Solved

How to cancel scheduled windows updates?

Posted on 2014-02-27
11
384 Views
Last Modified: 2014-03-15
Hi Experts,

I hope you can help me.

We are having a slowness issue on a classroom where I work.

I have blocked inheritance on the Ou this classroom is and only have limited group policies added back.

The problem is I didn't add back our WSUS policy and now the systems have detected updates directly from microsoft and scheduled them for 6 pm tonight.

How do I stop this?  I put the policy back and forced policy but they are still scheduled.  They cannot install and it's a few hours away.

Help.

thank you,

Karen
0
Comment
Question by:klsphotos
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 15

Expert Comment

by:achaldave
ID: 39892620
Try restarting windows update service on workstations after forcing wsus group policy
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39892652
in addition to achaldave, you can run the rsop.msc to check if still policy is reflecting.
0
 

Author Comment

by:klsphotos
ID: 39892728
I did and restarted the system, the updates are still there and pending for tonight at 6 pm.  The policy applied but it didn't cancel the updates.

At this point I am thinking I can manually go into each computer through AD and disable the Windows Update service and I created a duplicate WSUS policy for now that has windows update disabled and removing the other one.  I can't keep it like that though we have forefront updates that come in daily :(
0
 
LVL 15

Expert Comment

by:achaldave
ID: 39892768
As sgupta1181 suggested run rsop.msc and collect policy information it should show you which policy is in effect on the machine so you can identify what is blocking gpo settings from you new policy.
Try enforcing the group policy so it will take precedence over any conflicting policy.
0
 

Author Comment

by:klsphotos
ID: 39892819
I did all of that.  The correct policy are applying but they are not canceling out the pending windows updates that downloaded and are scheduled to install at 6 pm, they are still there.

These updates went out to the default Microsoft website and downloaded what the system needed and scheduled them when I did not have our policy applied.  Even though it's now applied and working it did not cancel what it scheduled, they are still pending.  One update is IE11.  The programs the students use are not compatible with IE11 yet and there is no way I can have them deploy.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39892845
hi,

Just for a workaround dont disable windows update services. use SC command to disable the service from any machine.

sc \\10.167.58.42 config wuauserv start= disabled
sc \\10.167.58.43 config wuauserv start= disabled

and so on.
0
 
LVL 15

Expert Comment

by:achaldave
ID: 39892879
You can block IE 11 using IE blocker tool kit
http://www.microsoft.com/en-us/download/details.aspx?id=40722

Try renaming C:\windows\winsxs\pending.xml, you might need to take ownership first
takeown /f C:\windows\winsxs\pending.xml
ren C:\windows\winsxs\pending.xml C:\windows\winsxs\pending.xml.old

If you have sccm like tool, you can create script and apply to all machines. Also check if any other application like sccm is controlling updates or not
0
 

Author Comment

by:klsphotos
ID: 39892968
WSUS is controlling the updates.
The "Wsus" policy controls that.  We have IE11 blocked on WSUS but when I removed all policies, that quick it took the default settings of windows update and downloaded all that was needed.  Being a school we only patch during breaks.

The service is disabled on all systems and the new policy I put there to disable windows updates being installed tonight look like they are successful.

Shouldn't they automatically if the policy is applying point to our WSUS server now not windows update when I enable this?  That isn't what it was doing, they were still there.

Achaldave - I do not have a pending.xml in that directory?

Thank you all for your help, these installing just cannot happen.
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 39893845
Being a school we only patch during breaks.

That is a rather cavalier attitude re windows updates. Once the patches have been released the bad guy's reverse engineer them to find the exploit and then use this information rather quickly to begin their campaign of terror. I'm sure that there are PD days every month that you could apply your updates.. once a month is not bad compared to once every 3 months. If all of the machines run as a standard user then over 90% of the exploits and 100% of the IE exploits are stopped dead in their tracks.
0
 

Accepted Solution

by:
klsphotos earned 0 total points
ID: 39917529
Hi David and  thank you.  

This is out of my control.  My boss understands the risk and not holding me accountable, this is what I was told to do.  The person before me did a lot of damage because he couldn't control the updates and they interfered with class time.  Students are standard users.  Forefront are the only updates that are allowed daily.

This is resolved for now.  I still cannot find the pending.xml but the service is disabled and I will have to resolve it manually.  I checked one of them on Friday and they are only behind by one update.  I will monitor them through Forefront for the next two months until they are reimaged.

Thanks again,

Karen
0
 

Author Closing Comment

by:klsphotos
ID: 39931083
There really was no solution to this besides disabling the windows update service manually and then through policy.  I checked the systems and all updates are still pending and want to install since they missed the scheduled date.  The policy kicks in after that fact since it was applied afterwards.  The original question was how to change or stop the pending once it's scheduled but as far as I can tell there isn't one - so disabled it for now.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now