Download link

https://www.majorgeeks.com/files/details/wumt_wrapper_script.html

Spoiler

Welcome to manual updates!
The purpose of this script is to automate and
enable your control of the update process.
- My philosophy of updating is:
- Only use the Windows Update Service to update.
- Windows Defender will update no matter what setting you use, but it'll
only update if it's enabled. No resource hogging if Defender is disabled.
- Automatically disable a range of annoying junk
- that bypasses windows update, such as:
-Windows 10 Update Facilitation Service
-(OS Remediation System Service - osrss)
- Windows 10 Update Assistant,
- remsh, UsoClient, WaaSMedic(Svc), and SIHClient.
- Enable and start only the Windows Update Service.
- Run the Windows Update MiniTool (WUMT) or Windows Update Manager (WuMgr).
- Stop and disable the Windows Update service.
- All changes are reversible with uninstaller.
Closing WUMT or WuMgr at any time disables updates again;
however, if WUMT or WuMgr is already offering updates, you
need to hide them and/or install them one-by-one
before closing WUMT or WuMgr or it may install them without
asking next time. Don't change WUMT settings while
running this script. If an update requires a reboot,
re-run the script and just close the first screen
to make sure the useless crap that forces updates
stay off.
*The included uninstaller undoes script changes and
everything's like it was before you ever used the script.

Spoiler

(These screenshots are a bit outdated, but you get the idea)
Obligatory Start Menu screenshot from a previous version of the script.
(As of v2.5.3, "Uninstaller" is now "Uninstaller-undo script changes").

Splash screen:

The Configurator:
With Windows 10, you can:
Enable/disable windows update service, and/or continue the script to run WUMT. The script
will do updates with WUMT no matter how you set the Windows Update Service. Enabling is
for using the Store, installing .Net, etc.
This is the default setting.
Normally you'd press [C] here to continue, but you can press [E] to use the Store, then press
[D] (below) to disable it again.
If you press [E] you'll get the screen below.
(The status of the Windows Update Service is always shown in the window.)

After enabling the Windows Update Service.
(The status of the Windows Update Service setting is always shown in the window.)

The following screen is what you'll see when you press [C] to continue...


In case there weren't enough pictures of WUMT already, here's another one asking to reboot.
(Windows Update service will be disabled when you click OK, or if you close WUMT).
Time to reboot. Let the fun begin.
Edit: The CU installed and rebooted no problem.

Spoiler

Update Windows 10 on your schedule, not Microsoft's!
I originally wrote this script for personal use because of the lack of update options with the original RTM release of Windows 10 Pro. I wanted to update Windows 10 when I had the free time to manually update, just like I did with previous versions of Windows that allowed me to set updates to manual, not when Microsoft forced it on me while I was busy using my computer. When my computer rebooted in the middle of the night after a forced update I swore it would be the last time I would let that happen. With the Windows 10 Anniversary Edition, increased lack of control and arbitrary removal of registry options only got worse. Microsoft removed previously working Group Policies and registry tweaks on Windows 10 Pro and Windows 10 Home and I expect things may only get worse with future major updates. The methods that may or may not work now such as update notifications, metered network connections (which may soon push "essential" updates over metered connections, whatever that means), Windows 10 Pro Group Policy edits, and other workarounds implemented to control automatic updates are not guaranteed to work forever on Windows 10 if the past is any indicator. This script will always allow fully manual updates no matter what Microsoft does to force automatic updates, including Windows 10 Home.

Spoiler

This script first checks if you're running Windows 10. If not then it just installs wub_task
and leaves updates off unless running the script to check for updates. This script disables
and locks all "\Microsoft\Windows\WindowsUpdate\" tasks, If you're running
Windows 10 it creates an additional smart Windows Defender Update task "WDU" that
updates Windows Defender if it's running and enabled, and doesn't update it if it's not
running and disabled, auto-elevates, uninstalls and removes the Windows 10 Update
Assistant, renames the %programfiles%\rempl folder disabling remsh.exe, resets and
removes permissions from and disables:
EOSNotify.exe
osrss.dll
UsoClient.exe
WaaSMedic.exe
WaasMedicSvc.dll
WaaSMedicPS.dll
WaaSAssessment.dll
MusNotificationUx.exe
MusNotification.exe
SIHClient.exe
upfc.exe
makes sure the task "wub_task" is installed that runs wub at boot (to stop
updates from turning updates back on), *runs wub and enables and starts the windows update
service (wuauserv) if disabled (*wub can be disabled using the included Configurator in the
script, leaving Windows Updates always running so you can use Store at any time, or
temporarily enable the update service to run the store then disable the update service), then
runs the correct version of WuMgr or the Windows Update MiniTool in "auto search for updates" mode
for our OS version's architecture (x86 or x64), then disables and stops wuauserv giving you
full control. No more forced automatic updates or surprise reboots. This was written for
Windows 10 Pro and Home, but works with all versions of Windows 10. Don't change any
settings in lower left of WUMT while running the script.

*If you need to install .Net 3.5 or use the Windows 10 Store or something that needs
wuauserv running, run the script and either, [E]nable the Update service,or [C]ontinue to run WUMT, and install what you need after WUMT checks for updates but BEFORE closing WUMT.

Spoiler

The wrapper script causes sfc errors because it makes update hijacker files unreadable (the
errors go away after uninstalling the script), so if you want to run sfc, uninstall the script first or
read the logs for errors with osrss.dll, UsoClient.exe, WaaSMedic.exe, WaasMedicSvc.dll,
WaaSMedicPS.dll, WaaSAssessment.dll, MusNotificationUx.exe, SIHClient.exe, and upfc.exe
which is normal.

To check that these files are the cause of the sfc errors which, again, is normal, run this in a
command prompt and you should only see the above mentioned files listed as a problem.
(Uninstall the script if you don't want sfc errors):
Code:
You have No permissions

Spoiler

Ahsan, post: 1429879, member: 114079 Wrote:The contents of this section are hidden

You have No permissions

Spoiler

This is what to do if an update won't install using the script. Here is an example from today. WUMT wouldn't install Cumulative Update KB4093112. After installing and hiding/unhiding what you want to install with wumt, you're ready. Make sure that only the updates shown here are what you want to download and install. Leave wumt running:


You can then use the Settings app to install our sample KB4093112, like so:


If you closed wumt, 1) use the configurator to turn on updates and update from the settings app (turn updates off again afterwards if you want it off), or 2) check updates with the script again and after WUMT checks for updates but before closing it, update from the settings app.

Spoiler

*Installer:
Run WUMTWrapperScript.exe. Menu shortcuts in the start menu can be optionally not
installed. There is no uninstall in control panel. Only uninstall from the shortcut in the start
menu or using "Uninstaller.cmd" in the WUMT Wrapper Script folder.

*Portable:
Extract the contents of the portable folder to a folder of your choosing if you downloaded this
script, otherwise put the scripts provided in this post (with WUMT and WUB linked below)
in a folder, then make a shortcut to the file "Uninstaller.cmd", and "WUMTWrapperScript.cmd".
Use the latter shortcut to run manual Windows Updates.
WUMT is available here: https://forums.mydigitallife.net/threads/64939-Windows-Update-MiniTool
Windows Update Manager (WuMgr) is available here: https://github.com/DavidXanatos/wumgr/releases/
Windows Update Blocker v1.0 is available here: http://sordum.org/files/windows-update-blocker/old/Wub_v1.0.zip
Only use Windows Update Blocker v1.0 with this script, not v1.1.
NSudo 6.1 is available here: https://github.com/M2Team/NSudo/releases/tag/6.1
*******************************************************************************************************
*The default configuration of the script turns off windows updates after running WUMT. The
Configurator is to enable the Windows Update service, while update hijackers are still
disabled, so you can use the Store temporarily. If Windows Defender is enabled it will update no matter what setting you make.

Spoiler

WUMTWrapperScript.cmd
Posting the script exceeds 6,000 character post limit. It's on pastebin here.

Uninstaller_undo-all-script-changes.cmd
You have No permissions

Spoiler

Frequently Asked Questions (FAQ)
WUMT Wrapper Script
Updated 12/31/18

GENERAL (Section A)
INSTALLATION (Section B)
USE (Section C)
ADVANCED (Section D)

-----
GENERAL.
-----

A1.  Isn't WUMT, which the Wrapper Script runs, too old to be effective? It hasn't had an update since 2016.

While it's true that the Windows Update MiniTool (WUMT) itself hasn't been updated recently, it's still a very effective tool for manually selecting which Windows updates to install. And the Wrapper Script is being refined continually to "wrap" WUMT and WuMgr in processes that restrict Microsoft's attempts to force Windows updates in new ways. Additionally, the Wrapper Script now provides the option to use Windows Update Manager (WuMgr), a great replacement that is stable and is currently maintained. https://forums.mydigitallife.net/threads/windows-update-manager.77736/.
-----
A2. When the script runs WUMT or WuMgr, is the native Windows Update Service also able to run in parallel and install something unexpectedly? What keeps the built-in Windows Update from doing its own thing while WUMT is running? When the Wrapper Script starts WUMT, apparently WUMT (a "black box") blocks the regular Windows Update from operating. Is that true, and if so, how does it do that?

Using the script, it doesn't block anything from installing, rather it prevents Windows from checking for updates on its own. While WUMT is running using the script, you can also check for updates in the Settings app, but the Settings app won't check for updates by itself. The script handles that by disabling all update hijacker files.
-----
A3. How can I be sure that installing the Wrapper Script won't mess up my system? I've read comments that it makes changes that cause errors in the System File Checker (SFC) results.

SFC errors are caused by locking update hijacker files. The included uninstaller undoes script changes and leaves everything like it was before you ever used the script. (Use the "Uninstaller_undo-all-script-changes.cmd" to undo all script changes whether you run the script in the portable folder or install the script into your Windows start menu (it's the "Uninstaller-undo script changes" shortcut in the start menu.))  The wrapper script causes SFC errors because it makes update hijacker files unreadable. The errors go away after uninstalling the script. So if you want to run SFC, uninstall the script first. Or when you read the logs produced by SFC, recognize that there should be errors for osrss.dll, UsoClient.exe, WaaSMedic.exe, WaasMedicSvc.dll, WaasMedicPS.dll, WaaSAssessment.dll, MusNotificationUx.exe, SIHClient.exe and upfc.exe.
-----
A4. Is the Wrapper Script "peer reviewed"?

Yes. The full script is available for anyone to download, use, modify, or fork. The operation and effects of the script and any changes are discussed on the MDL Forum thread and tested by multiple users. Improvements are incorporated whenever feedback shows a need.
-----
A5. After installing the script, what are the default effects?

The default configuration of the script disables the Windows Update Service and Microsoft “Update Hijackers”. If you choose to ©ontinue to WUMT to check for updates, the script enables the update service, keeping the update hijackers disabled, then after running and closing WUMT, turns off windows updates. The Configurator will also let you (E)nable the Windows Update service, keeping update hijackers disabled, so you can use the Store. The update service will be disabled when WUMT is closed no matter what you choose in the Configurator. If Windows Defender is enabled, it will update every 6 hours no matter what setting you make. If Windows Defender is disabled, it will not be updated.
The script has never disabled any triggers that force updates; instead, it disables the files the triggers try to run.  Without the script, every time you start Windows Update Service (wuauserv), you’re rolling the dice on a forced update.  WaasMedic(SVC), Update Orchestrator, Remediation Service, and other “Update Hijackers” are ready and waiting for you to enable wuauserv to start unwanted Update downloads and installations. And even if you don’t enable wuauserv, Microsoft will enable it for you!  And then there’s Update Assistant that doesn’t even need wuauserv enabled to force an update.
The purpose of the script is not to stop updates permanently, even though that's possible with the script. The purpose of the script is to allow you to choose to update when updates are available and at a time convenient to you. The script gives you complete control, like it used to be in Windows 7 when you set Windows Updates to check manually. I only want manual update checks. My script is the closest thing I've found to that.

-----
INSTALLATION.
-----

B1. Do I need to uninstall the Wrapper Script before installing a new version of it?

Yes, uninstall the previous version before installing a new one.  The Uninstaller gives you the option to disable your network connection before uninstalling the script so that you can be 100 percent certain that Microsoft won’t be updating your computer in between versions.  Or you can run WUB 1.0 and disable the update service right after you uninstall the Wrapper Script you’re currently using (WUB.exe will be deleted from the wrapper script folder if you used the script installer, so make sure you put a copy in a different folder). If you pin WUB to the taskbar from this different folder, it will be instantly available at your mouse click.
-----
B2. Does the same version of the Wrapper Script work for all Windows versions? (I've seen there are specific script versions for different Windows versions in the past.)

As of version 2.5.3, the script only supports Windows 10. Keeping up with previous versions is better handled using other methods since I can't and don't keep up with update hijackers in all versions of Windows.

-----
USE.
-----

C1. Should the settings under Update Service in WUMT be changed while the script is running?

No. If you want to change the WUMT settings manually, you should run WUMT separately after exiting the script.  The script sets WUMT to “Automatically” check for updates.  You need only choose the updates it finds and offers to either hide or install.  If you want to run WUMT independently of the script (for example, if you wish to update offline with wsusscn2.cab https://go.microsoft.com/fwlink/?LinkID=74689), you should select (E)nable Windows Update Service in the Configurator or run WUB.exe manually to enable the update service. You may then use WUMT with other options.  For further information on those options, you can visit the WUMT MDL thread at https://forums.mydigitallife.net/threads/windows-update-minitool.64939/.
-----
C2. What will happen if you do change the option in the lower left corner of WUMT from “Automatic” while running it in the script?  Will that cause the native Windows Update to download and install updates simultaneously with WUMT?

It can cause problems while running WUMT using the script, but only for the current update session. Better to leave all options alone while running the script. And no, it won't cause Windows to install updates on its own.
-----
C3. Does the Windows update service stay disabled after reboot?

Yes. The "wub_task" task created by the script disables the update service at reboot and at logon. However, if you update using WUMT in the script, and the update requires a reboot, you should re-run the script after the reboot, then close the first screen after confirming that it shows the Windows Update Service is disabled and stopped. This action will ensure that all the “Update Hijackers” that force updates stay off.
-----
C4. Will the script keep protecting against new and unexpected Windows updates after the next Feature Update (aka, Windows 10.x, 10.y, 10.z)?

Most of the time yes, but I can't always predict what Microsoft will do. The intention for the script is to keep discovering the new methods that Microsoft deploys to facilitate or force updates and to develop and provide protection against such Microsoft exploits. So always use the latest version of the script. However, script countermeasures can't always be written and incorporated until after feature updates are released. So remember that MS gives you only 30 days (or less) to roll back or uninstall a feature update to the previous version of Windows. Consequently, it's advisable to have regular image backups of your Windows system drive that you can rely on for restoration in worst case scenarios. In addition, the negative effects of some Windows updates aren’t discovered by the community of Windows users until days, or in some case weeks, after deployment by MS. Please consult your favorite websites to monitor feedback and consensus on new updates found to be problems for other users. One such site is AskWoody, where you can find an overall rating of comfort level with current updates (https://www.askwoody.com/ms-defcon-system) and a master list of updates (https://www.askwoody.com/patch-list-master).
Please note that some updates other than feature updates are also designed by MS to change the behavior of Windows Update, and some of those cannot be uninstalled after installation (another good reason to have an image backup). The Wrapper Script is continually being revised to deal with the existence of those types of updates after MS introduces them.
-----
C5. Why don't updates that are "Hidden" in WUMT stay hidden? Sometimes they show up in available updates again.

The problem of having updates that have been hidden by WUMT or by wushowhide.diagcab suddenly reappear as available is a perplexing issue. It’s suspected that clearing the "Windows\SoftwareDistribution" folder may unhide updates, and also some updates, like KB4023057, periodically have newer revisions, which in effect create a new update, making the hidden update invalid and superseded by the re-release.  At least, using the Wrapper Script with WUMT, you can simply re-hide the updates without concern that they will automatically be installed.
-----
C6. How can I be sure that the Windows Update Service is still disabled after running the script?

You can verify that the update service is off by opening Services (%windir%\system32\services.msc) and scrolling down to Windows Update to see that it is Disabled and not running, and you can run the Wrapper Script at any time just to check the status. Additionally, you can pin Windows Update Blocker (WUB) 1.0 to the taskbar to make it readily available, then when you run it, it should show the update service as disabled. But make sure you copy WUB.exe into a different folder because if you used the installer, then the uninstaller, it deletes all files in the script folder including WUB.exe. If you would like to install an automatic indicator that shows when the Windows Update Service starts and stops, two free alternatives are:
(1) "ServiceTray" by Core Technologies (https://www.coretechnologies.com/products/ServiceTray/) will show a red icon in the notification area (system tray) when Windows update service is disabled (which should be the normal state of using the script) and alert you when the update service has started again, both with a green icon and a Windows notification. Whenever the status changes, it will create a Windows notification. (To stay visible in the notification area, you need to go to Taskbar settings and check ServiceTray in Select which icons appear on the taskbar. Otherwise, it will be in the hidden group and not be as useful for this monitoring purpose.) After installation, to start ServiceTray with Windows, you can use task scheduler to schedule a task to run with highest privileges at log on of any user. When creating the task, if you just browse to the shortcut on the desktop as the program to run under the Actions tab, Task Scheduler will automatically parse the program to start as "C:\Program Files\ServiceTray\ServiceTray.exe" with argument = "wuauserv" -icon 1. After that, the shortcut is no longer needed.
(2) A second monitoring program called Windows Service Monitor (http://www.softpedia.com/get/System/System-Miscellaneous/Windows-Service-Monitor.shtml) is similar to ServiceTray.  Although it doesn't give notifications, the tray icon changes from green when the service is running, to gray when it's not. It doesn't need admin rights and autostarts with windows if you set it to.
-----
C7. Windows Defender is the only antivirus program I use. Do I have to run the Wrapper Script every time I want to get new malware signatures and updates for it?

No. One of the script’s features is that Windows Defender, if enabled, is automatically updated with the script every 6 hours through the Windows Update service using the "WDU" (Windows Defender Update) task. This task will not update Defender if it's disabled.
-----
C8. Can the script be run automatically rather than manually, maybe even silently, for the computers of family members who aren't very technically minded to block updates completely, except for Windows Defender updates?

The script could be modified to do so, but in its present form, not silently. The reason is that the script requires user input, so if the parts requiring user input are bypassed, then the script could be run silently, either through a task or putting the script in the startup folder. But then WUMT would have to pop up. You could even bypass WUMT by modifying the script, but if you did that you might as well uninstall the script and let Windows update whenever it wants to.
-----
C9. Does the Wrapper Script let me use the Windows Store?

Yes, but it's a little restrictive because the Windows Store can't work without the Windows Update Service. You can use the store by selecting (E)nable in the Configurator, then use the Store either by leaving the Configurator window open, or ©ontinue while checking for updates. The update service will be stopped when you choose to do so in the Configurator, or after an update check if you close WUMT or WuMgr. When WUMT or WuMgr is closed, the update service is disabled and the Store won't work.
-----
C10.  After updating with WUMT or WuMgr, a pop-up box asks if I want to reboot now. Is it better to say “yes” and let it reboot, or to close the pop-up, then the main WUMT window and reboot manually, or does it matter to the script?

It doesn’t matter. You can reboot either way and the update service will stay disabled.
-----
C11. How do I know which Windows updates are risky to install when I'm looking at what's available with WUMT? For example, I've learned that kbxxxxxxx and kbyyyyyyyy are actually update facilitators or "hijackers" and that MS keeps redistributing them so they become available for downloading again even after I've hidden them. Is there a simple list of bad KBs maintained that I can refer so I can hide them when they show up?

First, google the KB numbers to see if they are harmful.
"Simple" is a relative term. Here is a list of bad patches that facilitate telemetry (MS collecting data from you) for Windows 7 and 8.1: https://www.askwoody.com/forums/topic/2000003-ongoing-list-of-group-b-monthly-updates-for-win7-and-8-1/.
For Windows 10:  Bad: KB4023057, KB4295110, KB4056254, KB4023814, . . . . ???
The negative effects of some Windows updates aren’t discovered by the community of Windows users until days, or in some case weeks, after deployment by MS.  Please consult your favorite websites to monitor feedback and consensus on new updates found to be problems for other users. One such site is AskWoody, where you can find an overall rating of comfort level with current updates ( https://www.askwoody.com/ms-defcon-system) and a master list of updates (https://www.askwoody.com/patch-list-master). However, a definitive blacklist of Windows updates does not yet seem to be available. To complicate this issue further, because of variable hardware characteristics and software configurations, an update can break one computer but not another.  So there is not a one-size-fits-all for any list.
It appears reasonable that updates contained in the offline Microsoft Update Catalog file, wsusscn2.cab https://go.microsoft.com/fwlink/?LinkID=74689, are bona fide updates and do not include update hijackers. But there is always the possibility that any update could be problematic for your specific, unique computer.
-----
C12.  Does the script create tasks in Task Scheduler?

Yes. The script creates "wub_task" which forces off the update service at reboot and at logon. It also creates a "WDU" task to update Windows Defender every 6 hours (but only if Defender is enabled). Both wub_task and WDU task are deleted and recreated every time you run the script. The WDU task waits 5 minutes to reduce resource hogging while booting, starts the windows update service, updates defender, then disables the windows update service. The varying length of time the update service stays on only depends on the type of Windows Defender update needed, engine (takes most time) or definition (usually pretty quick), but never stays on longer than needed to update defender, so you should be in no actual danger of a forced update during that time.

-----
ADVANCED.
-----

D1. Can cumulative updates be selected and installed?

Yes, it almost always works, but not every time. Since Windows 10 version 1709 (Fall Creators Update), Cumulative Updates are processed by Microsoft's new delivery technology, Unified Update Platform (UUP), and WUMT and WuMgr can’t always handle UUP correctly. UUP was intended to significantly reduce the size of large feature updates by allowing them to be differential downloads that contain only the changes that have been made since the last time you updated Windows, rather than having to download a full build. Cumulative Updates were already differential updates, but were not previously processed by UUP. Microsoft’s use of UUP is one of the many challenges being addressed in the continuing development of the Wrapper Script.
If you can’t install a Cumulative Update with WUMT or WuMgt under the script but WUMT or WuMgr does identify it, you can leave WUMT or WuMgr open with only that update shown as available (others either hidden or previously installed). Then you can open the Windows Update in Windows 10 Settings to install it. Follow the Wrapper Script instructions carefully to do this.
If you are having serious problems you can put the update's KB number in the search box here: https://www.catalog.update.microsoft.com/Home.aspx and download it from Microsoft after having tried using Updates in the Settings app while WUMT or WuMgr is running.
Another option for installing Cumulative Updates is to do it offline with WUMT or WuMgr by downloading the Microsoft Update Catalog file, wsusscn2.cab, which contains all updates and is itself updated periodically, from Microsoft at https://go.microsoft.com/fwlink/?LinkID=74689.
(Note: Full build download packages, called "canonical" packages by MS, are self-contained updates that contain all files for the update, and don't rely on any files on your computer. Much smaller differential download packages reuse files on your current OS to reconstruct the newer OS by copying files as-is that have not changed between builds and by applying binary deltas to old files to generate newer ones.)
-----
D2. Windows Update Blocker has an updated version 1.1. Shouldn't I use that instead of the version 1.0 that's included with the Wrapper Script installation?

No! Only use WUB version 1.0 with script, available here http://sordum.org/files/windows-update-blocker/old/Wub_v1.0.zip. WUB v1.1 can enable and disable a whole list of stuff that you specify in the Wub.ini file. That's great except for when you enable the update service, it'll also enable all the update hijackers that you want to stay disabled. For example, DoSvc, (Delivery Optimization Service) is in the ini file by default. If you don't re-enable the update service with v1.1, then v1.0 in the script won't re-enable whatever's in the v1.1 ini file (i.e. DoSvc).  In other words, always let enable be the last thing you do with v1.1 before you use v1.0 (included with the script) unless you want Delivery Optimization Service disabled permanently until you enable with v.1.1 again. Or better, remove DoSvc from Wub.ini (but not after disabling it or you can't reenable it!). Better yet, just use WUB v1.0 in conjunction with the Wrapper Script and forget that WUB v1.1 exists while using this script. Of course, there are exceptions to this, but you'd better know exactly what you're doing if you decide to use WUB v1.1!
-----
D3. I’m getting an error updating with the script and WUMT or WuMgr. How can I tell if the script is the problem?

If you're getting an error updating and you want to make sure the script isn't the problem, uninstall the script, then run Updates from the Settings app, or wumt_64.exe (or wumt_x86.exe) or WuMgr.exe and see what happens. If you get an 0x80072EE2 error code, that is a Windows Update error code (and not a script error code).
-----
D4. Why doesn't the script set the network connection to metered? Doesn't that stop Windows updates?

Enabling metering interferes with some apps. For example, a while back there was a problem with the Netflix app and metering. Plus, it doesn't stop updates. Windows still checks for updates with the connection metered and eventually forces updates anyway. Setting connections to metered is not a solution and can cause problems, so that method will not be added to the script. I'm only concerned with manual updating and the script is doing that. I don't want to interfere with anything except forced updates. People who truly need a metered connection can do this themselves and deal with any consequences.
-----
D5. Why doesn’t the script use the Windows firewall or the hosts file to restrict or block Windows update?

The firewall is unreliable since the update hijacker files will change over time, and then there are third party firewalls which will override any settings in the Windows firewall, and since it isn't necessary to block anything in the firewall to prevent unwanted updates with the script, using the firewall to block updates is a waste of time. Anything you might want to manually block in the firewall would only be redundant since the script takes care of update hijackers.
And the hosts file is easily bypassed by Windows, so using the hosts file is not an option.
-----
D6. Is it safe to use Windows 10 Fast Startup option when you're using the script?

Yes. Windows Update Blocker will be executed after you reboot, and logon, whether or not you have Fast Startup enabled.
-----
D7. Why are WaaSMedic, Update Orchestrator, and other update hijacker services allowed to run with the script?

Because there's no need to disable them. The script disables the parts of those services that initiate an update (system32\WaasMedic*.* and osrss.dll for example), and if the services were completely disabled, it could potentially cause serious problems with Windows in general (the Store, App updates, etc.), plus you wouldn't be able to update at all. There's no reason to be concerned about these services running. The methods I'm using have been well tested over time.
-----
D8. Why can't I enable the Windows Update Service?

It's been disabled by wub.exe on purpose. Just run wub.exe it and enable it if needed. The script will turn it back off when run, and when WUMT or WuMgr is closed.

Changelog



March 24, 2020
Sledgehammer 2.7.0
Changelog from 2.6.0:
1) Updated WuMgr to latest version 1.1 which properly supports windows 1909, 2004, etc.
2) Internet check before configurator is now instantaneous and 100% reliable
3) Provides advanced options. wsusscn2.cab will be downloaded to the script's "bin\Updates" folder
4) Internet check queries the OS directly instead of using "ping".




April 26, 2019

Sledgehammer 2.6.0 Windows 10 update control script

1) Put askwoody.com MS-DEFCON rating on first screen.

2) Tasks now work in any folder name in any language while still retaining task creation error message just in case!!! Thank you [USER=120394]@rpo[/USER] for fixing this problem that has been bugging me for a long time.

3) Moved WDU and Wub_task to task scheduler \Microsoft\Sledgehammer folder to work in a multi-user environment. 2.6.0 automatically deletes the tasks in old locations when script is run just in case.

4) Create dummy locked %systemdrive%\Windows10Upgrade folder in addition to "%ProgramFiles%\rempl", "%systemroot%\UpdateAssistant", "%systemroot%\UpdateAssistantV2". Windows 10 Upgrade Assistant now cannot be installed under any circumstances even if you try to force install it manually. Folders are system/hidden and can only be seen in file explorer if "protected operating system files" are unhidden.

5) added "ping pool.ntp.org" internet connection check before configurator that can be bypassed by pressing a key in case of known working but unreliable internet connection. There's no point in enabling wuauserv or running WUMT or WuMgr without an internet connection, but the script will still let you override the internet check if you really want to. (Is this address available world-wide? If not, what is? If not, the script will still work)

6) Put "run WUMT or WuMgr" option in Configurator for one less screen of options to make things simpler for the user. Thanks [USER=120394]@rpo[/USER]

7) Move all exe's and other unnecessary files to bin folder in script folder.

8) Put recovery script and readme for same in recovery folder in script folder.

9) Put uninstall files in uninstall folder.

10) Rename the "Version" entry in the start menu to the version of the script, i.e. "Version X.X.X".

11) Included all known WuMgr translations in "Translations.ini" file (and all known WUMT translation files in "bin\WUMT Translations" folder. Thanks [USER=329603]@Carlos Detweiller[/USER].





December 30, 2018

WUMT Wrapper Script v2.5.5

SHA1 hash: 488f5e24609f0ef6f388cba334d9119b0e61f4e3

Version 2.5.5 supports 1809 and LTSC and is vastly improved from 2.5.4!

Uninstall 2.5.4 or any previous version before installing or running 2.5.5.


1) Script now includes WuMgr v0.9b along with WUMT giving you a choice of which to use in the menu.

2) Script now uses The contents of this section are hidden instead of The contents of this section are hidden (NSudo thread The contents of this section are hidden ) to lock update hijacker files. NSudo is faster and just works better.

3) Fixed accidental unicode in _readme.txt which caused strange characters to display in Oriental languages. (No, really, I fixed it this time!)

4) Script now in addition to uninstalling Windows 10 Update Assistant, creates and locks empty %systemroot%\UpdateAssistant and %systemroot%\UpdateAssistantV2 folders to stop Update Assistant from ever installing from an update. Now no need to run the script again after an update!

5) Fixed rare task creation error problem.

6) Not just some, but now all Update Hijacker folder and file permissions are now removed as TrustedInstaller as required by 1809.

7) Wrapper Script Start Menu folder now has a "Version" icon to easily see what version of the wrapper you have installed.



October 8, 2018

WUMT Wrapper Script v2.5.4

Uninstall 2.5.3 before installing or running 2.5.4 if you're running 1809 or your update hijacker files will not be locked!

You'll know if you made a mistake by searching for "*.*-backup" in the \Windows\System32 folder and you find any "-backup" files.

If you do, just run the 2.5.3 or 2.5.4 uninstaller to uninstall the script, then install and/or run 2.5.4 script again and you'll be okay.

No damage will be done to any system files if you make a mistake, they just won't be locked like they should be.

1) Script now uses PowerRun v1.3 (more info here) to lock update hijacker files.

2) Removed yellow highlighting from script screens for support of Windows 10 TH1 10240.

3) Language components Installer tasks disabled (you can reenable them manually if needed). If this causes any problems please report it.

4) Removed accidental unicode in _readme.txt which caused strange characters to display in Oriental languages.

5) Windows Update service is now forced to stay running as long as WUMT is running.

Thanks to [USER=1152611]@Alfonico[/USER] and [USER=120394]@rpo[/USER]

and at The contents of this section are hidden TreefrogGreaken and Matthew Wai



September 28, 2018

WUMT Wrapper Script 2.5.3

-Supports Windows 10 1809

-Script now only supports Windows 10.

-Windows Update Service is disabled after running script and closing WUMT

no matter how you set the Update Service in Configurator.

-Lots of cosmetic improvements. Screen doesn't change size or flicker.

-Numerous code improvements with extensive testing and error checking.

-In addition to supporting English, Western European, and Latin language

script path, script now provides helpful error message in case of tasks

creation error in unsupported path.

-WDU (Windows Defender Update) and wub_task tasks are now created before first screen.

-WDU task now shows correct last run error code.

-Changed Windows Defender update frequency to every six hours.

-Added 5 minute delay to WDU (Windows Defender Update) task to minimize

resource hogging after reboot with missed Windows Defender update.

-All Windows Update tasks are now disabled.

-Added FAQ to readme

-As always, uninstaller undoes all script changes.

-At bottom of script, you can edit it to use The contents of this section are hidden (Windows Update Manager)

instead of WUMT if you want. I haven't fully tested this, so you're on your

own if you do this.

Huge thanks to [USER=120394]@rpo[/USER] for the input, ideas, and code help with this version.

Thanks to [USER=565320]@Whistler4[/USER] for making an almost complete FAQ, [USER=297208]@maka213[/USER] for suggesting creating

tasks before first screen, [USER=1090761]@Lars220[/USER] and [USER=1032214]@ShiningDog[/USER] for some good ideas

(sorry, the bin folder idea didn't make it into this version but I haven't forgotten).



August 26, 2018

WUMT Wrapper Script 2.5.2

*Added 60 second delay to "WDU" Windows Defender Update task

to fix some random problems. If run manually it'll wait for 60

or more seconds before it actually updates, just so you'll know

why it's running and seems to not be doing anything .

*Added "WUMT Wrapper Script X.X.X Installer" to title bar of

installer, and "W.W.S X.X.X" as App Title of installer in task switcher.

*Improved wording in Configurator pages.

*"Automatic App Update" in "Windows Update" tasks is now left on,

all others off as usual. Uninstaller reenables them all.

*Changed installer picture.

*Important bugfixes.

Thanks [USER=293479]@s1ave77[/USER], [USER=1090761]@Lars220[/USER], [USER=120394]@rpo[/USER], [USER=565320]@Whistler4[/USER], [USER=1042936]@app_raiser[/USER]



August 21, 2018

WUMT Wrapper Script 2.5.1

Fixed problem with WUMT taking a long time to open.

Thanks [USER=607717]@Wolfzz[/USER] and [USER=564308]@nghiabros[/USER] for the reports.



August 20, 2018

WUMT Wrapper Script 2.5.0

Fixed condition where if Windows Defender update task (WDU)

ran while performing updates with WUMT, it would disable the

Windows Update service stopping the update.

Takes way too long to open WUMT.



August 14, 2018

WUMT Wrapper Script 2.4.9

*Disables rempl v2

*Improved uninstaller. Now gives the option to open

network connections to disable the internet before

uninstalling.

*Extensive testing for stability and bugs.

*Tasks creation by vbscript provides some support for

special characters in path name in some languages.

No cyrillic, haven't tested chinese, japanese.

French works, so german, spanish and portuguese

characters in path should too. If in doubt, put

script folder in path without special characters.

Spaces are okay. You can check the wdu and wub_task

tasks execution parameters to see if the path looks

okay, otherwise the tasks won't work.

*Thanks for the code contributions and suggestions by

[USER=120394]@rpo[/USER], [USER=1090761]@Lars220[/USER], [USER=565320]@Whistler4[/USER], [USER=1042936]@app_raiser[/USER] and [USER=279985]@RazTK[/USER]



July 30, 2018

WUMT Wrapper Script 2.4.8

Changelog from version 2.4.7

Windows Defender Updates frequency changed to every 2 hours from 4 hours.

wub_task now forces off the update service at login as well as on reboot.

Thanks [USER=120394]@rpo[/USER], [USER=1090761]@Lars220[/USER], and [USER=565320]@Whistler4[/USER]



July 26, 2018

WUMT Wrapper Script 2.4.7

Changelog from version 2.4.6

Had error in uninstaller that unnecessarily enabled

"\Microsoft\Windows\WindowsUpdate\Scheduled Start" task.

Not a big deal but is now fixed.

Now the script disables and locks all

"\Microsoft\Windows\WindowsUpdate\" tasks

thanks to a remark made by [USER=293479]@s1ave77[/USER]

plus I was already thinking of doing it.

The uninstaller unlocks the tasks, but leaves them disabled.

You can enable them manually if you want to unless they turn

themselves back on first.

This is absolutely all I can do to help those who choose

to leave the windows update service running in the script

to use the Store. The Store and Windows Update are so tied

together that you can't have one without the other so I've

come up with the best compromise I can without harming

the operation of the store or allowing unwanted updates.



July 25, 2018

WUMT Wrapper Script 2.4.6

Changelog from version 2.4.5

Fixed store problems.

Thanks [USER=537528]@jmdbox[/USER]



July 24, 2018

WUMT Wrapper Script 2.4.5

Changelog from version 2.4.4

Windows Defender updates every 4 hours now.



July 17, 2018

WUMT Wrapper Script 2.4.4

Changelog from version 2.4.3

Fixed bug in Defender Update code.

If you use Defender, update to this version.



July 17, 2018

WUMT Wrapper Script 2.4.3

Changelog from version 2.4.2

Changed "Disabling Update Hijackers" displayed text while script is starting to

"Initializing script" for consistency with Windows versions before 10. Exact

same functionality otherwise as version 2.4.2 so no reason to upgrade if

you're using Windows 10, or if the lie about disabling update hijackers for

Windows versions before 10 doesn't bother you. ;-)



July 8, 2018

WUMT Wrapper Script 2.4.2

Changelog from version 2.4.1

Installer code improved. Thanks [USER=204274]@abbodi1406[/USER]

Cosmetic and script code improvements.

Greatly reduced code required in wrapper script and

uninstaller to change permissions on "update hijackers".

(EOSNotify.exe, WaaSMedic.exe, WaasMedicSvc.dll,

WaaSMedicPS.dll, WaaSAssessment.dll, remsh,

UsoClient.exe, SIHClient.exe, MusNotificationUx.exe,

MusNotification.exe, and osrss.dll.)

Notes:

The changes to the installer changes the default

install location from "Program Files (x86)" to

"Program Files", so it would be best to uninstall

any older version before installing 2.4.2 (only

if you used the installer to install). If you're using

the portable version it doesn't matter.



June 28, 2018

WUMT Wrapper Script 2.4.1

Changelog from version 2.4.0

Changed method of detection of windows

update status to querying wuauserv registry

key instead of checking to see if wuauserv

is running or not which is far more reliable.

This version has been extensively bug-tested.

Numerous code improvements.

Numerous cosmetic improvements.

Best version yet with best base code that

future versions will be built on. I should

name it version 3.0 it's so perfected.



June 27, 2018

WUMT Wrapper Script 2.4.0

Changelog from version 2.3.9:

Fixed bugs in Configurator.



June 27, 2018

WUMT Wrapper Script 2.3.9

Changelog from version 2.3.8:

Fixed windows service

configurator in script got

confused if windows update

service was enabled but not

running.

Cosmetic and informational

improvements.

Still has bug in Configurator.



June 24, 2018

WUMT Wrapper Script 2.3.8

Changelog from version 2.3.7:

A lot of cosmetic and code improvements.

The Windows Update Configurator is now

integrated into the script for easier use

(except for versions of Windows that are not 10

where the Configurator is bypassed).

Now manipulates only windows update

service with versions of windows below 10,

and "Update Hijacker" protection only applied

in Windows 10. These changes automatically detect

the Windows version for increased compatibility

with earlier versions of Windows down to XP.

Thanks [USER=120394]@rpo[/USER].



June 22, 2018

WUMT Wrapper Script 2.3.7 portable and installer.

Changelog since 2.3.6:

Disables Windows 10 Update Facilitation Service

(OS Remediation System Service - osrss)

Script behaves like the old script with Windows 7 and below

only manipulating the update service and running WUMT.

Script converted back to batch script.

Improved Configurator.

Thanks [USER=120394]@rpo[/USER] and [USER=1090761]@Lars220[/USER].



June 13, 2018

WUMT Wrapper Script 2.3.6 portable and installer.

Changelog since 2.3.5:

Code cleanup. Thanks [USER=120394]@rpo[/USER]. Installer logo changed.

Silent install now creates desktop icon.



June 1, 2018

WUMT Wrapper Script 2.3.5 portable and installer.

Changelog since 2.3.4:

Finally finished the to-do list on code improvements and installer.



May 30, 2018

WUMT Wrapper Script 2.3.4 portable and installer.

Changelog since 2.3.3:

Fixed issue of Configurator not keeping correct settings

if wrapper script is updated (installed on top of itself)

under certain conditions.

Configurator now tells you the state of the Windows

Update Service before you make a change.

Readme and script documentation updated.



May 29, 2018

WUMT Wrapper Script 2.3.3 portable and installer.

Changelog since 2.3.2:

Improved installer. Now lets you install as portable installation.

Also includes just the portable script folder for those who prefer that.

Code cleanup.



If you installed version 2.3.1, install v2.3.2 immediately or you can't update! Sorry about that!

May 27, 2018

WUMT Wrapper Script 2.3.2 portable and installer.

Delete your previous script folder contents and shortcuts and install using the installer or manually put the files in a folder since some file names have changed since version 2.3.0

To uninstall completely only use the uninstall shortcut in the start menu, or run Uninstaller.cmd in the script folder.

Changelog since 2.3.1:

Improved installer.

Fixed serious bug with Windows Update not opening in Settings App.

Disabling usocore.dll in 2.3.1 was the problem.

v2.3.2 re-enables usocore.dll and leaves it enabled.



May 26, 2018

WUMT Wrapper Script 2.3.1 portable and installer.

Delete your previous script folder contents and shortcuts and install using the installer or manually put the files in a folder since some file names have changed.

To uninstall completely only use the uninstall shortcut in the start menu, or run Uninstaller.cmd in the script folder.

Changelog since 2.3.0:

Added usocore.dll to disabled files.

Now all task and related file creation from main script is done by module.vbs.

Added installer.



May 16, 2018

Script updated to v2.3.0

Fixed broken automatic Windows Defender Updates.

Special thanks to [USER=120394]@rpo[/USER] for going above and beyond on this fix

and to [USER=1032214]@ShiningDog[/USER] for testing and feedback.



May 10, 2018

Script updated to v2.2.9

Improvements since v2.2.8:

Functionality still the same as 2.2.8

Code clean-up

Cosmetic changes





May 5, 2018

Script updated to v2.2.8

Updated for Windows 10 1803

Improvements since v2.2.7

Uninstalls and removes Windows 10 Update Assistant.

Disables new WaasMedic components introduced in 1803



March 19, 2018

Script updated to v2.2.7

If you were waiting for the best version,

this is it. It's been well tested. I'm freezing

development at this version until

future updates require changes.

Improvements since v2.2.6

wub_task code improvements by [USER=120394]@rpo[/USER]

Other code refinements.



March 16, 2018

Script updated to v2.2.6

Improvements since v2.2.5

In addition to disabling remsh.exe and UsoClient.exe,

the script now also disables SIHClient.exe and WaaSMedic.exe.

Uninstaller updated to restore file permissions and owner to TrustedInstaller.

Code improvements.

Thanks to [USER=1028879]@kabutopepe[/USER], [USER=745724]@yipika[/USER], [USER=236295]@Meesterlijk[/USER], [USER=231258]@Skunk1966[/USER], [USER=108940]@lomticksoftoast[/USER],

and [USER=325887]@l33tissw00t[/USER].



March 10, 2018

Script updated to v2.2.5

Improvements since v2.2.4

Fixed logic of rempl folder renaming in case of re-creation of rempl folder by subsequent updates.

Changed order: now usoclient is disabled first, then remsh.exe



March 4, 2018

Script updated to v2.2.4

Improvements made since v2.2.3:

Fixed a bug where the uninstaller wouldn't fully work under certain conditions.



March 3, 2018

Script updated to v2.2.3

Improvements made since v2.2.2:

You can close the "Welcome to manual updates" screen and Windows Updates will stay off unless you ran the Configurator to leave them on.

The script no longer makes backups of the original usoclient.exe because it's unnecessary.

The permissions for usoclient.exe are now reset before permissions are removed in case the permissions are wrong.

Thanks to [USER=236295]@Meesterlijk[/USER], [USER=120394]@rpo[/USER], [USER=381487]@elzna[/USER], and [USER=501789]@shewolf[/USER] for bug reports, ideas, and fixes.



March 1, 2018

Script updated to v2.2.2

Improvements made since v2.2.1:

Script updated to rename the %programfiles%\rempl folder and kill usoclient.exe. It makes two backups of the original usoclient.exe, and then removes all permissions from the original so it can't run.

I also included an uninstaller that restores the rempl folder, copies a backup of usoclient.exe back to the original file, and turns off wub which turns the windows update service on automatic again. undoing everything done by the script (except deleting the script folder itself. The user should know where the folder and shortcut is).

Running the wrapper script again undoes what the uninstaller does, and the uninstaller undoes what the wrapper script does.

The included Configurator lets you disable Windows Update Blocker in the script so you can leave the update service running all the time so you can use the Store anytime and get Windows Defender updates.

Thanks to [USER=204274]@abbodi1406[/USER] for telling me how to use Well-Known SID's with icacls instead of english account names, and [USER=1032214]@ShiningDog[/USER] for constructive criticism. And as always, thanks to [USER=120394]@rpo[/USER] for the code he's contributed.



February 24, 2018

Script updated to v2.2.1

Improvements made since v2.2.0:

Fixed wrong variable that caused wub_task to not execute wub.exe.



February 24, 2018

Script updated to v2.2.0

Improvements made since v2.1.9:

wub_task xml now included in script, bugs in variables fixed, by [USER=120394]@rpo[/USER]



February 24, 2018

Script updated to v2.1.9

Improvements made since v2.1.8:

wub_task scheduled task now works if running on battery



February 18, 2018

Script updated to v2.1.8

Improvements made since v2.1.7:

Added task "wub_task" on boot.

Windows update service can't be forced on again after Cumulative Update and reboot.

February 13, 2018 patch tuesday updates leaves windows update service running after reboot. To fix it just run the script again and close the The contents of this section are hidden as soon as it opens, or you can let it finish the update check first, your choice.

Edit: It appears that the update resets and enables the update service during the update installation that may continue during the first reboot.

tl;dr Update script to v2.1.8 and run it.

wub_task code contributed by [USER=120394]@rpo[/USER]



December 4, 2017

Script updated to v2.1.7:

Install folder can have spaces in the name (again).



December 4, 2017

Script updated to v2.1.6:

WUMT doesn't start maximized due to request. Removed a redundant code line.



December 2, 2017

Script updated to v2.1.5

Windows began arbitrarily turning windows updates back on by itself, so I incorporated The contents of this section are hidden to keep the service off.



June 3, 2017

Script updated to v2.1.4

Code improvements by rpo

Note: Elevation failure detection code in script is testing well so far (send any failure reports to this thread. So far, none have been received ).



May 31, 2017

Script updated to v2.1.3

Added privilege escalation failure check and script loop prevention code.

We've had a report of the script looping on one system when it failed to get admin. The newly added privilege escalation failure detection code prevents looping and stops the attempt to escalate, then notifies you:

"Elevating UAC for Administrator Privileges failed!

Right click on the script and select "Run as administrator."

Press any key to exit...

In that case you'll either have to, 1) right click the script and select "Run as administrator" or, 2) right click the shortcut to the script and select  "properties" > "shortcut" tab > advanced > and check the "Run as Administrator" box. Setting the shortcut to run as administrator is the preferred method for convenience, but either method will work.

Privilege escalation failure check and script loop prevention code by The contents of this section are hidden .



April 14, 2017

Script updated to version 2.1.2

Replaced the chcp instructions with cmd /u which can also generate unicode messages without relying on chcp.

Removed the WUMT command switch variable and changed to just WUMT command switches for less code.

Added goto commands so script completely bypasses comments instead of just ignoring them line by line.

Script now starts WUMT maximized.



March 5, 2017

Testing proves the script disables the windows update service again when rebooting from the WUMT reboot prompt. So, no longer is closing WUMT and rebooting manually necessary.



February 12, 2017

Script updated to version 2.1.1

Changed window title and changed the color to blue.



January 31, 2017

Script updated to version 2.1

Numerous improvements.

Cleaner code.

Fixed bugs in non-english versions of Windows.



*Older changelogs have been lost and aren't important anyway.