mirror of
https://github.com/ChrisTitusTech/winutil
synced 2026-02-04 06:50:09 +00:00
Update-Updates-Tab (#3833)
* Update Invoke-WPFUpdatessecurity.ps1 * Update Invoke-WPFUpdatesdisable.ps1 * Update Invoke-WPFUpdatesdefault.ps1 * Update Invoke-WPFUpdatesdefault.ps1 * Update Invoke-WPFUpdatesdisable.ps1 * Update Invoke-WPFUpdatesdisable.ps1 * Update Invoke-WPFUpdatessecurity.ps1 * Update Invoke-WPFUpdatessecurity.ps1 * Update Invoke-WPFUpdatesdefault.ps1 * Update Invoke-WPFUpdatesdisable.ps1 * Update Invoke-WPFUpdatessecurity.ps1 * Update Invoke-WPFUpdatesdisable.ps1 * Update Invoke-WPFUpdatesdisable.ps1 * Update Invoke-WPFUpdatesdisable.ps1 * Update Invoke-WPFUpdatesdefault.ps1 * Update Invoke-WPFUpdatesdisable.ps1 * Update Invoke-WPFUpdatesdefault.ps1 * Update Invoke-WPFUpdatesdisable.ps1 * Update Invoke-WPFUpdatesdefault.ps1 * Update Invoke-WPFUpdatesdisable.ps1 * Update Invoke-WPFUpdatesdefault.ps1 * Update Invoke-WPFUpdatesdisable.ps1 * Update Invoke-WPFUpdatesdisable.ps1 * Update Invoke-WPFUpdatesdefault.ps1 * Update Invoke-WPFUpdatesdefault.ps1 * Update Invoke-WPFUpdatessecurity.ps1 * Update Invoke-WPFUpdatessecurity.ps1 * Update Invoke-WPFUpdatesdisable.ps1 * Update Invoke-WPFUpdatesdefault.ps1 * Update Invoke-WPFUpdatesdefault.ps1 * Update Invoke-WPFUpdatesdefault.ps1
This commit is contained in:
Gabi
@@ -5,149 +5,51 @@ function Invoke-WPFUpdatesdefault {
|
|||||||
Resets Windows Update settings to default
|
Resets Windows Update settings to default
|
||||||
|
|
||||||
#>
|
#>
|
||||||
|
$ErrorActionPreference = 'SilentlyContinue'
|
||||||
|
|
||||||
Write-Host "Restoring Windows Update registry settings..." -ForegroundColor Yellow
|
Write-Host "Removing Windows Update policy settings..." -ForegroundColor Green
|
||||||
|
|
||||||
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU")) {
|
Remove-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Recurse -Force
|
||||||
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Force | Out-Null
|
Remove-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization" -Recurse -Force
|
||||||
}
|
Remove-Item -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Recurse -Force
|
||||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "NoAutoUpdate" -Type DWord -Value 0
|
Remove-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Device Metadata" -Recurse -Force
|
||||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "AUOptions" -Type DWord -Value 3
|
Remove-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Recurse -Force
|
||||||
If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config")) {
|
Remove-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Recurse -Force
|
||||||
New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Force | Out-Null
|
|
||||||
}
|
|
||||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode" -Type DWord -Value 1
|
|
||||||
|
|
||||||
# Reset WaaSMedicSvc registry settings to defaults
|
Write-Host "Reenabling Windows Update Services..." -ForegroundColor Green
|
||||||
Write-Host "Restoring WaaSMedicSvc settings..." -ForegroundColor Yellow
|
|
||||||
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" -Name "Start" -Type DWord -Value 3 -ErrorAction SilentlyContinue
|
|
||||||
Remove-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" -Name "FailureActions" -ErrorAction SilentlyContinue
|
|
||||||
|
|
||||||
# Restore update services to their default state
|
Write-Host "Restored BITS to Manual"
|
||||||
Write-Host "Restoring update services..." -ForegroundColor Yellow
|
Set-Service -Name BITS -StartupType Manual
|
||||||
|
|
||||||
$services = @(
|
Write-Host "Restored wuauserv to Manual"
|
||||||
@{Name = "BITS"; StartupType = "Manual"},
|
Set-Service -Name wuauserv -StartupType Manual
|
||||||
@{Name = "wuauserv"; StartupType = "Manual"},
|
|
||||||
@{Name = "UsoSvc"; StartupType = "Automatic"},
|
|
||||||
@{Name = "uhssvc"; StartupType = "Disabled"},
|
|
||||||
@{Name = "WaaSMedicSvc"; StartupType = "Manual"}
|
|
||||||
)
|
|
||||||
|
|
||||||
foreach ($service in $services) {
|
Write-Host "Restored UsoSvc to Automatic"
|
||||||
try {
|
Set-Service -Name UsoSvc -StartupType Automatic
|
||||||
Write-Host "Restoring $($service.Name) to $($service.StartupType)..."
|
|
||||||
$serviceObj = Get-Service -Name $service.Name -ErrorAction SilentlyContinue
|
|
||||||
if ($serviceObj) {
|
|
||||||
Set-Service -Name $service.Name -StartupType $service.StartupType -ErrorAction SilentlyContinue
|
|
||||||
|
|
||||||
# Reset failure actions to default using sc command
|
Write-Host "Restored WaaSMedicSvc to Manual"
|
||||||
Start-Process -FilePath "sc.exe" -ArgumentList "failure `"$($service.Name)`" reset= 86400 actions= restart/60000/restart/60000/restart/60000" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue
|
Set-Service -Name WaaSMedicSvc -StartupType Manual
|
||||||
|
|
||||||
# Start the service if it should be running
|
Write-Host "Enabling update related scheduled tasks..." -ForegroundColor Green
|
||||||
if ($service.StartupType -eq "Automatic") {
|
|
||||||
Start-Service -Name $service.Name -ErrorAction SilentlyContinue
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
catch {
|
|
||||||
Write-Host "Warning: Could not restore service $($service.Name) - $($_.Exception.Message)" -ForegroundColor Yellow
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Restore renamed DLLs if they exist
|
$Tasks =
|
||||||
Write-Host "Restoring renamed update service DLLs..." -ForegroundColor Yellow
|
'\Microsoft\Windows\InstallService\*',
|
||||||
|
'\Microsoft\Windows\UpdateOrchestrator\*',
|
||||||
$dlls = @("WaaSMedicSvc", "wuaueng")
|
'\Microsoft\Windows\UpdateAssistant\*',
|
||||||
|
'\Microsoft\Windows\WaaSMedic\*',
|
||||||
foreach ($dll in $dlls) {
|
'\Microsoft\Windows\WindowsUpdate\*',
|
||||||
$dllPath = "C:\Windows\System32\$dll.dll"
|
|
||||||
$backupPath = "C:\Windows\System32\${dll}_BAK.dll"
|
|
||||||
|
|
||||||
if ((Test-Path $backupPath) -and !(Test-Path $dllPath)) {
|
|
||||||
try {
|
|
||||||
# Take ownership of backup file
|
|
||||||
Start-Process -FilePath "takeown.exe" -ArgumentList "/f `"$backupPath`"" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue
|
|
||||||
|
|
||||||
# Grant full control to everyone
|
|
||||||
Start-Process -FilePath "icacls.exe" -ArgumentList "`"$backupPath`" /grant *S-1-1-0:F" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue
|
|
||||||
|
|
||||||
# Rename back to original
|
|
||||||
Rename-Item -Path $backupPath -NewName "$dll.dll" -ErrorAction SilentlyContinue
|
|
||||||
Write-Host "Restored ${dll}_BAK.dll to $dll.dll"
|
|
||||||
|
|
||||||
# Restore ownership to TrustedInstaller
|
|
||||||
Start-Process -FilePath "icacls.exe" -ArgumentList "`"$dllPath`" /setowner `"NT SERVICE\TrustedInstaller`"" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue
|
|
||||||
Start-Process -FilePath "icacls.exe" -ArgumentList "`"$dllPath`" /remove *S-1-1-0" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue
|
|
||||||
}
|
|
||||||
catch {
|
|
||||||
Write-Host "Warning: Could not restore $dll.dll - $($_.Exception.Message)" -ForegroundColor Yellow
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Enable update related scheduled tasks
|
|
||||||
Write-Host "Enabling update related scheduled tasks..." -ForegroundColor Yellow
|
|
||||||
|
|
||||||
$taskPaths = @(
|
|
||||||
'\Microsoft\Windows\InstallService\*'
|
|
||||||
'\Microsoft\Windows\UpdateOrchestrator\*'
|
|
||||||
'\Microsoft\Windows\UpdateAssistant\*'
|
|
||||||
'\Microsoft\Windows\WaaSMedic\*'
|
|
||||||
'\Microsoft\Windows\WindowsUpdate\*'
|
|
||||||
'\Microsoft\WindowsUpdate\*'
|
'\Microsoft\WindowsUpdate\*'
|
||||||
)
|
|
||||||
|
|
||||||
foreach ($taskPath in $taskPaths) {
|
foreach ($Task in $Tasks) {
|
||||||
try {
|
Get-ScheduledTask -TaskPath $Task | Enable-ScheduledTask -ErrorAction SilentlyContinue
|
||||||
$tasks = Get-ScheduledTask -TaskPath $taskPath -ErrorAction SilentlyContinue
|
|
||||||
foreach ($task in $tasks) {
|
|
||||||
Enable-ScheduledTask -TaskName $task.TaskName -TaskPath $task.TaskPath -ErrorAction SilentlyContinue
|
|
||||||
Write-Host "Enabled task: $($task.TaskName)"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
catch {
|
|
||||||
Write-Host "Warning: Could not enable tasks in path $taskPath - $($_.Exception.Message)" -ForegroundColor Yellow
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
Write-Host "Enabling driver offering through Windows Update..."
|
Write-Host "Windows Local Policies Reset to Default"
|
||||||
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Device Metadata" -Name "PreventDeviceMetadataFromNetwork" -ErrorAction SilentlyContinue
|
secedit /configure /cfg "$Env:SystemRoot\inf\defltbase.inf" /db defltbase.sdb
|
||||||
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DontPromptForWindowsUpdate" -ErrorAction SilentlyContinue
|
|
||||||
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DontSearchWindowsUpdate" -ErrorAction SilentlyContinue
|
|
||||||
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DriverUpdateWizardWuSearchEnabled" -ErrorAction SilentlyContinue
|
|
||||||
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "ExcludeWUDriversInQualityUpdate" -ErrorAction SilentlyContinue
|
|
||||||
Write-Host "Enabling Windows Update automatic restart..."
|
|
||||||
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "NoAutoRebootWithLoggedOnUsers" -ErrorAction SilentlyContinue
|
|
||||||
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "AUPowerManagement" -ErrorAction SilentlyContinue
|
|
||||||
Write-Host "Enabled driver offering through Windows Update"
|
|
||||||
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Name "BranchReadinessLevel" -ErrorAction SilentlyContinue
|
|
||||||
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Name "DeferFeatureUpdatesPeriodInDays" -ErrorAction SilentlyContinue
|
|
||||||
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Name "DeferQualityUpdatesPeriodInDays" -ErrorAction SilentlyContinue
|
|
||||||
|
|
||||||
Write-Host "==================================================="
|
Write-Host "===================================================" -ForegroundColor Green
|
||||||
Write-Host "--- Windows Update Settings Reset to Default ---"
|
Write-Host "--- Windows Update Settings Reset to Default ---" -ForegroundColor Green
|
||||||
Write-Host "==================================================="
|
Write-Host "===================================================" -ForegroundColor Green
|
||||||
|
|
||||||
Start-Process -FilePath "secedit" -ArgumentList "/configure /cfg $env:windir\inf\defltbase.inf /db defltbase.sdb /verbose" -Wait
|
Write-Host "Note: You must restart your system in order for all changes to take effect." -ForegroundColor Yellow
|
||||||
Start-Process -FilePath "cmd.exe" -ArgumentList "/c RD /S /Q $env:WinDir\System32\GroupPolicyUsers" -Wait
|
|
||||||
Start-Process -FilePath "cmd.exe" -ArgumentList "/c RD /S /Q $env:WinDir\System32\GroupPolicy" -Wait
|
|
||||||
Start-Process -FilePath "gpupdate" -ArgumentList "/force" -Wait
|
|
||||||
Remove-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies" -Recurse -Force -ErrorAction SilentlyContinue
|
|
||||||
Remove-Item -Path "HKCU:\Software\Microsoft\WindowsSelfHost" -Recurse -Force -ErrorAction SilentlyContinue
|
|
||||||
Remove-Item -Path "HKCU:\Software\Policies" -Recurse -Force -ErrorAction SilentlyContinue
|
|
||||||
Remove-Item -Path "HKLM:\Software\Microsoft\Policies" -Recurse -Force -ErrorAction SilentlyContinue
|
|
||||||
Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies" -Recurse -Force -ErrorAction SilentlyContinue
|
|
||||||
Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\WindowsStore\WindowsUpdate" -Recurse -Force -ErrorAction SilentlyContinue
|
|
||||||
Remove-Item -Path "HKLM:\Software\Microsoft\WindowsSelfHost" -Recurse -Force -ErrorAction SilentlyContinue
|
|
||||||
Remove-Item -Path "HKLM:\Software\Policies" -Recurse -Force -ErrorAction SilentlyContinue
|
|
||||||
Remove-Item -Path "HKLM:\Software\WOW6432Node\Microsoft\Policies" -Recurse -Force -ErrorAction SilentlyContinue
|
|
||||||
Remove-Item -Path "HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies" -Recurse -Force -ErrorAction SilentlyContinue
|
|
||||||
Remove-Item -Path "HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\WindowsStore\WindowsUpdate" -Recurse -Force -ErrorAction SilentlyContinue
|
|
||||||
|
|
||||||
Write-Host "==================================================="
|
|
||||||
Write-Host "--- Windows Local Policies Reset to Default ---"
|
|
||||||
Write-Host "==================================================="
|
|
||||||
|
|
||||||
Write-Host "Note: A system restart may be required for all changes to take full effect." -ForegroundColor Yellow
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -6,130 +6,51 @@ function Invoke-WPFUpdatesdisable {
|
|||||||
|
|
||||||
.NOTES
|
.NOTES
|
||||||
Disabling Windows Update is not recommended. This is only for advanced users who know what they are doing.
|
Disabling Windows Update is not recommended. This is only for advanced users who know what they are doing.
|
||||||
This function requires administrator privileges and will attempt to run as SYSTEM for certain operations.
|
|
||||||
|
|
||||||
#>
|
#>
|
||||||
|
$ErrorActionPreference = 'SilentlyContinue'
|
||||||
|
|
||||||
Write-Host "Configuring registry settings..." -ForegroundColor Yellow
|
Write-Host "Configuring registry settings..." -ForegroundColor Yellow
|
||||||
|
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Force
|
||||||
|
|
||||||
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU")) {
|
|
||||||
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Force | Out-Null
|
|
||||||
}
|
|
||||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "NoAutoUpdate" -Type DWord -Value 1
|
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "NoAutoUpdate" -Type DWord -Value 1
|
||||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "AUOptions" -Type DWord -Value 1
|
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "AUOptions" -Type DWord -Value 1
|
||||||
|
|
||||||
If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config")) {
|
New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Force
|
||||||
New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Force | Out-Null
|
|
||||||
}
|
|
||||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode" -Type DWord -Value 0
|
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode" -Type DWord -Value 0
|
||||||
|
|
||||||
# Additional registry settings
|
Write-Host "Disabled BITS Service"
|
||||||
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" -Name "Start" -Type DWord -Value 4 -ErrorAction SilentlyContinue
|
Set-Service -Name BITS -StartupType Disabled
|
||||||
$failureActions = [byte[]](0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x03,0x00,0x00,0x00,0x14,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xc0,0xd4,0x01,0x00,0x00,0x00,0x00,0x00,0xe0,0x93,0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00)
|
|
||||||
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" -Name "FailureActions" -Type Binary -Value $failureActions -ErrorAction SilentlyContinue
|
|
||||||
|
|
||||||
# Disable and stop update related services
|
Write-Host "Disabled wuauserv Service"
|
||||||
Write-Host "Disabling update services..." -ForegroundColor Yellow
|
Set-Service -Name wuauserv -StartupType Disabled
|
||||||
|
|
||||||
$services = @(
|
Write-Host "Disabled UsoSvc Service"
|
||||||
"BITS"
|
Set-Service -Name UsoSvc -StartupType Disabled
|
||||||
"wuauserv"
|
|
||||||
"UsoSvc"
|
|
||||||
"uhssvc"
|
|
||||||
"WaaSMedicSvc"
|
|
||||||
)
|
|
||||||
|
|
||||||
foreach ($service in $services) {
|
Write-Host "Disabled WaaSMedicSvc Service"
|
||||||
try {
|
Set-Service -Name WaaSMedicSvc -StartupType Disabled
|
||||||
Write-Host "Stopping and disabling $service..."
|
|
||||||
$serviceObj = Get-Service -Name $service -ErrorAction SilentlyContinue
|
|
||||||
if ($serviceObj) {
|
|
||||||
Stop-Service -Name $service -Force -ErrorAction SilentlyContinue
|
|
||||||
Set-Service -Name $service -StartupType Disabled -ErrorAction SilentlyContinue
|
|
||||||
|
|
||||||
# Set failure actions to nothing using sc command
|
Remove-Item "C:\Windows\SoftwareDistribution\*" -Recurse -Force
|
||||||
Start-Process -FilePath "sc.exe" -ArgumentList "failure `"$service`" reset= 0 actions= `"`"" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue
|
Write-Host "Cleared SoftwareDistribution folder"
|
||||||
}
|
|
||||||
}
|
|
||||||
catch {
|
|
||||||
Write-Host "Warning: Could not process service $service - $($_.Exception.Message)" -ForegroundColor Yellow
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Rename critical update service DLLs (requires SYSTEM privileges)
|
|
||||||
Write-Host "Attempting to rename critical update service DLLs..." -ForegroundColor Yellow
|
|
||||||
|
|
||||||
$dlls = @("WaaSMedicSvc", "wuaueng")
|
|
||||||
|
|
||||||
foreach ($dll in $dlls) {
|
|
||||||
$dllPath = "C:\Windows\System32\$dll.dll"
|
|
||||||
$backupPath = "C:\Windows\System32\${dll}_BAK.dll"
|
|
||||||
|
|
||||||
if (Test-Path $dllPath) {
|
|
||||||
try {
|
|
||||||
# Take ownership
|
|
||||||
Start-Process -FilePath "takeown.exe" -ArgumentList "/f `"$dllPath`"" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue
|
|
||||||
|
|
||||||
# Grant full control to everyone
|
|
||||||
Start-Process -FilePath "icacls.exe" -ArgumentList "`"$dllPath`" /grant *S-1-1-0:F" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue
|
|
||||||
|
|
||||||
# Rename file
|
|
||||||
if (!(Test-Path $backupPath)) {
|
|
||||||
Rename-Item -Path $dllPath -NewName "${dll}_BAK.dll" -ErrorAction SilentlyContinue
|
|
||||||
Write-Host "Renamed $dll.dll to ${dll}_BAK.dll"
|
|
||||||
|
|
||||||
# Restore ownership to TrustedInstaller
|
|
||||||
Start-Process -FilePath "icacls.exe" -ArgumentList "`"$backupPath`" /setowner `"NT SERVICE\TrustedInstaller`"" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue
|
|
||||||
Start-Process -FilePath "icacls.exe" -ArgumentList "`"$backupPath`" /remove *S-1-1-0" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue
|
|
||||||
}
|
|
||||||
}
|
|
||||||
catch {
|
|
||||||
Write-Host "Warning: Could not rename $dll.dll - $($_.Exception.Message)" -ForegroundColor Yellow
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Delete downloaded update files
|
|
||||||
Write-Host "Cleaning up downloaded update files..." -ForegroundColor Yellow
|
|
||||||
|
|
||||||
try {
|
|
||||||
$softwareDistPath = "C:\Windows\SoftwareDistribution"
|
|
||||||
if (Test-Path $softwareDistPath) {
|
|
||||||
Get-ChildItem -Path $softwareDistPath -Recurse -Force | Remove-Item -Force -Recurse -ErrorAction SilentlyContinue
|
|
||||||
Write-Host "Cleared SoftwareDistribution folder"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
catch {
|
|
||||||
Write-Host "Warning: Could not fully clear SoftwareDistribution folder - $($_.Exception.Message)" -ForegroundColor Yellow
|
|
||||||
}
|
|
||||||
|
|
||||||
# Disable update related scheduled tasks
|
|
||||||
Write-Host "Disabling update related scheduled tasks..." -ForegroundColor Yellow
|
Write-Host "Disabling update related scheduled tasks..." -ForegroundColor Yellow
|
||||||
|
|
||||||
$taskPaths = @(
|
$Tasks =
|
||||||
'\Microsoft\Windows\InstallService\*'
|
'\Microsoft\Windows\InstallService\*',
|
||||||
'\Microsoft\Windows\UpdateOrchestrator\*'
|
'\Microsoft\Windows\UpdateOrchestrator\*',
|
||||||
'\Microsoft\Windows\UpdateAssistant\*'
|
'\Microsoft\Windows\UpdateAssistant\*',
|
||||||
'\Microsoft\Windows\WaaSMedic\*'
|
'\Microsoft\Windows\WaaSMedic\*',
|
||||||
'\Microsoft\Windows\WindowsUpdate\*'
|
'\Microsoft\Windows\WindowsUpdate\*',
|
||||||
'\Microsoft\WindowsUpdate\*'
|
'\Microsoft\WindowsUpdate\*'
|
||||||
)
|
|
||||||
|
|
||||||
foreach ($taskPath in $taskPaths) {
|
foreach ($Task in $Tasks) {
|
||||||
try {
|
Get-ScheduledTask -TaskPath $Task | Disable-ScheduledTask -ErrorAction SilentlyContinue
|
||||||
$tasks = Get-ScheduledTask -TaskPath $taskPath -ErrorAction SilentlyContinue
|
|
||||||
foreach ($task in $tasks) {
|
|
||||||
Disable-ScheduledTask -TaskName $task.TaskName -TaskPath $task.TaskPath -ErrorAction SilentlyContinue
|
|
||||||
Write-Host "Disabled task: $($task.TaskName)"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
catch {
|
|
||||||
Write-Host "Warning: Could not disable tasks in path $taskPath - $($_.Exception.Message)" -ForegroundColor Yellow
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
Write-Host "=================================" -ForegroundColor Green
|
Write-Host "=================================" -ForegroundColor Green
|
||||||
Write-Host "--- Updates ARE DISABLED ---" -ForegroundColor Green
|
Write-Host "--- Updates Are Disabled ---" -ForegroundColor Green
|
||||||
Write-Host "===================================" -ForegroundColor Green
|
Write-Host "=================================" -ForegroundColor Green
|
||||||
Write-Host "Note: Some operations may require a system restart to take full effect." -ForegroundColor Yellow
|
|
||||||
|
Write-Host "Note: You must restart your system in order for all changes to take effect." -ForegroundColor Yellow
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -12,42 +12,36 @@ function Invoke-WPFUpdatessecurity {
|
|||||||
5. Defers quality updates for 4 days
|
5. Defers quality updates for 4 days
|
||||||
|
|
||||||
#>
|
#>
|
||||||
|
|
||||||
Write-Host "Disabling driver offering through Windows Update..."
|
Write-Host "Disabling driver offering through Windows Update..."
|
||||||
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Device Metadata")) {
|
|
||||||
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Device Metadata" -Force | Out-Null
|
|
||||||
}
|
|
||||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Device Metadata" -Name "PreventDeviceMetadataFromNetwork" -Type DWord -Value 1
|
|
||||||
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching")) {
|
|
||||||
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Force | Out-Null
|
|
||||||
}
|
|
||||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DontPromptForWindowsUpdate" -Type DWord -Value 1
|
|
||||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DontSearchWindowsUpdate" -Type DWord -Value 1
|
|
||||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DriverUpdateWizardWuSearchEnabled" -Type DWord -Value 0
|
|
||||||
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate")) {
|
|
||||||
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" | Out-Null
|
|
||||||
}
|
|
||||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "ExcludeWUDriversInQualityUpdate" -Type DWord -Value 1
|
|
||||||
Write-Host "Disabling Windows Update automatic restart..."
|
|
||||||
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU")) {
|
|
||||||
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Force | Out-Null
|
|
||||||
}
|
|
||||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "NoAutoRebootWithLoggedOnUsers" -Type DWord -Value 1
|
|
||||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "AUPowerManagement" -Type DWord -Value 0
|
|
||||||
Write-Host "Disabled driver offering through Windows Update"
|
|
||||||
If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings")) {
|
|
||||||
New-Item -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Force | Out-Null
|
|
||||||
}
|
|
||||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Name "BranchReadinessLevel" -Type DWord -Value 20
|
|
||||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Name "DeferFeatureUpdatesPeriodInDays" -Type DWord -Value 365
|
|
||||||
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Name "DeferQualityUpdatesPeriodInDays" -Type DWord -Value 4
|
|
||||||
|
|
||||||
$ButtonType = [System.Windows.MessageBoxButton]::OK
|
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Device Metadata" -Force
|
||||||
$MessageboxTitle = "Set Security Updates"
|
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Device Metadata" -Name "PreventDeviceMetadataFromNetwork" -Type DWord -Value 1
|
||||||
$Messageboxbody = ("Recommended Update settings loaded")
|
|
||||||
$MessageIcon = [System.Windows.MessageBoxImage]::Information
|
|
||||||
|
|
||||||
[System.Windows.MessageBox]::Show($Messageboxbody, $MessageboxTitle, $ButtonType, $MessageIcon)
|
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Force
|
||||||
Write-Host "================================="
|
|
||||||
Write-Host "-- Updates Set to Recommended ---"
|
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DontPromptForWindowsUpdate" -Type DWord -Value 1
|
||||||
Write-Host "================================="
|
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DontSearchWindowsUpdate" -Type DWord -Value 1
|
||||||
|
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DriverUpdateWizardWuSearchEnabled" -Type DWord -Value 0
|
||||||
|
|
||||||
|
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Force
|
||||||
|
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "ExcludeWUDriversInQualityUpdate" -Type DWord -Value 1
|
||||||
|
|
||||||
|
Write-Host "Setting cumulative updates back by 1 year and security updates by 4 days"
|
||||||
|
|
||||||
|
New-Item -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Force
|
||||||
|
|
||||||
|
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Name "BranchReadinessLevel" -Type DWord -Value 20
|
||||||
|
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Name "DeferFeatureUpdatesPeriodInDays" -Type DWord -Value 365
|
||||||
|
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Name "DeferQualityUpdatesPeriodInDays" -Type DWord -Value 4
|
||||||
|
|
||||||
|
Write-Host "Disabling Windows Update automatic restart..."
|
||||||
|
|
||||||
|
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Force
|
||||||
|
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "NoAutoRebootWithLoggedOnUsers" -Type DWord -Value 1
|
||||||
|
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "AUPowerManagement" -Type DWord -Value 0
|
||||||
|
|
||||||
|
Write-Host "================================="
|
||||||
|
Write-Host "-- Updates Set to Recommended ---"
|
||||||
|
Write-Host "================================="
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user