Discussion in 'Business & Enterprise Computing' started by PabloEscobar, Dec 11, 2014.
Got hit by this, any fix yet?
Yeah remove the offending update
Microsoft has pulled the update
Haha didn't even cross my mind
Only one person anyway... Thanks.
Been dealing with this across a few of Outlook 2010 clients safe mode forced on yesterday and today.
Uninstall of the update is the only fix, or you can use an msiexec script:
You would think they would release a new update to fix it instead.
So I've not seen anything indicating any problems with Jan 2016 patches, so the've got that going for them...
GWX is being pushed to domain joined computers that aren't managed by WSUS.
We've got a few road warriors configured to go direct to Microsoft for updates, because they aren't on the network enough for WSUS to be reliable. So it looks like I'll be shifting my WSUS to the DMZ, and letting computers on the wild internet suck on its bountiful teat.
you can still have them report to WSUS but download from MS can't you?
Fuck we're going to make a shitload of money out of this.
I don't want to. But goddammit.
You can, but for road warriors, we still get the same issue.
If a computer doesn't report into WSUS, it doesn't know that updates are available, which leaves our MOST vulnerable devices unpatched. So as a lesser of two evils approach, Microsoft managed updates it is.
I'm interested to see what happens WRT some 3rd party RMM tools, and what updates they start presenting.
Do you have your 'managed' desktops on any sort of central system? or as an MSP, do you make more money fixing the same problem at 80 clients, rather than fixing it once for all 80?
yea GWX is horrid.
all i could do is uninstall KB3035583 then apply a reg patch
I had a doc that had a lot more 'long workarounds' to get rid of the shit, but the above just ensures the GUI of it and tray and stuff will not run.
December 2015 not 16
January 2016 actually
The thing to remember is we *really* aren't an MSP by capital city standards.
98% of our client base use us ad-hoc. Now they may talk to us multiple times per week - but its still ad-hoc. We don't have a support agreement in place with them (most of the time, they don't want one - because they get same day service anyway).
We have Teamviewer (ugh - but cutting ~1100 endpoints across 200-odd clients just sounds/feels like a nightmare) on probably 65-70% of the endpoints we look at - but thats about it.
Given that none of the clients are "interconnected", and pretty much most aren't "the same" - its quite difficult to roll out a fix to all.
We're struggling hard with the combo of SBS/WSUS, Outlook 2010 and that stupid fucking Safe mode patch. Clients don't pay us to maintain their WSUS, as such the DB cleanup hasn't been run in months/years, as such for a lot of them it just never works. We can't clean up the DB to remove the offending broken KB - and thus WSUS thinks it still has the patch, and thus it doesn't download the fixed KB (that has the same number).
So we're actually staring at about 5 clients who need a repair WSUS install. Its aids.
At any rate - when Win10 was pushed out to our non-domain clients, we made a fair packet from fixing broken upgrades, or reverting upgrades that didn't have LOB app support.
We send out client-wide emails saying "talk to us before you click yis upgrade", but that has probably a 20-30% penetration rate.
What's stopping you just sticking a WSUS server in Azure, roll out the group policy (or regedit for those off-domain) to point clients to it, and handle update management that way for your clients?
WSUS is honey-badger like in who it will serve updates to? You wouldn't be dealing with dodgy Outlook safe-mode patches, and none of your clients would be pestered to update to Win 10.
The only downside is that its overhead for you, and you wouldn't see a return on it, because its mostly invisible plus, you'd miss all the sweet sweet break-fix cash that you get from dodgy patches.
Pretty much that they won't pay for it tbh - I mean I could host it with us with no issues either.
What stops you from doing it with your road warriors?
Sweet Sweet Break-fix dollary is nice - but tbh, I hate revenue that happens because $vendor pushed shit.
I actually give a shit and want users to have a great experience where possible - and I want them to be spending their $ITBucks on stuff that improves things.
MS and Samba have generally always worked reasonably well. I mean that was the whole damned point of Samba.
If you're doing something fancy like Samba4 "AD" domains, then well YMMV.
But I'm running 10 connected to Samba using SMB3.1 - and at work we run 10 on a 2008r2 Functional domain connecting to FreeNAS 9.3-stable using SMB3.1
So it probably works fine.
It was proposed as a solution when it was raised, The risks (exposing my WSUS to the world) outweighed the rewards.
If WSUS looked anything like a mature, completed product, It would probably be out there, but as its not *normally* internet facing, I don't imagine it has been under the microscope as far as vulnerability testing goes. I know there are a number of attacks that involve getting untrusted software onto the WSUS server, and having it push those down to clients.
But now, with MS delivering GWX from it's update service, the rewards (not having an unwanted Win10 upgrade) are starting to look a bit better when compared against the risks.
But only VERY tangentially relevant to this thread, If you want to talk about Samba and Win10, go for it... but go for it somewhere else.
I think Windows Installer/Update runs as System.
You aren't stopping it.
You don't need admin rights to apply updates - and the 10 upgrade definitely runs through without elevation.
As far as 10 and Businesses are concerned.
It works fine. What doesn't work is that a whole bunch of traditional software vendors are shit and still can't get their crap to work on 10 yet.
Yes MYOB. Thats you. Fix your shit.
Sure you can. Create the folder yourself, set deny permissions for system and trusted installer. Same way I've killed the GWX thing on my system.
How's february looking for everyone? I'm just about to deploy to my pilot group.