Solved

how to prevetn sysprep to turn automatic update back on

Posted on 2012-03-28
9
1,602 Views
Last Modified: 2012-03-29
we don't want our windows 7 laptops to have automatic updates on. We set them oof on all our masters but we we have sysprep running after making mass numbers of clones. It turns automatic updates back onand we don't want. I tried some registry settigns but that did notwork.
So please let me know if you have experienced with this problem and have the answer.
All laptops are windwos 7
0
Comment
Question by:wajhiuddin
  • 4
  • 4
9 Comments
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 37780309
If your laptops are domain members, a much better solution is to use group policies to set your Automatic Updates options.

Curious, how do you patch your systems and prevent them from getting attacked from web site drive-by attacks, malicious email, spear phishing, etc.?
0
 
LVL 28

Expert Comment

by:Michael Pfister
ID: 37781142
If you run sysprep with an unattend.xml file you can add your own commands in the specialize section under amd64_Microsoft-Windows-Deployment_6.1.7600.16385_neutral.

i.e.

sc config wuauserv start= disabled

would disable the Windows Update service.

But I agree with kevinhsieh, better patch them!
0
 

Author Comment

by:wajhiuddin
ID: 37781634
clients are getting windows patches buy Symatntec End point, and CMS, can't  disable windows updates services becasue syamtec won't able to deliver patches , just don't want AU enable becasue while machines getting  customizations  windows updates get started whcih slows down the process.
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 28

Expert Comment

by:Michael Pfister
ID: 37781703
Ok, that wasn't clear from your original post.
Then either use GPO to disable Windows Updates or add the following registy key:


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000001

you might be able to run

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoUpdate /d 1 /t REG_DWORD /f

as a command in your unattend.xml
0
 

Author Comment

by:wajhiuddin
ID: 37781731
I don't see the option in local GPO to disabel AU in windows 7, is it availabe where?
I am talking about local group policy instead of domain, clients won't get domain policy untill they get customized,
0
 

Author Comment

by:wajhiuddin
ID: 37781856
: mpfister thanks it works I also need to add following retkeys please
"IncludeRecommendedUpdates"=dword:00000000
"ElevateNonAdmins"=dword:00000000
can you please send me the command as you did for
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoUpdate /d 1 /t REG_DWORD /f


thansk
0
 
LVL 28

Expert Comment

by:Michael Pfister
ID: 37781893
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v IncludeRecommendedUpdates /d 0 /t REG_DWORD /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v ElevateNonAdmins  /d 0 /t REG_DWORD /f

HTH
0
 
LVL 28

Accepted Solution

by:
Michael Pfister earned 500 total points
ID: 37781901
Post above looks strange, this is better:

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v IncludeRecommendedUpdates /d 0 /t REG_DWORD /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v ElevateNonAdmins  /d 0 /t REG_DWORD /f

Open in new window

0
 

Author Closing Comment

by:wajhiuddin
ID: 37782018
mpfister ,
U R the man
Thanks
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Use GPO to map & set default printer for all computers within AD security group 1 66
CRM 2011 Decimal Out of Range 2 50
Microsoft Access Table name 3 57
ost file to pst 10 165
We were having a lot of "Heartbeat Alerts" in our SCOM environment, now "Heartbeat" in a SCOM environment for those of you who might not be familiar with SCOM is a packet of data sent from the agent to the management server on a regular basis, basic…
This collection of functions covers all the normal rounding methods of just about any numeric value.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question