5

The following services have successfully been disabled, and their executable files that activate them have had their security permissions removed under propteries:

  1. Background Intelligent Transfer Service
  2. Update Orchestrator Service
  3. Windows Update Windows
  4. Update Medic Service

I have also completely disabled these services in Task Scheduler, and in their respective registry file settings, and rebooted to confirmed the registry file settings were saved. Task Scheduler itself, in fact, has been completely disabled and cannot be accessed even within system level MMC.

HOWEVER the update orchestrator service is somehow able to re-activate itself each day and will download KB5008212 package, (or any other package I do not have) if it is not already downloaded, so deleting the package doesn't help.

This machine is for testing and I do not want KB5008212 package to install. I have a system-level/admin level MMC console always running to make it easier for me to simply refresh the services tool under computer management component, find Update Orchestrator Service, set to disabled and stop the service, and click apply/ok.

I tested to see what would happen if I did not do this everyday. When it re-activated itself, I left it alone, and eventually, over the course of several days, the 4 services I listed above will re-enable and activate 1 by 1.

I am tired of constantly fighting this. If saved registry changes, security activation permissions for their files, and disabled settings in Services combined can't do it, I want to know what will, and I want to know what other service or task is responsible for it's re-activation

Andrew
  • 51
  • 1
  • 2
  • What is Orchestrator? Can you uninstall it? It is not a service on any of my computers here. – John Feb 17 '22 at 00:50
  • It is far easier, to [infinitely postpone an update from being installed](https://superuser.com/questions/946957/stopping-all-automatic-updates-windows-10), then attempting to disable Windows Update[.](https://superuser.com/questions/957267/how-to-disable-automatic-reboots-in-windows-10). Using Activity Hours, and continuously setting it, is far more effective then trying to break Windows Update in some capacity. – Ramhound Feb 17 '22 at 21:21
  • `I have also completely disabled these services in Task Scheduler` .. ? *Services* don't run via the task scheduler. Services run via the service control manager and the kernel driver model (which technically aren't services but one can argue this point due to microsoft ambiguous verbage). This might be semantics to some, but the difference is more than semantics. – Señor CMasMas Feb 18 '22 at 22:54

1 Answers1

0

I though it was the hidden service called WaaSMedicSvc which you can disable in registry, but that didn't to the trick either. (HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc, Start=4)

I've been looking at Azure VMs which you can actually specify not to get updates. The only thing I could find was these reg keys (from the XP time) was actually set: HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate = 1 (enabled)

HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\AUOptions = 3 (AutoUpdateModeDownload)

Haven't tested them out on my W10 yet (didn't beleive they would change anything, but who knows).

The WaaSMedicSvc service was set to 3 (manuel)

UPDATE:

Just found out that there also is a WaaSMedic Schedule Task:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WaaSMedic

...maybe that's the one! MS did go a long was to protect this task by using very stric permissions, cannot do it in GUI (that's a good sign :-P)

UPDATE2: The WaaSMedic Schedule Task didn't seem to do the trick either :-(

MrCalvin
  • 279
  • 2
  • 11