Solved

How to cancel scheduled windows updates?

Posted on 2014-02-27
11
394 Views
Last Modified: 2014-03-15
Hi Experts,

I hope you can help me.

We are having a slowness issue on a classroom where I work.

I have blocked inheritance on the Ou this classroom is and only have limited group policies added back.

The problem is I didn't add back our WSUS policy and now the systems have detected updates directly from microsoft and scheduled them for 6 pm tonight.

How do I stop this?  I put the policy back and forced policy but they are still scheduled.  They cannot install and it's a few hours away.

Help.

thank you,

Karen
0
Comment
Question by:klsphotos
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 15

Expert Comment

by:achaldave
ID: 39892620
Try restarting windows update service on workstations after forcing wsus group policy
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39892652
in addition to achaldave, you can run the rsop.msc to check if still policy is reflecting.
0
 

Author Comment

by:klsphotos
ID: 39892728
I did and restarted the system, the updates are still there and pending for tonight at 6 pm.  The policy applied but it didn't cancel the updates.

At this point I am thinking I can manually go into each computer through AD and disable the Windows Update service and I created a duplicate WSUS policy for now that has windows update disabled and removing the other one.  I can't keep it like that though we have forefront updates that come in daily :(
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 15

Expert Comment

by:achaldave
ID: 39892768
As sgupta1181 suggested run rsop.msc and collect policy information it should show you which policy is in effect on the machine so you can identify what is blocking gpo settings from you new policy.
Try enforcing the group policy so it will take precedence over any conflicting policy.
0
 

Author Comment

by:klsphotos
ID: 39892819
I did all of that.  The correct policy are applying but they are not canceling out the pending windows updates that downloaded and are scheduled to install at 6 pm, they are still there.

These updates went out to the default Microsoft website and downloaded what the system needed and scheduled them when I did not have our policy applied.  Even though it's now applied and working it did not cancel what it scheduled, they are still pending.  One update is IE11.  The programs the students use are not compatible with IE11 yet and there is no way I can have them deploy.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39892845
hi,

Just for a workaround dont disable windows update services. use SC command to disable the service from any machine.

sc \\10.167.58.42 config wuauserv start= disabled
sc \\10.167.58.43 config wuauserv start= disabled

and so on.
0
 
LVL 15

Expert Comment

by:achaldave
ID: 39892879
You can block IE 11 using IE blocker tool kit
http://www.microsoft.com/en-us/download/details.aspx?id=40722

Try renaming C:\windows\winsxs\pending.xml, you might need to take ownership first
takeown /f C:\windows\winsxs\pending.xml
ren C:\windows\winsxs\pending.xml C:\windows\winsxs\pending.xml.old

If you have sccm like tool, you can create script and apply to all machines. Also check if any other application like sccm is controlling updates or not
0
 

Author Comment

by:klsphotos
ID: 39892968
WSUS is controlling the updates.
The "Wsus" policy controls that.  We have IE11 blocked on WSUS but when I removed all policies, that quick it took the default settings of windows update and downloaded all that was needed.  Being a school we only patch during breaks.

The service is disabled on all systems and the new policy I put there to disable windows updates being installed tonight look like they are successful.

Shouldn't they automatically if the policy is applying point to our WSUS server now not windows update when I enable this?  That isn't what it was doing, they were still there.

Achaldave - I do not have a pending.xml in that directory?

Thank you all for your help, these installing just cannot happen.
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 39893845
Being a school we only patch during breaks.

That is a rather cavalier attitude re windows updates. Once the patches have been released the bad guy's reverse engineer them to find the exploit and then use this information rather quickly to begin their campaign of terror. I'm sure that there are PD days every month that you could apply your updates.. once a month is not bad compared to once every 3 months. If all of the machines run as a standard user then over 90% of the exploits and 100% of the IE exploits are stopped dead in their tracks.
0
 

Accepted Solution

by:
klsphotos earned 0 total points
ID: 39917529
Hi David and  thank you.  

This is out of my control.  My boss understands the risk and not holding me accountable, this is what I was told to do.  The person before me did a lot of damage because he couldn't control the updates and they interfered with class time.  Students are standard users.  Forefront are the only updates that are allowed daily.

This is resolved for now.  I still cannot find the pending.xml but the service is disabled and I will have to resolve it manually.  I checked one of them on Friday and they are only behind by one update.  I will monitor them through Forefront for the next two months until they are reimaged.

Thanks again,

Karen
0
 

Author Closing Comment

by:klsphotos
ID: 39931083
There really was no solution to this besides disabling the windows update service manually and then through policy.  I checked the systems and all updates are still pending and want to install since they missed the scheduled date.  The policy kicks in after that fact since it was applied afterwards.  The original question was how to change or stop the pending once it's scheduled but as far as I can tell there isn't one - so disabled it for now.
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The related questions "How do I recover the passwords for my Q-See DVR" and "How can I reset my Q-See DVR to eliminate a password" are seen several times a week.  Here we discuss the grim reality of the situation.
There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question