Windows 10 Managing Updates
We encountered a problem on Friday that seems to have occurred when KB4056892 Windows update was installed.
It appears that legacy software, if started, won't run and damages many of the normal OS functions (more related to menus?).
Some things say that there's no permission to run. Other things just don't run. etc.
[https://www.experts-exchange.com/questions/29076865/Windows-10-System-Problems.html]
We have a few options for this.
The legacy software is critical and is not going to change any time soon if at all.
It's been suggested that we could install Windows 10 ver. 1607 and it won't gather more updates. That could be a solution.
Yet, that would avoid good updates.
My thought is this:
1) start with a clean 1709 system fully updated.
2) remove KB4056892 using Programs and Features, View installed updates, Uninstall an update.
3) using wushowhide.diagccab, hide KB4056892 so it won't come back.
(same for any updates that prove to be problematic).
But all this is a bit of a problem in navigating through it all:
In some cases, the Control Panel \ Programs and Features \ View Installed Updates list is empty
BUT if you click on Uninstall an update, there *is* a list.
That just seems wrong.....
But one can live with it.
wushowhide.diagcab may show There areNO updates available to Hide.
Now what?
PowerShell
wmic qfe lists full
Shows some updates but they don't 100% match those shown with Control Panel.
I might suppose that an update could be hidden before it's installed.
But, how can an update be on a list available for hiding if it hasn't already been at least downloaded?
This seems a catch 22.
It appears that legacy software, if started, won't run and damages many of the normal OS functions (more related to menus?).
Some things say that there's no permission to run. Other things just don't run. etc.
[https://www.experts-exchange.com/questions/29076865/Windows-10-System-Problems.html]
We have a few options for this.
The legacy software is critical and is not going to change any time soon if at all.
It's been suggested that we could install Windows 10 ver. 1607 and it won't gather more updates. That could be a solution.
Yet, that would avoid good updates.
My thought is this:
1) start with a clean 1709 system fully updated.
2) remove KB4056892 using Programs and Features, View installed updates, Uninstall an update.
3) using wushowhide.diagccab, hide KB4056892 so it won't come back.
(same for any updates that prove to be problematic).
But all this is a bit of a problem in navigating through it all:
In some cases, the Control Panel \ Programs and Features \ View Installed Updates list is empty
BUT if you click on Uninstall an update, there *is* a list.
That just seems wrong.....
But one can live with it.
wushowhide.diagcab may show There areNO updates available to Hide.
Now what?
PowerShell
wmic qfe lists full
Shows some updates but they don't 100% match those shown with Control Panel.
I might suppose that an update could be hidden before it's installed.
But, how can an update be on a list available for hiding if it hasn't already been at least downloaded?
This seems a catch 22.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It will not hide any update that works and the one you have here works (not for you, I understand). So you cannot use it for this purpose.
Even if you uninstall, I doubt wushowide.diagcab would work.
Even if you uninstall, I doubt wushowide.diagcab would work.
I doubt if wushowhide.diagccab works on Windows 10 Version 1709.
It works on Version 1607 and 1511.
It works on Version 1607 and 1511.
Yes, it works for updates that will not install. But there are no longer many of these.
ASKER
If it gets installed and then it's uninstalled, won't it show up again as available for download and/or install?
If that's the case then one might expect wushowhide to work to hide it.
Unless there's proof/experience to the contrary.
Updates that will not install are in the same or similar category of "not installed" which includes "uninstalled". Well, according to English anyway.
So, if there's a difference between the two then it would be good to know more about that.
Aside from the semantic logic, why the doubts?
If that's the case then one might expect wushowhide to work to hide it.
Unless there's proof/experience to the contrary.
Updates that will not install are in the same or similar category of "not installed" which includes "uninstalled". Well, according to English anyway.
So, if there's a difference between the two then it would be good to know more about that.
Aside from the semantic logic, why the doubts?
My work on wushowhide.diagcab is that it only hides updates that do not work. HP Null Fax was one - it would not install. The update you are dealing with works (just not for your software).
So it must be possible to install Windows again and before installing KB4056892 use wushowhide.diagccab to hid it.
I don't think so. The update works so the Microsoft tool will not hide it. Otherwise users would be hiding all the updates. That would defeat the use of the tool as provided.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
John Hurst: Perhaps this should be rethought so as not to mislead. The idea of "working" or "not working" isn't in Microsoft's ability. They say this:
Given that it's much easier to keep a database (or create one in real time) that determines what *is* installed and what *is* hidden is much easier than being able to definitively say and keep track of the dynamics of: what *had been installed and wasn't (then) pleasing*?
Ramin: Yes, that would seem logical with a clean install. How practical it might be int he world of installation methods is a question.
As I mentioned earlier, it's not clear to me just what the "live" installation does and doesn't do. It's certainly useful!
We have done "live" reinstallations in the last couple of days that didn't fix as much as was expected.
Now, I can't say that this was accompanied by 4 reboots.
I believe at least one system reported having quite a few updates afterwards. If so, it's not a "clean" install from a given baseline. I can't prove this right now - but I believe I've observed it. Could be wrong.
Perhaps we need to chant "FREE USER HIDING" "FREE USER HIDING" :-)
In rare cases, a specific driver might temporarily cause issues that affect your device. In this situation, you can prevent the problematic driver from reinstalling automatically the next time Windows Updates are installed.So, in what manner can they determine that there are "issues that affect your device"? I don't think they can.
Given that it's much easier to keep a database (or create one in real time) that determines what *is* installed and what *is* hidden is much easier than being able to definitively say and keep track of the dynamics of: what *had been installed and wasn't (then) pleasing*?
Ramin: Yes, that would seem logical with a clean install. How practical it might be int he world of installation methods is a question.
As I mentioned earlier, it's not clear to me just what the "live" installation does and doesn't do. It's certainly useful!
We have done "live" reinstallations in the last couple of days that didn't fix as much as was expected.
Now, I can't say that this was accompanied by 4 reboots.
I believe at least one system reported having quite a few updates afterwards. If so, it's not a "clean" install from a given baseline. I can't prove this right now - but I believe I've observed it. Could be wrong.
Perhaps we need to chant "FREE USER HIDING" "FREE USER HIDING" :-)
Drivers are different than applications. Yes , wsushowhide can and does hide generally errant drivers. I referred to that above. But the update you are talking about works on all our machines. Your software does not work with. That is your software's issue
ASKER
Ramin: I don's follow that logic. It seems to me that it's saying that system restore was the method used to REMOVE it. There may be other methods for removal. But hiding is another thing altogether. In one case it's installed. In the other case it isn't installed. Right?
I do see that they did both:
1) remove by using a restore point. Although I'm unclear on that because it hadn't installed anyway.
2) hide thereafter by using ShowHide.
And, in this case, if I understand it, there never was an installation that succeeded.
But thank you for probing into this issue!
I do see that they did both:
1) remove by using a restore point. Although I'm unclear on that because it hadn't installed anyway.
2) hide thereafter by using ShowHide.
And, in this case, if I understand it, there never was an installation that succeeded.
But thank you for probing into this issue!
I think you are into a black hole trying to solve this issue with updates. The method provided is the Long Term Service branch of Windows 10 and Microsoft can help you get there. You are in a business, they want your business, and this is how they provide a solution.
You're welcome Fred.
ASKER
John Hurst: I've provided some background earlier re: motivation yes. But the question was only about update installation and hiding. My reasons for doing this are, so far, quite immaterial.
That something works for you or others is only of interest if it suggests a solution for me.
Otherwise, it seems diminishing.
I don't know what "all of our machines" is actually referring to. TDB or the entire universe?
I have machines that aren't affected either.
I do have machines that are in need of having updates managed.
I well know that there are others who have similar problems.
So, they too need to have updates managed.
Ramin gave an example of some of those others.
Your suggestion for using LTSB was a good one! It does address how one might manage updates. Thanks for that.
That something works for you or others is only of interest if it suggests a solution for me.
Otherwise, it seems diminishing.
I don't know what "all of our machines" is actually referring to. TDB or the entire universe?
I have machines that aren't affected either.
I do have machines that are in need of having updates managed.
I well know that there are others who have similar problems.
So, they too need to have updates managed.
Ramin gave an example of some of those others.
Your suggestion for using LTSB was a good one! It does address how one might manage updates. Thanks for that.
ASKER
It appears that we've succeeded in dealing with this but there are still questions regarding using wuShowHide.
- One band aid approach is to turn off Windows Update Service. But this was only a stopgap measure to protect systems from damage in the near term. It worked. But, of course, we want this service to be running.
So, the approach is to use wuShowHide to Hide the incompatible update (not a statement of "fault" just a fact).
- In order for wuShowHide to list anything, it appears that the Windows Update Service needs to be running.
- If the Windows Update Service is running then it's possible that an unwanted update can be installed. So, let's just say that this has indeed happened so we are starting with the incompatible update installed.
- Next step is to uninstall the incompatible update. This forces a reboot. I believe the uninstall and the reboot can happen with the Windows Update Service NOT running.
- OK. Now START Windows Update Service.
- Immediately start wuShowHide <<< because we can't allow the incompatible update to reinstall at this point.
- Scan and hide the incompatible update. When it gets hidden, the process in wuShowHide shows "Fixed" but thereafter the update will show on the hidden list.
This seems to work....
The tricky part is the coordination between the Windows Service being running and avoiding reinstallation of removed updates before you can run wuShowHide.
Or, am I missing something in how to best proceed with this? Thus: Update Management?
- One band aid approach is to turn off Windows Update Service. But this was only a stopgap measure to protect systems from damage in the near term. It worked. But, of course, we want this service to be running.
So, the approach is to use wuShowHide to Hide the incompatible update (not a statement of "fault" just a fact).
- In order for wuShowHide to list anything, it appears that the Windows Update Service needs to be running.
- If the Windows Update Service is running then it's possible that an unwanted update can be installed. So, let's just say that this has indeed happened so we are starting with the incompatible update installed.
- Next step is to uninstall the incompatible update. This forces a reboot. I believe the uninstall and the reboot can happen with the Windows Update Service NOT running.
- OK. Now START Windows Update Service.
- Immediately start wuShowHide <<< because we can't allow the incompatible update to reinstall at this point.
- Scan and hide the incompatible update. When it gets hidden, the process in wuShowHide shows "Fixed" but thereafter the update will show on the hidden list.
This seems to work....
The tricky part is the coordination between the Windows Service being running and avoiding reinstallation of removed updates before you can run wuShowHide.
Or, am I missing something in how to best proceed with this? Thus: Update Management?
ASKER
Nobody suggested how we might do update management on a peer-to-peer network of workstations.....
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This remains an ongoing saga. We have learned a lot about it and the current state is frustrating.
ASKER
So, first you have to uninstall and then you might hide, eh?