Solved

How to cancel scheduled windows updates?

Posted on 2014-02-27
11
387 Views
Last Modified: 2014-03-15
Hi Experts,

I hope you can help me.

We are having a slowness issue on a classroom where I work.

I have blocked inheritance on the Ou this classroom is and only have limited group policies added back.

The problem is I didn't add back our WSUS policy and now the systems have detected updates directly from microsoft and scheduled them for 6 pm tonight.

How do I stop this?  I put the policy back and forced policy but they are still scheduled.  They cannot install and it's a few hours away.

Help.

thank you,

Karen
0
Comment
Question by:klsphotos
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 15

Expert Comment

by:achaldave
ID: 39892620
Try restarting windows update service on workstations after forcing wsus group policy
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39892652
in addition to achaldave, you can run the rsop.msc to check if still policy is reflecting.
0
 

Author Comment

by:klsphotos
ID: 39892728
I did and restarted the system, the updates are still there and pending for tonight at 6 pm.  The policy applied but it didn't cancel the updates.

At this point I am thinking I can manually go into each computer through AD and disable the Windows Update service and I created a duplicate WSUS policy for now that has windows update disabled and removing the other one.  I can't keep it like that though we have forefront updates that come in daily :(
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 15

Expert Comment

by:achaldave
ID: 39892768
As sgupta1181 suggested run rsop.msc and collect policy information it should show you which policy is in effect on the machine so you can identify what is blocking gpo settings from you new policy.
Try enforcing the group policy so it will take precedence over any conflicting policy.
0
 

Author Comment

by:klsphotos
ID: 39892819
I did all of that.  The correct policy are applying but they are not canceling out the pending windows updates that downloaded and are scheduled to install at 6 pm, they are still there.

These updates went out to the default Microsoft website and downloaded what the system needed and scheduled them when I did not have our policy applied.  Even though it's now applied and working it did not cancel what it scheduled, they are still pending.  One update is IE11.  The programs the students use are not compatible with IE11 yet and there is no way I can have them deploy.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39892845
hi,

Just for a workaround dont disable windows update services. use SC command to disable the service from any machine.

sc \\10.167.58.42 config wuauserv start= disabled
sc \\10.167.58.43 config wuauserv start= disabled

and so on.
0
 
LVL 15

Expert Comment

by:achaldave
ID: 39892879
You can block IE 11 using IE blocker tool kit
http://www.microsoft.com/en-us/download/details.aspx?id=40722

Try renaming C:\windows\winsxs\pending.xml, you might need to take ownership first
takeown /f C:\windows\winsxs\pending.xml
ren C:\windows\winsxs\pending.xml C:\windows\winsxs\pending.xml.old

If you have sccm like tool, you can create script and apply to all machines. Also check if any other application like sccm is controlling updates or not
0
 

Author Comment

by:klsphotos
ID: 39892968
WSUS is controlling the updates.
The "Wsus" policy controls that.  We have IE11 blocked on WSUS but when I removed all policies, that quick it took the default settings of windows update and downloaded all that was needed.  Being a school we only patch during breaks.

The service is disabled on all systems and the new policy I put there to disable windows updates being installed tonight look like they are successful.

Shouldn't they automatically if the policy is applying point to our WSUS server now not windows update when I enable this?  That isn't what it was doing, they were still there.

Achaldave - I do not have a pending.xml in that directory?

Thank you all for your help, these installing just cannot happen.
0
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 39893845
Being a school we only patch during breaks.

That is a rather cavalier attitude re windows updates. Once the patches have been released the bad guy's reverse engineer them to find the exploit and then use this information rather quickly to begin their campaign of terror. I'm sure that there are PD days every month that you could apply your updates.. once a month is not bad compared to once every 3 months. If all of the machines run as a standard user then over 90% of the exploits and 100% of the IE exploits are stopped dead in their tracks.
0
 

Accepted Solution

by:
klsphotos earned 0 total points
ID: 39917529
Hi David and  thank you.  

This is out of my control.  My boss understands the risk and not holding me accountable, this is what I was told to do.  The person before me did a lot of damage because he couldn't control the updates and they interfered with class time.  Students are standard users.  Forefront are the only updates that are allowed daily.

This is resolved for now.  I still cannot find the pending.xml but the service is disabled and I will have to resolve it manually.  I checked one of them on Friday and they are only behind by one update.  I will monitor them through Forefront for the next two months until they are reimaged.

Thanks again,

Karen
0
 

Author Closing Comment

by:klsphotos
ID: 39931083
There really was no solution to this besides disabling the windows update service manually and then through policy.  I checked the systems and all updates are still pending and want to install since they missed the scheduled date.  The policy kicks in after that fact since it was applied afterwards.  The original question was how to change or stop the pending once it's scheduled but as far as I can tell there isn't one - so disabled it for now.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The 21st century solution to antiquated pagers.
February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question