-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathWinUpdateBlocker-enable.ps1
More file actions
133 lines (119 loc) · 6.71 KB
/
WinUpdateBlocker-enable.ps1
File metadata and controls
133 lines (119 loc) · 6.71 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
$services = @(
"WaasMedicSvc", # WaaS Medic Service
"UsoSvc", # Update Session Orchestrator
"PushToInstall", # Push to Install
"BITS", # Background Intelligent Transfer Service
"DoSvc" # Delivery Optimization
)
# Function to set services correctly
function Restore-Service {
param (
[string]$Name,
[string]$StartupType
)
# Set the startup type correctly
if ($StartupType -eq "AutomaticDelayedStart") {
# Use registry for Automatic (Delayed Start)
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\$Name" -Name "Start" -Value 2
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\$Name" -Name "DelayedAutoStart" -Value 1
}
else {
# Use Set-Service for other types
Set-Service -Name $Name -StartupType $StartupType
}
# Try to start the service
Start-Service -Name $Name -ErrorAction SilentlyContinue
}
# Restore each service with its proper startup type
Restore-Service -Name "WaasMedicSvc" -StartupType Manual
Restore-Service -Name "UsoSvc" -StartupType AutomaticDelayedStart
Restore-Service -Name "PushToInstall" -StartupType Manual
Restore-Service -Name "BITS" -StartupType AutomaticDelayedStart
Restore-Service -Name "DoSvc" -StartupType AutomaticDelayedStart
Restore-Service -Name "wuauserv" -StartupType Manual
# Start the necessary services
Start-Service -Name "UsoSvc" -ErrorAction SilentlyContinue
Start-Service -Name "BITS" -ErrorAction SilentlyContinue
Start-Service -Name "DoSvc" -ErrorAction SilentlyContinue
Start-Service -Name "wuauserv" -ErrorAction SilentlyContinue
$tasks = @(
"\Microsoft\Windows\InstallService\RestoreDevice",
"\Microsoft\Windows\InstallService\ScanForUpdates",
"\Microsoft\Windows\InstallService\ScanForUpdatesAsUser",
"\Microsoft\Windows\InstallService\SmartRetry",
"\Microsoft\Windows\InstallService\WakeUpAndContinueUpdates",
"\Microsoft\Windows\InstallService\WakeUpAndScanForUpdates"
)
foreach ($task in $tasks) {
schtasks /Change /TN $task /Enable
}
$taskPatterns = @(
"Microsoft\Windows\WindowsUpdate\*",
"Microsoft\Windows\UpdateOrchestrator\*",
"Microsoft\Windows\WaaSMedic\*"
)
foreach ($pattern in $taskPatterns) {
# Get all matching tasks
$tasks = Get-ScheduledTask | Where-Object { $_.TaskPath -like "\$pattern" }
foreach ($task in $tasks) {
try {
# Enable the task using schtasks
$taskFullPath = "$($task.TaskPath.TrimStart("\"))$($task.TaskName)"
schtasks /Change /TN "$taskFullPath" /Enable
Write-Host "Enabled scheduled task: $taskFullPath" -ForegroundColor Green
} catch {
Write-Host "Failed to enable task: $taskFullPath" -ForegroundColor Red
}
}
}
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "NoAutoUpdate" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "AUOptions" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "NoAutoRebootWithLoggedOnUsers" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings" -Name "PauseFeatureUpdatesStartTime" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings" -Name "PauseQualityUpdatesStartTime" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableAntiSpyware" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "DoNotConnectToWindowsUpdateInternetLocations" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceMetadata" -Name "PreventDeviceMetadataFromNetwork" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching" -Name "SearchOrderConfig" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching" -Name "DontSearchWindowsUpdate" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\WindowsStore" -Name "AutoDownload" -ErrorAction SilentlyContinue
#Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" -Name "AllowBuildPreview" -ErrorAction SilentlyContinue
$processes = @(
"EOSnotify.exe",
"SipNotify.exe",
"GWX.exe",
"GWXUX.exe",
"UsoClient.exe",
"MusNotifyIcon.exe",
"MusNotification.exe",
"MusNotificationUx.exe",
"Windows10UpgraderApp.exe",
"Windows10Upgrade.exe",
"UpdateAssistant.exe",
"remsh.exe",
#"dismHost.exe",
"SIHClient.exe",
"InstallAgent.exe",
"WaaSMedic.exe",
"WaasMedicAgent.exe",
"upfc.exe"
)
foreach ($process in $processes) {
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\$process" -Name "Debugger" -ErrorAction SilentlyContinue
}
Remove-MpPreference -ExclusionPath "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"
Remove-MpPreference -ExclusionPath "C:\Windows\System32\Tasks\Microsoft\Windows\InstallService"
Remove-MpPreference -ExclusionPath "C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate"
Remove-MpPreference -ExclusionPath "C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator"
Remove-MpPreference -ExclusionPath "C:\Windows\System32\Tasks\Microsoft\Windows\WaaSMedic"
$osCaption = (Get-CimInstance -ClassName Win32_OperatingSystem).Caption
if ($osCaption -like "*Windows 10*") {
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "ProductVersion" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "TargetReleaseVersion" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "TargetReleaseVersionInfo" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\WindowsStore" -Name "DisableOSUpgrade" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "DisableOSUpgrade" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade" -Name "AllowOSUpgrade" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKLM:\SYSTEM\Setup\UpgradeNotification" -Name "UpgradeAvailable" -ErrorAction SilentlyContinue
}
#Remove-NetFirewallRule -DisplayName "Block Windows Update"