I'd like something to organize cables / plugs / maybe pens for the techonaut 45. Is there a recommended thing, maybe something that can hook to the inside of it, or even go into one of the side pockets?
My bag for years has been the brain bag, which has three moderately spacious pockets which have made organizing pretty simple, and I'd like something that serves as the equivalent for my techonaut 45.
I need to disable automatic updates on a W11 Home laptop. This is a tech question, not some opportunity to indulge in some paternalistic preaching, none of which is topical.
The easiest thing is to update it to W11 Pro, which fully supports disabling the automatic update feature. But in this case, I'm not doing that- I'm disabling it on Windows 11 Home.
There's solid ways to disable this via third party tools- there's a "Windows Update Blocker" that is some compiled binary that everyone seems to like, and there is also a "Windows Update Disabler" on github which is a batch file, and thus can be followed along with. But I don't want to use a third party tool for this if I don't have to.
Mostly, I'm looking for anything I've missed that will surprise me in a week or something.
There are four villains at work here: The "Windows Update" service itself, "Update Orchestrator", a close cohort in crime, WaaMedicSvc, a service that seems entirely focused around undoing user action, and "Task Scheduler", which provides a large number of other events that can turn on Windows Update when they occur.
(1)- The way I did it requires a Microsoft program, "PsExec.exe", which is not included in Windows. This program lets you easily run stuff as root (in Windows, admin is a gimped root):
https://learn.microsoft.com/en-us/sysinternals/downloads/psexec
I can find people who recommend script snippets to achieve this task, but I didn't really understand them so I went with the Microsoft solution for this.
(2)- Launch services.msc as admin and go to Windows Update. Stop it and set it to "disabled". Then go to Update Orchestrator. Stop it and set it to "disabled".
Monitor services.msc to see if Windows Update is reenabled periodically.
(3)- Launch regedit as admin. We're going to disabled the "Medic service" which will otherwise undo all our good work.
Go to:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc
Change "Start" to 4. This means "disabled". The other values seem to turn it on, and the default is 3.
The WaaSMedicSvc has a subkey named "Parameters". Go to this and look for key "ServiceDll". Modify this to add ".OFF" to the end- what you change doesn't matter, as long as it no longer points to the real DLL, and it is obvious how to change it back to you later.
(4)- Set registry values for Windows Update and prevent the TrustedInstaller root role from reenabling them. This is allegedly of concern and is something to be blocked.
Go to
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\
Right click wuaserve in the list of key on the left, and select "Permissions". Hit "Advanced". Press "Add". The top option is "Select a Principal", pick that. Into the text field, paste in:
NT SERVICE\TrustedInstaller
Then hit "Ok". Now change the type to "deny", then in the main pain select "Show Advanced Permissions". Uncheck "Full Control", "Query Value", "Enumerate Subkeys", "Notify", and "Read Control". Leave the rest checked. Click Ok on all the boxes until you are back in regular regedit.
Under this registry location, three should already be the key "Start" at 4.
It also has a "Parameters" subkey; change its ServiceDll key to something similar to the above, such as adding ".OFF" to it.
(5)- Long before the Era Of Peasant Crushing, Microsoft had a simple switch for this, that is still periodically respected.
Go to:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
Create DWORD named NoAutoUpdate and assign value 1
I don't think this one needs to be locked with permissions- I think a lot of the time this can be ignored. I still see it recommended online though, so maybe there's some run case it prevents.
(6)- Run task scheduler with root permissions. You will need to do this with Microsoft's PsExec.exe. First, open a terminal as administrator, then run mmc pointed at taschsch.msc using psexec.
In this example, I assume your Windows username is Clippy and you put everything into the "pstools" directory, adjust as needed:
C:\Users\clippy\pstools\psexec -i -s mmc /s C:Windows\System32\taskschd.msc
Without this trick, you won't be able to disable any of the scheduled tasks, all of which mean "ignore everything and run Windows update". You can also find some other way to run task scheduler with the correct power without this Microsoft-provided (but not inbuilt) binary.
Go to each of the following locations on the left, and when you select each one, you will have one or more "scheduled tasks" on the right. You will need to disable each and every task by clicking the "Disable" button on the far right.
Microsoft/Windows/UpdateOrchestrator
Microsoft/Windows/WaasMedic
Microsoft/Windows/WindowsUpdate
Microsoft/Windows/InstallService
I think this is enough, but I found complaints from people claiming that the ScheduleScan xml file was being repopulated by something. I think this may be a home-specific shenanigan, or maybe it doesn't happen all the time. But it can be locked such that Windows can't populate it.
(optional 7)- Browse to:
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator
Rename ScheduleScan to something else, such as ScheduleScan.OFF (you may need to "take ownership" of this first- I did not, but I saw it mentioned online)
Then create a new empty file named ScheduleScan. Right click it, hit properties properties -> security
Change SYSTEM, LOCAL SERVICE and NETWORK SERVICE to "DENY" by hitting "Edit" and selecting each of them and setting them to "DENY".
Then hit "Advanced"
Because you just created it, it should be owned by your admin user.
Now hit "Add". This lets us Add a user, hit "Select Principle" and in the text bar paste in:
NT SERVICE\TrustedInstaller
Then hit "add"
Then edit trusted installer in the list, and select "Deny" at the top. Then hit "show advanced permissions".
This should be:
Unchecked- Full Control, List Folder / Read Data, Read Attributes, Read Extended Attributes, Read Permissions.
The others should be checked (and therefore blocked)
This (possibly unneeded) step should prevent the ScheduleScan from getting populated with XML data that then again triggers events that reenable WindowsUpdate.
Ok, is it gonna turn itself back on in seven days? Is there an even supererer more ultimate layer to this game?