Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How to cancel scheduled windows updates?

Posted on 2014-02-27
11
Medium Priority
?
420 Views
Last Modified: 2014-03-15
Hi Experts,

I hope you can help me.

We are having a slowness issue on a classroom where I work.

I have blocked inheritance on the Ou this classroom is and only have limited group policies added back.

The problem is I didn't add back our WSUS policy and now the systems have detected updates directly from microsoft and scheduled them for 6 pm tonight.

How do I stop this?  I put the policy back and forced policy but they are still scheduled.  They cannot install and it's a few hours away.

Help.

thank you,

Karen
0
Comment
Question by:klsphotos
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 15

Expert Comment

by:achaldave
ID: 39892620
Try restarting windows update service on workstations after forcing wsus group policy
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39892652
in addition to achaldave, you can run the rsop.msc to check if still policy is reflecting.
0
 

Author Comment

by:klsphotos
ID: 39892728
I did and restarted the system, the updates are still there and pending for tonight at 6 pm.  The policy applied but it didn't cancel the updates.

At this point I am thinking I can manually go into each computer through AD and disable the Windows Update service and I created a duplicate WSUS policy for now that has windows update disabled and removing the other one.  I can't keep it like that though we have forefront updates that come in daily :(
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
LVL 15

Expert Comment

by:achaldave
ID: 39892768
As sgupta1181 suggested run rsop.msc and collect policy information it should show you which policy is in effect on the machine so you can identify what is blocking gpo settings from you new policy.
Try enforcing the group policy so it will take precedence over any conflicting policy.
0
 

Author Comment

by:klsphotos
ID: 39892819
I did all of that.  The correct policy are applying but they are not canceling out the pending windows updates that downloaded and are scheduled to install at 6 pm, they are still there.

These updates went out to the default Microsoft website and downloaded what the system needed and scheduled them when I did not have our policy applied.  Even though it's now applied and working it did not cancel what it scheduled, they are still pending.  One update is IE11.  The programs the students use are not compatible with IE11 yet and there is no way I can have them deploy.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39892845
hi,

Just for a workaround dont disable windows update services. use SC command to disable the service from any machine.

sc \\10.167.58.42 config wuauserv start= disabled
sc \\10.167.58.43 config wuauserv start= disabled

and so on.
0
 
LVL 15

Expert Comment

by:achaldave
ID: 39892879
You can block IE 11 using IE blocker tool kit
http://www.microsoft.com/en-us/download/details.aspx?id=40722

Try renaming C:\windows\winsxs\pending.xml, you might need to take ownership first
takeown /f C:\windows\winsxs\pending.xml
ren C:\windows\winsxs\pending.xml C:\windows\winsxs\pending.xml.old

If you have sccm like tool, you can create script and apply to all machines. Also check if any other application like sccm is controlling updates or not
0
 

Author Comment

by:klsphotos
ID: 39892968
WSUS is controlling the updates.
The "Wsus" policy controls that.  We have IE11 blocked on WSUS but when I removed all policies, that quick it took the default settings of windows update and downloaded all that was needed.  Being a school we only patch during breaks.

The service is disabled on all systems and the new policy I put there to disable windows updates being installed tonight look like they are successful.

Shouldn't they automatically if the policy is applying point to our WSUS server now not windows update when I enable this?  That isn't what it was doing, they were still there.

Achaldave - I do not have a pending.xml in that directory?

Thank you all for your help, these installing just cannot happen.
0
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 39893845
Being a school we only patch during breaks.

That is a rather cavalier attitude re windows updates. Once the patches have been released the bad guy's reverse engineer them to find the exploit and then use this information rather quickly to begin their campaign of terror. I'm sure that there are PD days every month that you could apply your updates.. once a month is not bad compared to once every 3 months. If all of the machines run as a standard user then over 90% of the exploits and 100% of the IE exploits are stopped dead in their tracks.
0
 

Accepted Solution

by:
klsphotos earned 0 total points
ID: 39917529
Hi David and  thank you.  

This is out of my control.  My boss understands the risk and not holding me accountable, this is what I was told to do.  The person before me did a lot of damage because he couldn't control the updates and they interfered with class time.  Students are standard users.  Forefront are the only updates that are allowed daily.

This is resolved for now.  I still cannot find the pending.xml but the service is disabled and I will have to resolve it manually.  I checked one of them on Friday and they are only behind by one update.  I will monitor them through Forefront for the next two months until they are reimaged.

Thanks again,

Karen
0
 

Author Closing Comment

by:klsphotos
ID: 39931083
There really was no solution to this besides disabling the windows update service manually and then through policy.  I checked the systems and all updates are still pending and want to install since they missed the scheduled date.  The policy kicks in after that fact since it was applied afterwards.  The original question was how to change or stop the pending once it's scheduled but as far as I can tell there isn't one - so disabled it for now.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With more and more companies allowing their employees to work remotely, it begs the question: What are some of the security risks involved with remote employees and what actions should we take to secure them?
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question