sensitive; is on my win 7 version.

                2 users thanked author for this post.
      • #2283510 Reply
        geekdom
        AskWoody Plus

        I don’t have a pony in this race, but could a summary and clarification be provided on what to download, where, and if a password is necessary.

        G{ot backup} TestBeta
        offline▸ Win10Pro 1909.18363.959 x64 i3-3220 RAM8GB HDD Firefox79.0 Windows{Image/Defender/Firewall}
        online▸ Win10Pro 1909.18363.959 x64 i5-9400 RAM16GB HDD Firefox80.0b6 Windows{Image/Defender/Firewall}
      • #2283523 Reply
        RDRguy
        AskWoody Lounger

        All, I think everyone’s talking apples & oranges here. @abbodi86 has 4 different dotNetFx4 scripts posted and some are password protected and some are not.

        The 2 “installer” scripts (dotNetFx4_ESU_Installer) don’t seem to be password protected and the 2 “bypass” scripts (dotNetFx4_ESU_Bypass) are.

        2 scripts (1 bypass & 1 installer) are pre-Jul and the 2 other (1 bypass & 1 installer) were revised in Jul after the Jul .Net updates were released as noted by the “_r” at end of file name (before the “.” file extension).

        As I’m not @abbodi86, I can only surmise that both the latest “installer” and the latest “bypass” scripts will install the Jul .Net (ver 4.5 & up) updates in non-ESU systems – one