Last updated 24FEB2016
This is version 4 of my scripts to remove and block Windows 10 updates and related telemetry.
I’ve seen multiple posts at websites and forums telling folks how to deal with GWX. Most of them either don’t go far enough, or usually, they go way too far and break stuff.
This applies to Windows 7 ONLY.
Why Windows 7 only? I wrote this for my own use. My personal view is that I can’t understand why anyone would replace Windows 7 with Windows 10. On the other hand, the only trace of Windows 8 I have left is one a virtual machine.
If you want an easy to use program see: GWX Control Panel
Since it has become obvious that this will be a running battle with Microsoft I’ve decided to make this page the permanent place to these scripts rather than a new post every time I update it.
You’ll need to check back here monthly for updates as Microsoft keeps re-releasing updates that in effect unhides them.
You’ll also want to keep the script handy and rerun it monthly for the same reason.
Thanks to:
Though info on all this stuff has come from dozens of sources, much of this info has come from the MDL forums.
In particular this thread: Remove Telemetry and Windows 10 Related Updates from Windows 7
This is the final version of this article (the original now points back here) unless something new pops up. It is lighter than previous versions.
Download my batch file: http://www.tweakhound.com/files/block_GWX_V6.zip
Inspiration for this came from a variety of sources but started HERE.
There is NO SUPPORT for this. You get what you pay for 😉
This folder contains:
BlockGWXetcFINAL.bat – Removes and Hides GWX related updates like in step 2 above.
HideGWXetc.vbs – Automatically run by the above .bat files. This hides the updates the batch file uninstalled.
README.txt – Instructions
th_add_CMDandTO.reg – Adds open command windows here (standard and admin) ,and Take Ownership to right-click.
DisableAutoWinUp.reg – Sets Windows Update to “Never check for updates” and UNCHECKS “Give me recommended updates the same way I receive important updates.”
DisableAutoWinUpButCheck.reg – Next Set Windows Update to:
“Check for updates but let me choose whether to download and install them” and UNCHECKS “Give me recommended updates the same way I receive important updates.”
DisableOsUpgradeGpedit.reg – Sets Group Policy to “Turn off the upgrade to the latest version of Windows through Windows Update”
The .bat file and the .vbs files MUST be in the same folder!
(code is listed below)
To do this:
Either right-click the folder and choose Open Command Window Here as Administrator.
In the resulting command window type BlockGWXetcFINAL.bat and hit enter.
OR
right-click the BlockGWXetcFINAL.bat file (see above) and choose Run as Administrator.
If you do not have these right-click options, double-click in included th_add_CMDandTO.reg file and logout/reboot.
Let it run, when the .bat file runs HideGWXetc.vbs it will take a while.
It may look like things have stopped, they haven’t.
DO NOT CLOSE WINDOW UNTIL YOU SEE: ” – Finished … All operations complete. Reboot now. Press any key to continue . . .”
Code for batch files:
:: BlockGWXetcFINAL.bat
:: This must be run as admin.
:: By TweakHound (https://www.tweakhound.com)I blatently copied pieces of script from varoius sources.
:: Uninstalls Win10 GWX and related updates from Windows 7 ONLY.
:: Last updated 24FEB2016
:: Other scripts floating around are either incorrect or WILL break Windows Update.
:: The level of support you will receive is equal to the amount you paid for this ;-)
ECHO OFF
SETLOCAL
REM --- Stopping GWX processes...
echo stopping GWX.exe
taskkill /f /t /im gwx.exe
timeout 10
REM --- uninstall updates
echo uninstalling KB2952664
start "title" /b /wait wusa.exe /kb:2952664 /uninstall /quiet /norestart
echo done, uninstalling KB2977759
start "title" /b /wait wusa.exe /kb:2977759 /uninstall /quiet /norestart
echo done, uninstalling KB3021917
start "title" /b /wait wusa.exe /kb:3021917 /uninstall /quiet /norestart
echo done, uninstalling KB3035583
start "title" /b /wait wusa.exe /kb:3035583 /uninstall /quiet /norestart
echo done, uninstalling KB3068708
start "title" /b /wait wusa.exe /kb:3068708 /uninstall /quiet /norestart
echo done, uninstalling KB3075249
start "title" /b /wait wusa.exe /kb:3075249 /uninstall /quiet /norestart
echo done, uninstalling KB3080149
start "title" /b /wait wusa.exe /kb:3080149 /uninstall /quiet /norestart
echo done
echo next, removing left over folders...
timeout 5
REM --- delete folders
takeown /f C:\Windows\System32\GWX /r /d y
icacls C:\Windows\System32\GWX /grant administrators:F /t
rmdir /s /q C:\Windows\System32\GWX\
timeout 5
takeown /f %localappdata%\GWX /r /d y
icacls %localappdata%\GWX /grant administrators:F /t
rmdir /s /q %localappdata%\GWX\
timeout 5
echo finished...waiting to block OS upgrades...
REM --- Block OS upgrade
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\GWX
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\GWX /v DisableGWX /t REG_DWORD /d 00000001
echo finished...waiting to hide these updates...
REM --- hide updates
echo ...
echo Hiding GWX related updates. Running HideGWXetc.vbs...
echo This may take a while.
echo DO NOT CLOSE WINDOW UNTIL YOU SEE: " - Finished ... All operations complete. Reboot now. Press any key to continue . . ."
start "title" /b /wait cscript.exe "%~dp0HideGWXetc.vbs" 2952664 2977759 3021917 3035583 3068708 3075249 3080149 3102810
echo - Finished
echo ... All operations complete. Reboot now.
pause
REM --- EOF
Code for HideGWXetc.vbs
Dim hideupdates(7)
hideupdates(0) = "KB2952664"
hideupdates(1) = "KB2977759"
hideupdates(2) = "KB3021917"
hideupdates(3) = "KB3035583"
hideupdates(4) = "KB3068708"
hideupdates(5) = "KB3075249"
hideupdates(6) = "KB3080149"
set updateSession = createObject("Microsoft.Update.Session")
set updateSearcher = updateSession.CreateupdateSearcher()
Set searchResult = updateSearcher.Search("IsInstalled=0 and Type='Software'")
For i = 0 To searchResult.Updates.Count-1
set update = searchResult.Updates.Item(i)
For j = LBound(hideupdates) To UBound(hideupdates)
'MsgBox hideupdates(j)
if instr(1, update.Title, hideupdates(j), vbTextCompare) = 0 then
'Wscript.echo "No match found for " & hideupdates(j)
else
Wscript.echo "Hiding updates..." & hideupdates(j)
update.IsHidden = True
end if
Next
Next
-END-
What how much more of this GWX in Win 7 cleanup crap do we have to endure?
I fear it will be a running battle through time.
It’s sad that we have to “disarm” our OS after we install it.
Still sticking with Windows, Eric? 😉
????????????????
Just got this a day or so ago in Windows Update:
KB3102812 (Windows 8) https://support.microsoft.com/en-us/kb/3102812
KB3102810 (Windows 7) https://support.microsoft.com/en-us/kb/3102810
Another Windows 10 nagware? Or am I just being pessimistic? 🙂
Well it does contain Wu.upgrade.ps.dll so my guess would be it does involve Win10.
In addition I checked DWS lite and it has been added to that.
I’ve hidden the update myself.
KB2952664 reinstalls itself at every boot, even when hidden and with the automatic updates disabled. Checked on two different win7 machines. What to do?
Haven’t seen or heard of that issue. Maybe try DWSlite? http://dws.wzor.net/
It’s discussed here: https://answers.microsoft.com/en-us/windows/forum/all/unable-to-uninstall-update-kb2952664/1c0e8b8a-c79b-4998-b6be-f8134cef4e82?auth=1
I don’t like third parties even if they’re open source, if the OS cannot be fixed without insane hacks I might as well forget it.
For now I’ve disabled the task scheduler – Microsoft – Windows – Application Experience – ProgramDataUpdater, which is the main spyware feature of that update (hoping THAT doesn’t re-activate as well 😉
I understand about the third party thing.
In case anyone’s interested, I managed removing it by doing this (from one of the suggestions in the link):
Elevated prompt:
Figure out the package names:
dism /online /get-packages | findstr KB2952664
Copy the shown package names into notepad and then remove one by one:
dism /online /remove-package /PackageName:Package_for_KB2952664~31bf3856ad364e35~amd64~~6.1.1.3
Outstanding!
Thank you for the information you posted above. It was very useful and was responsible for cleaningout the KB update files in Downloads. Thank you also for posting the program code. This is what I used because I could not get a good download from where I was located.
I came across this “critical update” from Microsoft, Vulnerability in Microsoft Font Driver Could Allow Remote Code Execution (3079904). On the page on which it appears they thoughtfully provided a workaround that didn’t actually work. I got an error message about me being the owner and the file could not be changed. Here is the link: https://support.microsoft.com/en-us/kb/3079904. The work around is for 64 bit system at this link:https://technet.microsoft.com/library/security/MS15-078 . Unfortunately the batch file provided doesn’t work as advertised. Basically what you are downloading it appears is a short program that changes the name of a file to prevent it from being used. I copied and pasted it below. It did not change the name of the file. Could that be because I am now the owner after running BlockGWXetcV3_FULL.bat? Eric, let me know if you want me to run the Microsoft file again and post the cmd window screen shot.
For 64-bit systems:
Enter the following commands at an administrative command prompt:
cd “%windir%\system32”
takeown.exe /f atmfd.dll
icacls.exe atmfd.dll /save atmfd.dll.acl
icacls.exe atmfd.dll /grant Administrators:(F)
rename atmfd.dll x-atmfd.dll
cd “%windir%\syswow64”
takeown.exe /f atmfd.dll
icacls.exe atmfd.dll /save atmfd.dll.acl
icacls.exe atmfd.dll /grant Administrators:(F)
rename atmfd.dll x-atmfd.dll
Restart the system.
To change the file name I changed the permissions for this one instance. It took a few tries to get the permission changed. Great website. I found your website from a link about MS Spyware in a New American article written by C. Mitchell Shaw.
Shoot me an email with a screenshot: https://www.tweakhound.com/about/contact/
Any idea if there are any newer ones to avoid
watch this thread: Remove Telemetry and Windows 10 Related Updates from Windows 7
Please note: If username has a space in it, this portion will fail and may cause unexpected consequences:
takeown /f %localappdata%\GWX /r /d y
icacls %localappdata%\GWX /grant administrators:F /t
rmdir /s /q %localappdata%\GWX\
timeout 5
Suggest replacing with:
if exist “%localappdata%\GWX” (
takeown /f “%localappdata%\GWX” /r /d y
icacls “%localappdata%\GWX” /grant administrators:F /t
rmdir /s /q “%localappdata%\GWX\”
timeout 5
)
the quotes will work with usernames containing spaces.
– Jonathan