1. OCAU Merchandise is available! Check out our 20th Anniversary Mugs, Classic Logo Shirts and much more! Discussion in this thread.
    Dismiss Notice

Windows Updates Thread - August 2019 - Patch Yo Shizzle

Discussion in 'Business & Enterprise Computing' started by PabloEscobar, Dec 11, 2014.

  1. power

    power Member

    Joined:
    Apr 20, 2002
    Messages:
    68,335
    Location:
    brisbane
  2. qwertylesh

    qwertylesh Member

    Joined:
    Aug 21, 2007
    Messages:
    9,106
    im seriously getting sick of this shit.

    I have an 8.1 image to manage and i have already removed/hid 6 updates.

    I have 25 optional updates to sort through.. then I have to go to my WSUS and pick out and disable all the same fucken updates so they dont apply after deployment. :thumbdn: :sick:
     
  3. Myne_h

    Myne_h Member

    Joined:
    Feb 27, 2002
    Messages:
    11,518
    Just remove all permissions from the upgrade folder.

    ~winsomething.bt

    So much easier than playing cat and mouse.
     
  4. qwertylesh

    qwertylesh Member

    Joined:
    Aug 21, 2007
    Messages:
    9,106
    just hid these from the non WSUS instance, and declining them on my WSUS server.

    that paired with the noGWX reg key is proving good enough.
     
  5. OP
    OP
    PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,678
    There is nothing ulterior about it. Microsoft want as many devices on their "universal" platform as possible. The tin-foil hat brigade have some valid concerns over the telemetry, but I don't see MS caring overly much about that at the moment, They Just need to hit a critical mass of users/devices for the universal platform to try and drag developers (who have left for green more mobile platforms) back into the windows fold.

    I'm not sure the 'clean install or no install' advice holds water any more. I've updated a stack of varying Windows 7 desktops and laptops to 10 without any problems.
     
  6. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,610
    Location:
    Brisbane
    In terms of "in the wild" desktops. we have about a 60% success rate of inplace upgrade from 7 to 10.

    About 90% success rate for 8/8.1 to 10.

    What issues do you see?

    "Weird shit" (tm).
     
  7. EvilGenius

    EvilGenius Member

    Joined:
    Apr 26, 2005
    Messages:
    10,934
    Location:
    elsewhere
    Fun gotcha I had which shouldn't affect anyone using best practices. If you don't have a local admin account, or only have the built in Administrator account, win10 upgrade disables it and won't give you any access to domain admin accounts to log into. So you're left with an install you can't login with.
     
  8. tin

    tin Member

    Joined:
    Jul 31, 2001
    Messages:
    6,421
    Location:
    Narrabri NSW
    I hope you already know this, but you start up from a live CD or similar, make a backup of utilman.exe and replace it with cmd.exe... Then start up as normal, click the accessibility button and use the command prompt to reactivate the account (or make a new one, or whatever you need). Works on 8 and 10.


    Edit: Also, MYOB 2015 breaks with KB3135996. Uninstall the update and all is well. At least on the box I just tried it on. Got another customer to move onto now with the same problem, and then any of our own PCs that it's broken (our Windows 10 POS box is going OK, so I'm not in a hurry here).
     
    Last edited: Mar 10, 2016
  9. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,610
    Location:
    Brisbane
    You're a top bloke.

    Heard about this yesterday. Didn't have time to work out which update it was.

    Looking to be dealing with signed XML's in .NET.
     
  10. Daemon

    Daemon Member

    Joined:
    Jun 27, 2001
    Messages:
    5,474
    Location:
    qld.au
    FTFY

    It seems 2016 is going to be the lack of QA year by the looks of things...
     
  11. OP
    OP
    PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,678
  12. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,610
    Location:
    Brisbane
  13. mr_death44

    mr_death44 Member

    Joined:
    Apr 5, 2005
    Messages:
    366
    Location:
    Melbourne
    Confirming:KB3140745 & KB3140768 breaking MYOB on win 10, even with rollback of those two it's still borked... fml
     
  14. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,610
    Location:
    Brisbane
    My tech guys have confirmed its not the client side that matters - its whatever is hosting the network library.

    MYOB advised updates to remove;

     
    Last edited: Mar 10, 2016
  15. rainwulf

    rainwulf Member

    Joined:
    Jan 20, 2002
    Messages:
    4,275
    Location:
    bris.qld.aus
    Weird shit exactly. The number 1 issue i see with 7 to 10 ugprades is printers, then networking. Just bizarre networking issues. Had a machine that could ping a printer, but couldn't print.

    It also could access machines via ip but not via name. It would fix itself randomly, and then do it again later. Put them back to my gold windows 7 install on a samsung evo SSD, and they have been nothing but happy. Got myself a litre of Grey Goose thanks to that :)
     
  16. tin

    tin Member

    Joined:
    Jul 31, 2001
    Messages:
    6,421
    Location:
    Narrabri NSW
    Yep - we only had to remove the one update I mentioned for the 3 servers it broke, but MYOB listed dozens. Not sure why some people needed to remove more. And yeah, just on the host box.
     
  17. OP
    OP
    PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,678
    For me, its not so much the patch notes, unless its a hotfix provided by support for a particular issue.

    I'd much prefer they up the QA game, AND PULL THE FUCKING PATCHES earlier if known issues are identified.

    and not reuse the same KB# when re-releasing the patches.


    What maintenance? You run Invoke-WsusServerCleanup with a few flags to do the regular maintenance, you use invoke-sql to run the TSQL provided to make the database play nice... yes, if its fucked, it takes a long time to clean up, (It's almost always quicker to rebuild).

    It doesn't need its own server, and uses fuck all resources - https://technet.microsoft.com/en-us/library/cc708483(v=ws.10).aspx




    How many companies are in your umbrella that don't patch Day 0... How many of them have been owned because of a delay in windows updates?

    How many of them patch Day 0, How much downtime have they had because Outlook will only open in safe mode, or Myob won't work?

    I'm not saying "I haven't been owned, so I'll never get owned", I am saying, that the business risk of Day 0 Patching, currently outweighs the risk and likelihood of being owned by waiting a fortnight.

    Make your WSUS server available on the internet, and have your managed clients group policy point to it :). (I'd be interesting in seeing if/how this works). Downstream WSUS servers for your clients if bandwidth is an issue, etc etc.

    I'm pretty guilty of "That issue won't exist in my environment, so I won't acknowledge it", and I can see how managing a large number of disparate WSUS servers would suck balls, and my awareness of SBS comes mostly from you're complaints on here about it and some prior experience with SBS2K3 back in the day...


    If you're investing in an RMM, you aren't really comparing apples and apples. You could invest similar time into WSUS for a similar outcome.
     
  18. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,610
    Location:
    Brisbane
    This is pretty much issue number 1. Mostly because they didn't use to do this.

    Agree on the rebuild.

    my experience on SBS is different - particularly as the WID gets full.

    Touch wood - no-one has been owned.

    Our stuff comes in waves. Basically a whole bunch of clients won't notice or ignore it (e.g outlook safe mode) - typically we get one at Day 0 (Wed Afternoon / Thurs morning). Then more flow in over the following day etc.

    Honestly actual impact of Day 0 is still less than the risk factor of not.


    far less benefit tho
     
  19. OP
    OP
    PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,678
    you have customers that patch, and are impacted
    you have customers that don't patch, and aren't impacted.

    yet you conclude that the impact of patching is less than of not patching.
     
  20. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,610
    Location:
    Brisbane
    I've had clients 0wned by RDP exploits before.

    And I'd much rather people patch and have issues - than blur the conversation and have them think that they should not patch - when really i meant they should patch, but sometimes patches are broken and so you should probably wait a bit to see if the intertron blows up about said patch.
     

Share This Page

Advertisement: