Replies

I dutifully applied updates to my Win10Pro / 2004 systems this morning.  This was my first monthly update since upgrading to 2004 last week.  It went ok, but I did notice something odd.

I was offered the .NET CU (KB4578968) and the Win10 CU (KB4579311).  After they downloaded, it installed the .NET CU first.  When it finished, Windows Update displayed the Restart button … while the Win10 CU was still installing.  I’ve never seen that before.  Windows Update always waited until all the “pending restart” updates were installed before showing the button to prompt for the restart.  All of my systems showed this behavior.

I waited for the Win10 CU to complete before hitting the button, of course.  But is this behavior typical of 2004?  Did anyone else see this?

2 users thanked author for this post.

jburk07, PFC

From the KB article:

If another security update for Adobe Flash Player is released, customers who take this removal update will still be offered the security update.

But if I take the removal update, Flash is supposed to be removed.  Why would I be offered a security update if the software is no longer installed?

And why is MS using a Windows update to remove Flash?  Can’t I do that myself?  Does MS generally remove third-party software via a Windows update?

Thanks for the reply.  There is a “Manage Preview Builds” item under Windows Update for Business, but that applies to Windows Preview Builds.  .NET Framework previews seem to have their own set of rules.

It’s really strange.  I updated to 2004 yesterday, and right afterwards WU offered me the September .NET Framework CU.  I installed it.  Today I’m being offered the September .NET Framework CU Preview.

Maybe I misunderstood something.  I thought the September CU preview was put out there for testing, and that it would be part of the next month (October) CU.  So there was no point to installing the preview unless you needed to do some testing.

 

So you’re saying that we get offered the Previews because we haven’t installed the Windows CU from earlier in the month?  I thought the Preview (for .NET) was supposed to be included in next month’s Windows CU.

I just bumped up my systems to 2004 yesterday, and I’m already getting a WU nag for the 2020-09 .NET Preview.  I still don’t understand.

And I’ve used wushowhide on this update several times.  It keeps showing up.

I don’t understand why WU is offering me these .NET CU Previews.  I’m not part of any Insider or Preview group.  I don’t get offered any other preview updates.

I’ve tried using wushowhide to hide the preview, but it has no effect.  Why am I getting these things?

 

When I upgraded (?) to 2004, not only did the GUI options disappear, but the values for feature and quality deferrals disappeared from the registry.  I would have had to recreate them all (method 1).  It was much simpler to do it in GP.

Thanks!  I opted for the group policy approach (method 2) rather than trying to recreate all the registry keys.

After making the group policy changes, I went back into the registry to see if my policy settings were reflected in new or modified registry keys.  I saw no changes.  I rebooted and looked again, refreshed a few times and still saw nothing.

So I got another cup of coffee, came back 5 minutes later, and – voila! – all the registry values were there, including “TargetReleaseVersion”.  I gather that gpedit doesn’t directly write to the registry, but that there’s some process that came through and made the changes.  Is that what you’ve seen?

1 user thanked author for this post.

wavy

Thanks, this was timely as I just bumped my first system up to 2004.

Under Windows Update for Business in group policy, is it recommended to enable the “Select when Quality Updates are received” and “Select when Preview Builds and Feature Updates are received”?  Do these policies implement the “Choose when updates are installed” settings that used to be under Advanced Options?

 

In addition to the update from my scheduled MpCmdRun.exe task, I also see an update from the “Dynamic Signature Service” (Defender event ID 2010).  It happens every 24 hours, although the time of day shifts every few weeks for reasons unknown.  I’ve found some info about this service, but it’s in Win8.1 documentation, and I never know whether to believe info about older operating systems.

Defender updates have been driving me nuts for ages.  I have Windows Update set to “notify” so I don’t get automatic updates (at least I don’t think I get them.)  So my solution is a scheduled task that runs MpCmdRun.exe once a day to get updates.

But when I look in the Event Viewer, along with that task-driven update, I see a second signature update that occurs every 24 hours.  The Windows Update logs don’t show these updates, so I can’t figure out where they’re coming from.  The MS docs are pretty useless on it, as they are geared to corporate environments with update servers.  (I’m running Pro on home systems.)

I agree with the earlier post that MS should separate the Defender signature update settings from the regular Windows Update settings.

Yes, I should have thought of clearing the cache as well.  It cleared up my odd Vivaldi problem.

2 users thanked author for this post.

jburk07, woody

I’m running into some odd behavior.  I’ve patched several test machines and then loaded the curveball test page.  On all but one, the test now shows not vulnerable with both Vivaldi and Chrome.

On one system, though, it shows vulnerable with Vivaldi, but not with Chrome.  All systems have the latest Vivaldi version and are running the same security software.  On the problem system, the January update shows as installed, and the crypt32.dll file shows a new timestamp.  Don’t know why Vivaldi would be showing vulnerable on this one system.

1 user thanked author for this post.

jburk07

I’m definitely running 1909 (build 18363.476) per winver.  But the BuildLab string that is used for the version-on-desktop is “18362.19h1_release.190318-1202”.

It’s not a great loss.  Years ago, the desktop version shown was very specific and easy to understand as a way to tell whether service packs had been installed.  But Windows 10 with all its versions and cumulative updates has made the desktop version string so cryptic that it’s now worthless to me.

My upgrades went without incident as well.  In addition to the install date issue, there’s another quirk.  I use the registry tweak to show the Windows version on the desktop, which gets its value from

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BuildLab

The 1909 upgrade didn’t update this value for some reason, so the version shown on the desktop is still 1903.  System info shows 1909.  Maybe the “version number on desktop” feature has reached end-of-life.

 

That’s at least twice that you have used the phrase “broke VB”, Woody.  That’s misleading.  Apps written in VB.net, which debuted in 2002 or so, work just fine.

The problem is with apps written with VB6, which was declared “legacy” over 10 years ago.  I’m sure you know that, so I don’t understand why you’re spreading fud about vb in general.

1 user thanked author for this post.

b