Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, October 4, 2019 9:11 PM
How do I disable Widows updates on Windows 10 - 1809 and or 1903 on a Citrix VDI environment. I have a client ever since they setup their Citrix VDI environment Windows updates kicks off randomly on all the VDI desktop at the same time taking down their Internet bandwidth because all 80 to 90 desktop are attempting to update from Microsoft. The VDI are non persistent so they don't need to be updated since after every reboot or log off they receive a brand new image.
The frustrating part with the whole Windows Updates debacle is that Microsoft choose to re-enable the Windows updates and Medic server even if they had it disabled manually or via Group Policy.
I would like to know how do I resolve this issue.
They are also attempting to block the Windows update sites via Firewall access rules for the specific VDI VLAN network. I would like a list of the Windows Websites as well.
Any help is greatly appreciated
Note: This issue began after Microsoft introduced the Windows Medic service and that is how it is able to make sure all computers receives Windows updates.
All replies (5)
Friday, October 4, 2019 9:34 PM
Hi,
I think if you disable the Windows Update service the client doesn't receive more software updates from Internet.
Refer also to this: https://www.easeus.com/todo-backup-resource/how-to-stop-windows-10-from-automatically-update.html
Following the Windows Update sites:
- http://windowsupdate.microsoft.com
- http://*.windowsupdate.microsoft.com
- https://*.windowsupdate.microsoft.com
- http://*.update.microsoft.com
- https://*.update.microsoft.com
- http://*.windowsupdate.com
- http://download.windowsupdate.com
- http://download.microsoft.com
- http://*.download.windowsupdate.com
- http://test.stats.update.microsoft.com
- http://ntservicepack.microsoft.com
If you have also a Firewall device between your VDI and the Internet, you can set policy to block Internet access for VLAN of non-persistent VDI.
Regards,
SAAD Youssef
______
Please remember to mark the replies as answer if they help, thank you!
Friday, October 4, 2019 10:06 PM
thank you; I will work with the client on Monday to attempt your suggestion. Much appreciated. Nelson
Monday, October 7, 2019 8:32 AM
Hi,
There is a 2nd Windows update service that you have to disable along with the normal Windows Update service in your master image. It's called the Windows Update Medic service or something like that. Check this out - https://social.technet.microsoft.com/Forums/en-US/8706fda2-f7cd-4dab-814b-72283b17c423/how-to-disable-windows-update-medic-service?forum=win10itprogeneral
When it's update time we just re-enable both services, update, reboot, and re-disable them in the master image.
Hope can help you.
Have a nice day!
Best regards,
Kiki Shi
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, October 7, 2019 2:28 PM
We have done that, but after a couple of weeks or a few days or if Microsoft pushes out updates then the medic service is re-initialized and the VDI computers will begin attempting to retrieve updates from Microsoft. Check this article out... what actually happens and hence the issue my client is experiencing.
https://www.thewindowsclub.com/windows-update-medic-service
What is the Windows Update Medic Service (WaaSMedicSVC) in Windows 10? Why do you get Access is Denied message when you try to disable it? How can you disable Windows Update Medic Service? This post tries to answer these questions.
Windows Update Medic Service
The Windows Update Medic Service is a new Windows Service introduced in Windows 10. This Service has been introduced to repair Windows Update components from damage so that the computer can continue to receive updates.
Windows Update Medic Service (WaaSMedicSVC) enables remediation and protection of Windows Update components. This means that even if you disable Windows Update related Services, this service will at some point in time re-enable them.
SIH client in Windows 10
Windows 10 schedules a task in the Task Scheduler. This daily task launches the SIH client to detect and fix system components that are vital to automatic updating of Windows and Microsoft software installed on the machine. This task can go online, evaluate the applicability of healing actions, download necessary payloads to execute the actions and execute healing actions. On my PC it gets triggered every 20 hours. The SIH in SIHClient.exe presumably stands for Service Initiated Healing.
Other notes:
- Its related SIHClient.exe, WaaSMedic.exe, WaaSMedicSvc.dll and WaaSMedicPS.dll files are found in the Windows\System32 folder
- Its dependencies are Remote Procedure Call (RPC)
- It maintains its log file in C:\Windows\Logs\waasmedic folder
- This Service has been configured to start in the Manual startup mode.
Tuesday, October 8, 2019 3:26 AM
Hi,
I am very glad to hear that this problem has been solved. Thank you for sharing. We are very grateful for your time and effort.
Please mark a helpful reply as answer, this behavior can let other forum user get useful information.
Thanks.
Have a nice day!
Best regards,
Kiki Shi
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].