What's a Reasonable Windows Update Strategy Going Forward?

[jonah8208]

I need an update strategy for my games box I don't really know which way to go here.

 

I have 1 Windows 10 box specifically built to run VR Games on Occulus Rift. I don't have the VR Headset yet but I should get mine soon as a funder of the hardware. Anyway I have set up the Win10 box and removed all the Metro Apps and disabled the phone home stuff as per Noel's posts pretty much. I have installed and got the my Elite Dangerous profile running in 2D for now and got all the Saitek controller drivers running fine, so apart from the VR headset I am good to go.

 

This box does nothing else but Games, no email, no photo editing - nothing and has its own internet connection (shared with the TV and Sat Box) separate from the general PC connection on a different line so it does not have any AV or Firewall running.

 

Therefore do I disable Windows Updates completely and just install hardware drivers manually as required or allow Windows updates to run and possibly (probably) cause havoc?

 

??

[NoelC]

Well, since it's Win 10 you're talking about the system updates are cumulative - meaning pretty much all or nothing (excluding the drivers).

 

Generally speaking, I say "if it works don't fix it" regarding drivers, but there are reasons to make exceptions, especially if your hardware is cutting edge and you get new games.

 

I'd definitely suggest reading this site (and especially pay attention to his "MS-DEFCON" level) before deciding to go ahead with any Windows Updates: http://www.askwoody.com/

 

Some key things to keep in mind:

• You can run the Local Group Policy Editor (gpedit.msc) and set the Computer Configuration > Administrative Templates > Windows Components > Windows Update - Configure Automatic Updates policy entry to Disabled.  This will cause Windows to wait for you to press a button before updating.
   
• If you Disable the Windows Update service (e.g., via Services.msc or an SC command), you are further assuring that Windows will not update on its own.
   
• The Windows Update Hiding tool (KB3073930) can be used to check for available updates without giving the go ahead to install them.

Knowing this, a strategy to consider might be:

• Set your system's policy to require your approval before installing updates, but beyond that also leave the Windows Update service (wuauserv) configured to Disabled.  Windows Defender will do its own updates if you do this.
   
• Then occasionally, only when you're ready to deal with the potential problems an update might bring, you can set the service to Manual, start it, then immediately set it back to Disabled.  The service will keep running, but will not start itself again until you initiate it.
   
• Once wuauserv has been started, first use the Windows Update Hiding tool (KB3073930) to check for the available updates.  This will tell you about any available cumulative updates and also hardware driver updates and allow you to hide them if you've read about problems.  Research them.
   
• Then, assuming you've reviewed the list and are ready to actually install the updates, initiate the actual Windows Update via the Settings > Update & Security > [ Check for updates ] button.
   
• Do the reboot if needed (they usually seem to), and do your testing.  If something goes wrong, you can uninstall the update via the View installed updates control panel entry.  Maybe you'll want to hide it next time.

 

Note that this is NOT a "set it and forget it" strategy.  If you don't do anything, Windows won't update.  You have to be willing to occasionally reconfigure the Windows Update service and initiate the check for updates.  But it puts you in as much control as is possible with Windows 10.

 

-Noel

Edited February 22, 2016 by NoelC

[jonah8208]

OK thanks for that Noel I have just done all the above and checked it. I will check the updates when I do all the Win7 machines once a month. I was concerned Win10 would be unstable if I turned off updates, but the checking them / fixing it after installation has been very tedious with my test machine so I wanted to avoid the same problems on this VR box. It has been a real pain to set up without Win Updates automatically borking my drivers. Thank god its not a business production machine huh!

[Stefan43]

At the moment, I am using Windows 10 build 10240, 10240.16854 to be exact, which was released last week. On my system, it runs pretty stable, and I am not thinking about upgrading to 10586.318 anytime soon, because it works the same as an upgrade from Windows 8.1 to Windows 10. After such an upgrade, I like to reinstall the OS, which I am not going to do, because it requires much tweaking. But I wonder, for how long 10240 is going to get security updates.

[NoelC]

The game is changing as we watch. 

Microsoft has now announced what are essentially service packs for older systems.  Rolled-up updates that contain many of the things that people have been avoiding installing individually.

I haven't yet had time to study these new bundles, but it's almost certain they'll include things I don't really want running.

Given recent observed behavior by Microsoft that continues to push the envelope past all semblance of reason, now may be the time to just leave the Windows Update service off.  That would certainly simplify life, and may even be viable for another year or two.  Then...  ??

Windows Update was reasonable when Microsoft was a good partner.  Perhaps even necessary in order to agree to run an operating system that was quite flawed out of the box.  Now, Windows Update is becoming almost purely a liability.

-Noel

[Stefan43]

Yes, telemetry updates are included in the update rollup, which I don't want running on my system. For older systems, Windows 7 is still the most used OS, so I think most programs wil keep supporting Windows 7, and also Windows 8.1 for a few years. I don't think all Win32 apps are replaced by UWP apps anytime soon. Did Microsoft also release an update rollup for Windows 8.1?

Edited May 18, 2016 by Stefan43

[NoelC]

>Did Microsoft also release an update rollup for Windows 8.1?

According to Woody, yes.  I haven't done my own experiments yet.

http://www.infoworld.com/article/3071689/microsoft-windows/new-windows-7-and-81-patches-usher-in-the-future-of-rollup-updating.html

There is the small possibility that even with the telemetry updates in place the traffic can be stopped.  I also have yet to go through this page to see what if anything might apply to the older systems:

https://technet.microsoft.com/en-us/itpro/windows/manage/configure-windows-10-devices-to-stop-data-flow-to-microsoft

-Noel

Edited May 18, 2016 by NoelC

[Stefan43]

The convenience update is only for Windows 7 and Windows Server 2008 R2, and from now on, Microsoft is going to release update rollups each month which includes the non-security updates. These update rollups will be available for Windows 7 and Windows 8.1.

[NoelC]

OK, thanks for the clarification.

It strikes me that Microsoft ultimately packaging groups of updates together is akin to bringing "cumulative updates" to the older systems.  This could be a Big Deal.  It could mean no less than a re-evaluation of one's entire update strategy.

I really need to do some my own research before commenting more.  Time is always so short...

-Noel