For the time being I am stuck using a laptop and it’s one that came with Windows 11 installed. I would much rather be using Windows 10 with a copy of the thoroughly sanitized copy that I had on a hard drive however that drive died on me and I now I don’t have a simple and straight forward way of replacing the OS on this machine, so I’m stuck with Win11 and have to make the most of a bad situation.
This leads to my question today. Previously I could simply use the registry, gpedit, taskscheduler and services to rip out a lot of the garbage that comes with Windows, Windows Update being the chief offender. With Windows 11 however it seems nothing I do will actually stop this fucking bastard from coming back, no matter how many time I try to disable/delete waasmedic or wuaserv it keeps reappearing and keeps downloading massive updates that just hog disc space for no goddamn use whatsoever. I think my attempts at preventing update from restarting the laptop or installing any updates have been successful but I want the thing well and truly gone, not merely neutered.
Barring an OS reinstall, either of Win10 or Win11 ameliorated, is there any known method that will actually kill windows update for good?
I’ve deleted the updateorchestrator dll file, it’s not showing itself again either. That’s not the issue.
It’s wuaserv and waasmedic that are the problem, these cunts keep resurrecting themselves and download a massive 30gb C:$WINDOWS.~BT directory that is impossible to remove.
I’ve tried taking ownership and still am denied access when I attempt to nuke this bullshit in any variety of ways.
I mean going into C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator
and then renaming the Reboot routine file and creating a folder named Reboot so that the file can never be repopulated again since Microsoft can’t overwrite a folder with a file.
You’ll still get updates, but your computer won’t ever automatically restart.
While I understand your sentiment, removing windows update also removes your capability to prevent and avoid malware.
If you haven’t noticed, Windows Defender is actually doing its job of defending you from malware. These days we don’t need extra antivirus software.
Enterprise is where it is at. Enterprise is the only segment left that MS respects, where you correctly opt out of the crapware. But you have to pay BIG money though.
These days, you can no longer separate the shitty parts of non-Enterprise Windows from its non-shitty components. Consider a different OS altogether, either with new hardware and iOS or keep the old hardware and use Linux. The Windows you knew is long gone and is morphing into something worse.
This is what chromebooks are for. If anything goes wrong with it, nuke from orbit and start over.
I’m not a windows admin, and I’m never going to be a windows admin. Maybe somebody else knows better, but yeah Windows has never really been the OS you use when you want things exactly the way you want it, and this is something Windows will actively prevent you from doing.
Just to be helpful, you could run pfsense in a hyper-v window with a virtual ethernet bridge to your wifi card. Then use pfsense to block everything except for NTP, steam, and your main browser. Then set up a killswitch on the wifi so when the pfsense vm is down nothing has internet
at least that way you could run an anti malware service on pfsense to make up for the super insecure win 11 install
If you don’t like what Microsoft is pushing, it’s time to get off the platform. Blocking updates to run the current patch level is going to leave you vulnerable to increasing amounts of malware and eventually you’re going to get hardware that won’t be supported.
Plan to migrate now.
Even windows enterprise is becoming less of an option. It still ships by default with user hostile configuration, like mouse-over pop up advertising buttons on the task bar, etc.
I believe I’ve seen somewhere that since windows 8, the only way to do this is on the enterprise or educational versions of windows. I’ve heard removing all windows updates talk recently because of something about using P2P windows updates being added although I’m not sure how customizable this is now that I only use windows 11 pro. If P2P updating is a thing (I haven’t looked into it) I would also want to kill windows update and do it manually.
Edit- They call this “delivery optimization”, and there is no easy off setting for the upload portion of this, my computer says I’ve uploaded 44MB of data to ???
You could use the Chris Titus Toolbox to configure updates.
You can either set it to security updates only and delay feature updates up to a year or so.
Or there is also an option to completely disable the updates which isn´t a good idea.
But if you want it you could.
Best way to avoid Windows 11 updates is to just use Linux. That is my plan when Win 10 support ends. I am already running most of my stuff on Manjaro only do a little gaming in Win 10 however I tested Linux gaming and for my needs it works!
So frankly, I tried, but on Windows 11 there are soo many issues trying to do it right.
The alternative:
So here is a method I use, and while not straight forward please respect its an honest answer, and that I am an opinionated human being that sometimes tries to make a point.
I use MS Server Data Center 2022 and 2025 as my personal workstation. Valid licenses bought of various internet shops for $20
I configured server 2022 (as example) as workstation. moved to manual or disabled several services including all telemetry.
How to stop automatic updates or select when to specifically update:
In server 2022 (after all the optimizations in BIOS and OS):
DISABLE windows update as well as select “take no action” on all three restart services setting.
DISABLE delivery optimization as well as select “take no action” on all three restart services setting.
DISABLE MS Store as well as select “take no action” on all three restart services setting.
DISABLE Update Orchestrator Service as well as select “take no action” on all three restart services setting.
DISABLE Windows Medic update Service as well as select “take no action” on all three restart services setting.
Restart, updates no longer happen, when I want updates I can WSUS specific ones using a third party tool.
I made a .bat to change those services to active and a .bat to return them to disabled so it easier to implement.
I was using to use office 2019-2021 local as my suite including outlook, but found better functionality in Libre Office, no issues no compromises, as well as I wrote my dissertations in Libre office, APA 7.
I moved from outlook to Thunderbird, best most rock solid version is 11b. I have 270,000 emails I have kept since 1995 that are a good record. I use Pop3 whenever possible across many individual separate email accounts.
I use Vivaldi for my browser, locked down, adless, fast, no instance of edge anywhere in my build.
I don’t use ANY MS Store apps.
My workstation life is free of pop ups, 100% stable, and the OS works for me. The OS is NOT a way of life, its just an OS, there to make it possible for me to use the applications I install.
The OS is not supposed to pass along to third parties my likes and dislikes or my habits.
The OS is not supposed to relay any of my life to anyone.
for those interested I also have full privacy, there are several reliable things you can do to get there, including GP settings, browser settings, host file (my host file is 3 MB of blocks).
So…
… how deep do you want to go?
Bare in mind I do all my office stuff, CNN research, and gaming on this PC without the OS issues that plague others.
I also hold records with Gravitymark, and lots of game benchmarks where this PC is #1. I’m banned from 3dMark because I almost double the next highest score, and “someone” complained. Yet, I don’t overclock. I turn my PC on and Off as needed, and has a purpose other than benchmarks.
Kingpin can stick it. – All that cryogen, and just does not know how to set up a PC… At the end of the day my quiet air cooled rig does CNN, training databases, games, email and pivot tables ---- his PC, motherboard, or video card is dead and goes in the trash from all the hot cold expansion.
So I’m on DATA CENTER 2022 and 2025, and no automatic updates.
You may take my comments with any seasoning you want, but I firmly stand that the OS works for ME and not for Microsoft.
I have a similar view… do I like MS, no. Is Windows either the only or by far the easiest way to run most of the software I want to run, yes.
Using a tool like the one suggested by @MisteryAngel to disable updates rather than rolling your own solution is preferred because of the (often times infuriating) ongoing battle between MS and users. As users find new ways to disable updates MS is constantly finding new ways circumvent them. When your method breaks (which is likely what prompted this thread) it’s just a lot easier to go run the latest version of a tool that disables updates rather than having to figure out how MS has thwarted your efforts.
If you insist on doing everything manually then I’d suggest digging through the source of these tools to find out what they’re doing that you’re not.
While I appreciate it, this is not what I was asking for. I am looking for a way to make my current install of Win11 tolerable.
It’s starting to sound like there ain’t no way and I should just get off my ass and either revert to Win10 LTSC or Server 22