It's time to make sure your computer is locked down. If history is any indication, we're going to be in for a rocky ride over the next week or two.
In September, folks who were set to update Windows automatically were greeted by Word docs and Excel spreadsheets that wouldn’t display merged cells, switched languages and intentionally broke one-click printing on custom forms. In October, admins who let patches go through automatically were greeted by oceans of blue screens and failures in Microsoft’s own Dynamics CRM. Last month, every version of Windows was hit with a patching bug that blocked Epson dot matrix printers — and those who had told Win10 Creators Update to wait to upgrade found themselves “accidentally” upgraded to Win10 Fall Creators Update, version 1709.
Microsoft has enlisted a new patch QA team. Maybe it’s the old team: The masses of people who still let Microsoft update their computers automatically.
Tomorrow, we should see a dozen or more security patches for Windows and Office. You don’t need any of them right away. If there’s an unholy security breach, we’ll sound the alarm right here, loud and clear.
As I’ve argued many times before, it just makes sense to hold off on installing Windows and Office updates until the major first-round bugs get shaken out. Let the unpaid beta testers sacrifice their machines first.
If your PC is attached to a Windows Update server, buy your admin a cup o’ coffee and gently make sure he or she doesn’t have WSUS or SCCM set to automatically approve updates as soon as Microsoft dishes them out.
If you’re running Win7 or 8.1, the method for blocking updates isn’t difficult. See AKB1000004: Disable Automatic Update in Vista, Win7 or 8.1 on the AskWoody site.
If you’re running Windows 10 Pro Creators Update (version 1703) or Fall Creators Update (1709), the method’s even easier: telling Auto Update to back off just takes a couple of clicks. See Steps 7 and 8 in 8 steps to install Windows 10 patches like a pro.
But if you have any other version of Win10, you aren’t so lucky. Win10 Home users, and those with earlier versions of Pro, are considered fair game in the unpaid beta-testing ring. To protect yourself, follow the nostrums in Woody's Win10Tip: Block forced Windows updates.
Take a minute right now and make sure Automatic Update is turned off. Then follow along here at Computerworld, or on your favorite Windows bug-reporting site, to see what the beta testers have to say. Yes, you need to patch. No, you don't need to slavishly follow Microsoft's timetable.
I’ve set the MS-DEFCON level to 2 on AskWoody.com.
That is one of the advantages to the "Pro" edition of Windows 10. It is simple to defer any updates for a period of time "although not forever". I haven't had too many issues with the updates themselves, mostly just the update process occurring while I am doing something else and bogging down the system or triggering restarts. With the deferred updates, I at least get to chose when they happen which leads to a lot less anguish.
tenforums.com has Tuts. on modifying those update/restart/maintenance options.
Where possible, gpedit options are more permanent.