tis-fix-disable-windows-update

10.0-26
Hard way to prevent Windows Updates from running on Windows 10 over WATP WUA
2565 downloads
Download
View on luti logo
tis-fix-disable-windows-update icon

  Description 

  • package : tis-fix-disable-windows-update
  • version : 10.0-26
  • architecture : all
  • categories : Configuration,System and network
  • maintainer : WAPT Team,Tranquil IT,Simon FONTENEAU
  • description : Hard way to prevent Windows Updates from running on Windows 10 over WATP WUA
  • locale :
  • target_os : windows
  • min_wapt_version : 1.7
  • sources :
  • installed_size :
  • impacted_process :
  • description_fr :
  • description_pl :
  • description_de :
  • description_es :
  • description_pt :
  • description_it :
  • description_nl :
  • description_ru :
  • editor :
  • licence :
  • signature_date : 2021-12-20T13:54:47.736747

  Setup.py 

# -*- coding: utf-8 -*-
from setuphelpers import *

uninstallkey = []

uo_tasks_list = ['Backup Scan','Driver Install','Maintenance Install','MusUx_UpdateInterval','Reboot_AC','Reboot_Battery',
        'Schedule Scan','Schedule Scan Static Task','Universal Orchestrator Start','UpdateModelTask','USO_UxBroker']
wu_list_tasks = ['Scheduled Start','sihpostreboot']

def install():
    if windows_version() > Version('10'):
        for service in ('dosvc','waasmedicsvc','unosvc'):
            print("Checking  %s " % service)
            if reg_key_exists(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services\%s' % service):
                if int(registry_readstring(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services\%s' % service,'start')) !=4:
                    print('Disabling Windows Remediation Service (%s)'% service)
                    registry_set(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services\%s' % service,'start',4)
                    try:
                        service_stop(service)
                    except:
                        pass
                    run_notfatal('taskkill /FI "SERVICES eq %s"  /F' % service)
            else:
                print('no service %s found ' % service)
        # osrss (Windows 10 Update Facilitation) cannot be shut down with standard way
        #https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsUpdate::DoNotConnectToWindowsUpdateInternetLocations&Language=fr-fr
        registry_set(HKEY_LOCAL_MACHINE,r'SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate','DoNotConnectToWindowsUpdateInternetLocations', 1, REG_DWORD)
        #https://github.com/vFense/vFenseAgent-win/wiki/Registry-keys-for-configuring-Automatic-Updates-&-WSUS
        registry_set(HKEY_LOCAL_MACHINE, r'Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate', 'UseWUServer', 1, REG_DWORD)
        registry_set(HKEY_LOCAL_MACHINE, r'Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate', 'WUStatusServer', "http://127.0.0.1:8088")
        registry_set(HKEY_LOCAL_MACHINE, r'Software\Policies\Microsoft\Windows\WindowsUpdate\AU', 'AUOptions',  2, REG_DWORD)
        registry_set(HKEY_LOCAL_MACHINE, r'Software\Policies\Microsoft\Windows\WindowsUpdate\AU', 'NoAutoUpdate',  1, REG_DWORD)
        registry_set(HKEY_LOCAL_MACHINE, r'Software\Policies\Microsoft\Windows\WindowsUpdate\AU', 'UseWUServer',  1, REG_DWORD)

        registry_set(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services\osrss','start',4)
        run_notfatal(r"icacls c:\windows\system32\osrss.dll /deny *S-1-1-0:(oi)(ci)(DE,dc)")
        run_notfatal('taskkill /FI "SERVICES eq osrss"  /F')

        # wuauserv is still need for waptwua
        registry_set(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services\wuauserv','start',4)


        for task in uo_tasks_list:
            try:
                disable_task(r'\Microsoft\Windows\UpdateOrchestrator\%s' % task)
            except:
                print('Unable to disable %s' % task)

        try:
            disable_task(r'\Microsoft\Windows\WaaSMedic\PerformRemediation')
        except:
            print('Unable to disable PerformRemediation')


        for task in wu_list_tasks:
            try:
                disable_task(r'\Microsoft\Windows\WindowsUpdate\%s' % task)
            except:
                print('Unable to disable %s' % task)

        try:
            print('Uninstall Microsoft Update Health Tools')
            run_notfatal(uninstall_cmd('{BAB9FCC5-1506-4B4F-BFCA-EDE0BDB86C21}'))
        except:
            print('Microsoft Update Health Tools already uninstalled')

        print('Disable SilentInstalledAppsEnabled')
        registry_set(HKEY_CURRENT_USER,r'SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager','SilentInstalledAppsEnabled',0)


def uninstall():
    for service in ('dosvc','waasmedicsvc','unosvc'):
        print("Checking  %s " % service)
        if reg_key_exists(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services\%s' % service):
            if int(registry_readstring(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services\%s' % service,'start')) != 2:
                print('Enable Windows Remediation Service (%s)'% service)
                registry_set(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services\%s' % service,'start',2)
                try:
                    service_start(service)
                except:
                    pass
        else:
            print('no service %s found ' % service)
    # osrss (Windows 10 Update Facilitation) cannot be shut down with standard way
    registry_set(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services\osrss','start',2)
    run_notfatal(r"icacls c:\windows\system32\osrss.dll /Grant *S-1-1-0:(oi)(ci)(DE,dc)")

    # wuauserv is still need for waptwua
    registry_set(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services\wuauserv','start',2)


    for task in uo_tasks_list:
        try:
            enable_task(r'\Microsoft\Windows\UpdateOrchestrator\%s' % task)
        except:
            print('Unable to enable %s' % task)

    try:
        enable_task(r'\Microsoft\Windows\WaaSMedic\PerformRemediation')
    except:
        print('Unable to enable PerformRemediation')


    for task in wu_list_tasks:
        try:
            enable_task(r'\Microsoft\Windows\WindowsUpdate\%s' % task)
        except:
            print('Unable to enable %s' % task)


def audit():
    install()
    return "OK"


def session_setup():
    registry_set(HKEY_CURRENT_USER,r'Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy','Disabled',1)
    registry_set(HKEY_CURRENT_USER,r'Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager','SubscribedContent-338388Enabled',0)
    #https://github.com/vFense/vFenseAgent-win/wiki/Registry-keys-for-configuring-Automatic-Updates-&-WSUS
    registry_set(HKEY_CURRENT_USER,r'Software\Microsoft\Windows\CurrentVersion\Policies\Explorer','NoWindowsUpdate',1)
    registry_set(HKEY_CURRENT_USER,r'Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate','DisableWindowsUpdateAccess',1)


def update_package():
    # Initializing variables
    version = control.get_software_version()

    # Incrementing version of the package
    control.version = '%s-%s'%(version,int(control.version.split('-')[-1])+1)
    control.save_control_to_wapt()
    print('Changing version to: %s in WAPT\\control' % control.version)




										

  Changelog 



No changelog.txt.
									
  manifest.sha256