Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Windows batch scripts for power users

windows_update_toggle.bat v10.1 final
~ one script to rule them all!
~ block build upgrades and/or automatic updates without breawking Store downloads and Defender protection updates
~ there is a lot of focus on Defender updates working independently, unlike any other updates "management" solution
~ ifeo safe blocking with no destructive changes of ownership, deleting files, removing tasks, or over-blocking
~ toggle everything from the Desktop right-click context menu!
but wait, there is more:
~ hide/unhide/install update lists with counter at the Desktop right-click context menu!

Previous update toggle batch suite scripts have been overwritten on pastebin, but will still be available here:
windows_update_reboot_toggle.bat to be updated!
~ just removes the update reboot protected scheduled task
windows_update_notifications_toggle.bat
~ just blocks updates from notifying and rebooting, everything else working
windows_update_installs_toggle.bat
~ blocks all updates from installing, with Store and Defender protection updates working
windows_update_downloads_toggle.bat
~ blocks all updates from even downloading, at the expense of breaking Defender protection updates (so getting an alternative AV is advised)
windows_update_service_toggle.bat
~ blocks wuauserv from even checking, at the expense of breaking both Store downloads and Defender protection updates (so getting an alternative AV is advised)

Added DefenderUpdate 4-hours scheduled task to all scripts - counter disabling automatic updates side effect

You can just run the respective script and forget about it, since it will add a convenient Desktop right-click context menu entry to toggle it further, with current status written right next to it. Preview

It's a given user has the responsibility to check for updates manually / re-enable automatic updates at a later time, so please don't spam about how this might be a bad idea in your view. This is about having a choice as a power user (that Microsoft has taken away) for fringe cases where automated forced update fails in a loop / incompatibility arises / simply user choice to not update at the moment.

Other batch scripts:

SpeculationControl.bat
~ Convenient batch wrapper around the official powershell script to advise about cpu vulnerabilities

esd_to_wim.bat
~ Windows Update ESD to WIM Setup [x86 or x64] - to be used with Microsoft Products.xml links

MediaCreationTool1709.bat
~ Get an iso / usb with 1709 rtm build via official MediaCreationTool.exe

MediaCreationTool_RS4.bat
~ Get an iso / usb with 1803 rtm build via official MediaCreationTool.exe

windows_x_bloat_subscribe_toggle.bat
~ Just a prevention, won't uninstall existing items ~ v3.0 applies for current user but also for new users created after running the script!

windows_x_pro_update_policy
~ Pro: Set to notify before download and prevent driver installs

disable_gamebarpresencewriter.bat
~ This won't disable the Win + G GameBar. Use Settings to do that. Might prevent some game stutters.

FreeStandbyMemory.bat v4 updated!
~ Will set a schedule every 5 minutes and will clear standby memory if free physical memory is under 512MB (can adjust)

@echo off &title Disable GamebarPresenceWriter - proper method
reg query "HKEY_USERS\S-1-5-20\Environment" /v TEMP >nul 2>nul || goto need_admin_rights
call :check_status
echo.
echo ---------------------------------------------------------------------
echo : Disable GamebarPresenceWriter v3.1 :
echo :---------------------------------------------------------------------:
echo : Runs even if Windows DVR is disabled, and can cause game stutters :
echo : This won't disable the Win + G GameBar. Use Settings to do that :
echo : Just run this script again to toggle on/off :
echo : :
echo : Currently: %STATUS%%_% :
echo : :
echo : Press Alt+F4 to cancel Always run latest version :
echo ---------------------------------------------------------------------
echo.
timeout /t 10 &echo.
set "acikey=Microsoft\WindowsRuntime\ActivatableClassId\Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter"
set "reg64=HKLM\SOFTWARE" &set "reg32=HKLM\SOFTWARE\WOW6432Node"
:: Use reg_takeownership snippet to unprotect GamebarPresenceWriter registry key
reg delete "%reg64%\%acikey%" /v "ActivationType" /f >nul 2>nul || call :reg_takeownership "%reg64%\%acikey%" "Administrators"
reg delete "%reg32%\%acikey%" /v "ActivationType" /f >nul 2>nul || call :reg_takeownership "%reg32%\%acikey%" "Administrators"
:: Toggle GamebarPresenceWriter activatable class id in the registry
if "%STATUS%"=="OFF" ( set "ActivationType=0x1" ) else set "ActivationType=0x0"
reg add "%reg64%\%acikey%" /v "ActivationType" /t REG_DWORD /d %ActivationType% /f >nul 2>nul
reg add "%reg32%\%acikey%" /v "ActivationType" /t REG_DWORD /d %ActivationType% /f >nul 2>nul
call :check_status
echo ActivationType = %ActivationType%
echo.
:: Done!
echo ------------------------------
if "%STATUS%"=="OFF" ( color 0c &echo GamebarPresenceWriter now: OFF ) else color 0b &echo GamebarPresenceWriter now: ON!
echo ------------------------------
echo.
pause
exit
::----------------------------------------------------------------------------------------------------------------------------------
:: Utility functions
::----------------------------------------------------------------------------------------------------------------------------------
:check_status
set "acikey=Microsoft\WindowsRuntime\ActivatableClassId\Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter"
call :reg_query "HKLM\SOFTWARE\%acikey%" "ActivationType" ActivationType
if "[%ActivationType%]"=="[0x0]" ( set "STATUS=OFF" ) else set "STATUS=ON!"
set "_= " &if "%STATUS%"=="OFF" ( color 0c ) else color 0b
exit/b
:reg_takeownership %1:regkey[ex:"HKCU\Console"] %2:_user[optional, default:"Administrators"] %3:_recursive[optional, default:""]
set "s10=$dll0='[DllImport(''ntdll.dll'')]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);'; $ntdll="
set "s11=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)};"
set "s12=function Reg_TakeOwnership { param($hive, $key, $own, $inherit=$false);"
set "s13= $reg=[Microsoft.Win32.Registry]::$hive.OpenSubKey($key,'ReadWriteSubTree','TakeOwnership');"
set "s14= $acl=New-Object System.Security.AccessControl.RegistrySecurity; $acl.SetOwner($own); $reg.SetAccessControl($acl);"
set "s15= $acl.SetAccessRuleProtection($false,$false);$reg.SetAccessControl($acl);"
set "s16= $reg=$reg.OpenSubKey('','ReadWriteSubTree','ChangePermissions'); if($inherit){"
set "s17= $rule=New-Object System.Security.AccessControl.RegistryAccessRule($own,'FullControl','ContainerInherit','None','Allow');"
set "s18= $acl.ResetAccessRule($rule);$reg.SetAccessControl($acl);} }; $rk=$regkey -split '\\\\',2; $key=$rk[1];"
set "s19=switch -regex ($rk[0]) { '[mM]'{$HK='LocalMachine'};'[uU]'{$HK='CurrentUser'}; default {$HK='ClassesRoot'}; }; $HK; $key;"
set "s20=if($user -eq ''){$user='Administrators'}; [System.Security.Principal.NTAccount]$owner=$user; $rcsv=($recursive -ne '');"
set "s21=Reg_TakeOwnership $HK $key $owner $true; if($rcsv){$r=[Microsoft.Win32.Registry]::$HK.OpenSubKey($key);"
set "s22=foreach($sk in $r.GetSubKeyNames()){$sk; try{ Reg_TakeOwnership $HK $($key+'\\'+$sk) $owner }catch{} }} "
setlocal &for /l %%# in (10,1,22) do call set "ps_RegTakeOwnership=%%ps_RegTakeOwnership%%%%s%%#:'=\"%%"
powershell.exe -c " $regkey='%~1';$user='%~2';$recursive='%~3'; %ps_RegTakeOwnership%;"
exit/b AveYo: call :reg_takeownership "HKLM\MyKey" "NT Service\TrustedInstaller"
:reg_query %1:KeyName %2:ValueName %3:OutputVariable %4:other_options[example: "/t REG_DWORD"]
setlocal & for /f "skip=2 delims=" %%s in ('reg query "%~1" /v "%~2" /z 2^>nul') do set "rq=%%s" & call set "rv=%%rq:*) =%%"
endlocal & set "%~3=%rv%" & exit/b AveYo: call :reg_query "HKCU\MyKey" "MyValue" MyVar
:need_admin_rights
color 0c&echo. &echo PERMISSION DENIED! Right-click %~nx0 ^& Run as administrator &timeout /t 60 &color 0f&title %COMSPEC% &exit/b
::end
goto="init" /* %~nx0
::----------------------------------------------------------------------------------------------------------------------------------
:about
::----------------------------------------------------------------------------------------------------------------------------------
title Windows Update ESD to WIM Setup [x86 or x64]
color 1f
echo.
echo ---------------------------------------------------------------------
echo : Windows Update ESD to WIM Setup [x86 or x64] :
echo :---------------------------------------------------------------------:
echo : Place in the same directory as the downloaded .esd file :
echo : Make sure you have enough free disk space (10GB recommended) :
echo : Close all other programs because it's a very intensive task :
echo ---------------------------------------------------------------------
echo.
pushd "%~dp0"
for /f %%s in ('dir /b *.esd ^| find ".esd"') do set "ESD=%%~fs"
if not exist "%ESD%" echo [ERROR] No .esd source file found in %~dp0 &pause &exit
exit/b
::----------------------------------------------------------------------------------------------------------------------------------
:main [ Batch main function ]
::----------------------------------------------------------------------------------------------------------------------------------
call :about &timeout /t 10 &echo.
echo Processing.. %ESD%
( del /f/s/q ISOFiles &rmdir /s/q ISOFiles ) >nul 2>nul
set "s10=$ESDFilePath=Get-ChildItem *.esd; $ImageExclusions=@('Windows Setup Media', 'Microsoft Windows PE (x64)',"
set "s11= 'Microsoft Windows Setup (x64)', 'Microsoft Windows PE (x86)', 'Microsoft Windows Setup (x86)');"
set "s12=$AllImages=Get-WindowsImage -ImagePath $ESDFilePath; write-host $AllImages.ImageName;"
set "s13=$SetupMediaImage=$AllImages.Where({$_.ImageName -eq "Windows Setup Media"});"
set "s14=$SetupImage=$AllImages.Where({$_.ImageName -eq "Microsoft Windows Setup (x64)" -or"
set "s15= $_.ImageName -eq "Microsoft Windows Setup (x86)"});"
set "s16=New-Item -Path ".\ISOFiles" -ItemType Directory -ErrorAction SilentlyContinue;"
set "s17=Expand-WindowsImage -ImagePath $ESDFilePath -Index $SetupMediaImage.ImageIndex -ApplyPath ".\ISOFiles";"
set "s18=Export-WindowsImage -SourceImagePath $ESDFilePath -SourceIndex $SetupImage.ImageIndex -CompressionType Maximum"
set "s19= -DestinationImagePath ".\ISOFiles\Sources\boot.wim" -DestinationName $SetupImage.ImageName;"
set "s20=$AllImages.Where({$_.ImageName -notin $ImageExclusions}).foreach( {"
set "s21= Export-WindowsImage -SourceImagePath $ESDFilePath -SourceIndex $_.ImageIndex -CompressionType Maximum"
set "s22= -DestinationImagePath ".\ISOFiles\Sources\Install.wim" -DestinationName $_.ImageName } );"
for /l %%# in (10,1,22) do call set "ps_esd2wim=%%ps_esd2wim%%%%s%%#:"=\"%%"
powershell.exe -c "%ps_esd2wim%;"
pause
exit
::----------------------------------------------------------------------------------------------------------------------------------
:"init" [ Batch entry function ]
::----------------------------------------------------------------------------------------------------------------------------------
@echo off & cls & setlocal & if "%1"=="init" shift &shift & goto :main &rem Admin self-restart flag found, jump to main
reg query "HKEY_USERS\S-1-5-20\Environment" /v temp 1>nul 2>nul && goto :main || call :about & echo Requesting admin rights..
call cscript /nologo /e:JScript "%~f0" get_rights "%1" & exit
::----------------------------------------------------------------------------------------------------------------------------------
*/ // [ JScript functions ] all batch lines above are treated as a /* js comment */ in cscript
function get_rights(fn) { var console_init_shift='/c start "init" "'+fn+'"'+' init '+fn+' '+WSH.Arguments(1);
WSH.CreateObject("Shell.Application").ShellExecute('cmd.exe',console_init_shift,"","runas",1); }
if (WSH.Arguments.length>=1 && WSH.Arguments(0)=="get_rights") get_rights(WSH.ScriptFullName);
//
<# : FreeStandbyMemory by AveYo, v4: revised snippet, advanced schedule, built-in add-remove, under 4KB
@echo off
set/a CLEAR_EVERY_MINUTES=5
set/a CLEAR_WHEN_UNDER_MB=512
if %1.==schedule. (goto schedule) else goto setup
:schedule
for /f %%M in ('%SystemRoot%\System32\wbem\wmic.exe OS get FreePhysicalMemory') do set/a FreePhysicalMemory+=%%M >nul 2>nul
set/a ClearWhenUnderKB=1024*%CLEAR_WHEN_UNDER_MB%
if %FreePhysicalMemory% GTR %ClearWhenUnderKB% exit
powershell -NoProfile -c "iex (${%~f0} | out-string)"
exit
:setup
title FreeStandbyMemory
reg query "HKEY_USERS\S-1-5-20\Environment" /v TEMP >nul 2>nul || (
color 0c & echo. & echo PERMISSION DENIED! Right-click %~nx0 ^& Run as administrator
timeout /t 60 & color 0f & title %COMSPEC% & exit/b
)
set "f0=%Windir%\FreeStandbyMemory.bat"
schtasks /query /tn FreeStandbyMemory >nul 2>nul && (
schtasks /Delete /TN "FreeStandbyMemory" /f >nul 2>nul & rem del /f /q "%f0%"
color 0c &echo REMOVED! Run script again to add persistent schedule!
timeout /t -1 &color 0f &title %COMSPEC% &exit/b
)
echo CLEAR_EVERY_MINUTES=%CLEAR_EVERY_MINUTES%
echo CLEAR_WHEN_UNDER_MB=%CLEAR_WHEN_UNDER_MB%
if /i "%~f0"=="%f0%" (set "COPY2WINDIR=") else echo|set/p=%f0% &copy /y "%~f0" "%f0%" &set "COPY2WINDIR=yes"
schtasks /Create /RU "System" /SC MINUTE /MO %CLEAR_EVERY_MINUTES% /TN "FreeStandbyMemory" /TR "cmd.exe /c call \"%f0%\" schedule" /SD "01/01/2010" /ST "01:00:00" /NP /RL HIGHEST /F
set "stss=-AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -ExecutionTimeLimit (New-TimeSpan -Minutes 3) -Priority 4 -StartWhenAvailable"
powershell -c "$s=New-ScheduledTaskSettingsSet %stss%; $s.CimInstanceProperties['MultipleInstances'].Value=3; Set-ScheduledTask -TaskName FreeStandbyMemory -Settings $s"
schtasks /Run /TN "FreeStandbyMemory"
echo ADDED! Run %~f0 again to remove persistent schedule!
timeout /t -1
exit /b
# Based on "PowerShell wrapper script for clear StandBy memory without RAMMap" by Alexander Korotkov
# Implemented SetSystemFileCacheSize and NtSetSystemInformation suggestions by Maks.K
# Using RtlAdjustPrivilege, stripped output, sanitized by AveYo
#>
$Snippet = @"
using System;
using System.Runtime.InteropServices;
namespace FreeStandbyMemory
{
public class PInvoke
{
const uint SE_INCREASE_QUOTA_PRIVILEGE = 0x00000005;
const uint SE_PROF_SINGLE_PROCESS_PRIVILEGE = 0x0000000d;
const int SystemFileCacheInformation = 0x0015;
const int SystemMemoryListInformation = 0x0050;
static int MemoryPurgeStandbyList = 0x0004;
static bool retv = false;
[DllImport("ntdll.dll")]
static extern uint RtlAdjustPrivilege(ulong Privilege, bool Enable, bool CurrentThread, ref bool RetValue);
[DllImport("ntdll.dll")]
static extern uint NtSetSystemInformation(int InfoClass, ref int Info, int Length);
[DllImport("kernel32")]
static extern bool SetSystemFileCacheSize(IntPtr MinimumFileCacheSize, IntPtr MaximumFileCacheSize, int Flags);
public static void ClearStandbyCache(bool ClearFileSystemCache)
{
try
{
RtlAdjustPrivilege(SE_INCREASE_QUOTA_PRIVILEGE, true, false, ref retv);
RtlAdjustPrivilege(SE_PROF_SINGLE_PROCESS_PRIVILEGE, true, false, ref retv);
if (ClearFileSystemCache) SetSystemFileCacheSize(IntPtr.Subtract(IntPtr.Zero, 1), IntPtr.Subtract(IntPtr.Zero, 1), 0);
NtSetSystemInformation(SystemMemoryListInformation, ref MemoryPurgeStandbyList, Marshal.SizeOf(MemoryPurgeStandbyList));
}
catch (Exception)
{
}
}
}
}
"@
Add-Type -TypeDefinition $Snippet -Language CSharp
[FreeStandbyMemory.PInvoke]::ClearStandbyCache($true)
# use $false to skip ClearFileSystemCache
@echo off &title MediaCreationTool1709.bat - create iso or usb installer for 1709 [RS3]
:: Wrapper around official MediaCreationTool.exe downloaded from microsoft! Can be run under W7 host OS with just powershell v2
pushd "%~dp0"
::del /f /q products.* >nul 2>nul
powershell -c "(new-object System.Net.WebClient).DownloadFile('http://download.microsoft.com/download/3/8/9/38926395-6FB1-4487-83DF-4241D2EA79F7/products_20171005.cab','products.cab');"
::del /f /q MediaCreationTool1709.exe >nul 2>nul
powershell -c "(new-object System.Net.WebClient).DownloadFile('https://download.microsoft.com/download/A/B/E/ABEE70FE-7DE8-472A-8893-5F69947DE0B1/MediaCreationTool.exe','MediaCreationTool1709.exe');"
echo Generic Home key copied to clipboard if needed..
timeout /t 3 >nul
if not exist MediaCreationTool1709.exe exit/b
echo|set/p=YTMG3-N6DKC-DKB77-7M9GH-8HVX7|clip
::Tip:: you can override auto-detected parameters to generate a specific language, architecture and edition!
rem start "" MediaCreationTool.exe /Selfhost /Eula Accept /Retail /MediaLangCode en-us /MediaArch x64 /MediaEdition Professional
start "" MediaCreationTool1709.exe /SelfHost /Retail /Eula Accept /Telemetry Disable /DynamicUpdate Disable /MediaEdition Core /MediaPath C:\RS4 /CopyLogs C:\RS4
exit/b
@echo off &title MediaCreationTool_RS4.bat - create iso or usb installer for the 1803 re-released rtm build [RS4_04_20_2018]
:: Wrapper around official MediaCreationTool.exe downloaded from microsoft! Can be run under W7 host OS with just powershell v2
pushd "%~dp0"
del /f /q products.* >nul 2>nul
powershell -c "(new-object System.Net.WebClient).DownloadFile('https://download.microsoft.com/download/F/1/2/F12AE2F0-B1CC-4A83-9529-C3D43F171C62/Products_RS4_04_20_2018.xml','products.xml');"
del /f /q MediaCreationTool.exe >nul 2>nul
powershell -c "(new-object System.Net.WebClient).DownloadFile('https://go.microsoft.com/fwlink/?LinkId=691209','MediaCreationTool.exe');"
set "s1=$f=[System.IO.File]::ReadAllText('products.xml')"
set "s2=.Replace('<PublishedMedia id=','<MCT><Catalogs><Catalog version=\"1.1\"><PublishedMedia id=')"
set "s3=.Replace('</PublishedMedia>','</PublishedMedia></Catalog></Catalogs></MCT>');"
set "s4=[System.IO.File]::WriteAllText('products.xml', $f);"
powershell -c "%s1%%s2%%s3%%s4%"
start "" /wait makecab products.xml products.cab
echo Generic Pro key copied to clipboard if needed..
timeout /t 3 >nul
if not exist MediaCreationTool.exe exit/b
echo|set/p=VK7JG-NPHTM-C97JM-9MPGT-3V66T|clip
::Tip:: you can override auto-detected parameters to generate a specific language, architecture and edition!
rem start "" MediaCreationTool.exe /Selfhost /Eula Accept /Retail /MediaLangCode en-us /MediaArch x64 /MediaEdition Professional
start "" MediaCreationTool.exe /Selfhost
exit/b
<# :
@type "%~f0" | powershell -c - & pause
#>
function Get-SpeculationControlSettings {
<#
.SYNOPSIS
This function queries the speculation control settings for the system.
.DESCRIPTION
This function queries the speculation control settings for the system.
.PARAMETER Quiet
This parameter suppresses host output that is displayed by default.
#>
[CmdletBinding()]
param (
[switch]$Quiet
)
process {
$NtQSIDefinition = @'
[DllImport("ntdll.dll")]
public static extern int NtQuerySystemInformation(uint systemInformationClass, IntPtr systemInformation, uint systemInformationLength, IntPtr returnLength);
'@
$ntdll = Add-Type -MemberDefinition $NtQSIDefinition -Name 'ntdll' -Namespace 'Win32' -PassThru
[System.IntPtr]$systemInformationPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal(4)
[System.IntPtr]$returnLengthPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal(4)
$object = New-Object -TypeName PSObject
try {
#
# Query branch target injection information.
#
if ($Quiet -ne $true) {
Write-Host "Speculation control settings for CVE-2017-5715 [branch target injection]" -ForegroundColor Cyan
Write-Host "For more information about the output below, please refer to https://support.microsoft.com/en-in/help/4074629" -ForegroundColor Cyan
Write-Host
}
$btiHardwarePresent = $false
$btiWindowsSupportPresent = $false
$btiWindowsSupportEnabled = $false
$btiDisabledBySystemPolicy = $false
$btiDisabledByNoHardwareSupport = $false
[System.UInt32]$systemInformationClass = 201
[System.UInt32]$systemInformationLength = 4
$retval = $ntdll::NtQuerySystemInformation($systemInformationClass, $systemInformationPtr, $systemInformationLength, $returnLengthPtr)
if ($retval -eq 0xc0000003 -or $retval -eq 0xc0000002) {
# fallthrough
}
elseif ($retval -ne 0) {
throw (("Querying branch target injection information failed with error {0:X8}" -f $retval))
}
else {
[System.UInt32]$scfBpbEnabled = 0x01
[System.UInt32]$scfBpbDisabledSystemPolicy = 0x02
[System.UInt32]$scfBpbDisabledNoHardwareSupport = 0x04
[System.UInt32]$scfHwReg1Enumerated = 0x08
[System.UInt32]$scfHwReg2Enumerated = 0x10
[System.UInt32]$scfHwMode1Present = 0x20
[System.UInt32]$scfHwMode2Present = 0x40
[System.UInt32]$scfSmepPresent = 0x80
[System.UInt32]$flags = [System.UInt32][System.Runtime.InteropServices.Marshal]::ReadInt32($systemInformationPtr)
$btiHardwarePresent = ((($flags -band $scfHwReg1Enumerated) -ne 0) -or (($flags -band $scfHwReg2Enumerated)))
$btiWindowsSupportPresent = $true
$btiWindowsSupportEnabled = (($flags -band $scfBpbEnabled) -ne 0)
if ($btiWindowsSupportEnabled -eq $false) {
$btiDisabledBySystemPolicy = (($flags -band $scfBpbDisabledSystemPolicy) -ne 0)
$btiDisabledByNoHardwareSupport = (($flags -band $scfBpbDisabledNoHardwareSupport) -ne 0)
}
if ($Quiet -ne $true -and $PSBoundParameters['Verbose']) {
Write-Host "BpbEnabled :" (($flags -band $scfBpbEnabled) -ne 0)
Write-Host "BpbDisabledSystemPolicy :" (($flags -band $scfBpbDisabledSystemPolicy) -ne 0)
Write-Host "BpbDisabledNoHardwareSupport :" (($flags -band $scfBpbDisabledNoHardwareSupport) -ne 0)
Write-Host "HwReg1Enumerated :" (($flags -band $scfHwReg1Enumerated) -ne 0)
Write-Host "HwReg2Enumerated :" (($flags -band $scfHwReg2Enumerated) -ne 0)
Write-Host "HwMode1Present :" (($flags -band $scfHwMode1Present) -ne 0)
Write-Host "HwMode2Present :" (($flags -band $scfHwMode2Present) -ne 0)
Write-Host "SmepPresent :" (($flags -band $scfSmepPresent) -ne 0)
}
}
if ($Quiet -ne $true) {
Write-Host "Hardware support for branch target injection mitigation is present:"($btiHardwarePresent) -ForegroundColor $(If ($btiHardwarePresent) { [System.ConsoleColor]::Green } Else { [System.ConsoleColor]::Red })
Write-Host "Windows OS support for branch target injection mitigation is present:"($btiWindowsSupportPresent) -ForegroundColor $(If ($btiWindowsSupportPresent) { [System.ConsoleColor]::Green } Else { [System.ConsoleColor]::Red })
Write-Host "Windows OS support for branch target injection mitigation is enabled:"($btiWindowsSupportEnabled) -ForegroundColor $(If ($btiWindowsSupportEnabled) { [System.ConsoleColor]::Green } Else { [System.ConsoleColor]::Red })
if ($btiWindowsSupportPresent -eq $true -and $btiWindowsSupportEnabled -eq $false) {
Write-Host -ForegroundColor Red "Windows OS support for branch target injection mitigation is disabled by system policy:"($btiDisabledBySystemPolicy)
Write-Host -ForegroundColor Red "Windows OS support for branch target injection mitigation is disabled by absence of hardware support:"($btiDisabledByNoHardwareSupport)
}
}
$object | Add-Member -MemberType NoteProperty -Name BTIHardwarePresent -Value $btiHardwarePresent
$object | Add-Member -MemberType NoteProperty -Name BTIWindowsSupportPresent -Value $btiWindowsSupportPresent
$object | Add-Member -MemberType NoteProperty -Name BTIWindowsSupportEnabled -Value $btiWindowsSupportEnabled
$object | Add-Member -MemberType NoteProperty -Name BTIDisabledBySystemPolicy -Value $btiDisabledBySystemPolicy
$object | Add-Member -MemberType NoteProperty -Name BTIDisabledByNoHardwareSupport -Value $btiDisabledByNoHardwareSupport
#
# Query kernel VA shadow information.
#
if ($Quiet -ne $true) {
Write-Host
Write-Host "Speculation control settings for CVE-2017-5754 [rogue data cache load]" -ForegroundColor Cyan
Write-Host
}
$kvaShadowRequired = $true
$kvaShadowPresent = $false
$kvaShadowEnabled = $false
$kvaShadowPcidEnabled = $false
$cpu = Get-WmiObject Win32_Processor
if ($cpu -is [array]) {
$cpu = $cpu[0]
}
$manufacturer = $cpu.Manufacturer
if ($manufacturer -eq "AuthenticAMD") {
$kvaShadowRequired = $false
}
elseif ($manufacturer -eq "GenuineIntel") {
$regex = [regex]'Family (\d+) Model (\d+) Stepping (\d+)'
$result = $regex.Match($cpu.Description)
if ($result.Success) {
$family = [System.UInt32]$result.Groups[1].Value
$model = [System.UInt32]$result.Groups[2].Value
$stepping = [System.UInt32]$result.Groups[3].Value
if (($family -eq 0x6) -and
(($model -eq 0x1c) -or
($model -eq 0x26) -or
($model -eq 0x27) -or
($model -eq 0x36) -or
($model -eq 0x35))) {
$kvaShadowRequired = $false
}
}
}
else {
throw ("Unsupported processor manufacturer: {0}" -f $manufacturer)
}
[System.UInt32]$systemInformationClass = 196
[System.UInt32]$systemInformationLength = 4
$retval = $ntdll::NtQuerySystemInformation($systemInformationClass, $systemInformationPtr, $systemInformationLength, $returnLengthPtr)
if ($retval -eq 0xc0000003 -or $retval -eq 0xc0000002) {
}
elseif ($retval -ne 0) {
throw (("Querying kernel VA shadow information failed with error {0:X8}" -f $retval))
}
else {
[System.UInt32]$kvaShadowEnabledFlag = 0x01
[System.UInt32]$kvaShadowUserGlobalFlag = 0x02
[System.UInt32]$kvaShadowPcidFlag = 0x04
[System.UInt32]$kvaShadowInvpcidFlag = 0x08
[System.UInt32]$flags = [System.UInt32][System.Runtime.InteropServices.Marshal]::ReadInt32($systemInformationPtr)
$kvaShadowPresent = $true
$kvaShadowEnabled = (($flags -band $kvaShadowEnabledFlag) -ne 0)
$kvaShadowPcidEnabled = ((($flags -band $kvaShadowPcidFlag) -ne 0) -and (($flags -band $kvaShadowInvpcidFlag) -ne 0))
if ($Quiet -ne $true -and $PSBoundParameters['Verbose']) {
Write-Host "KvaShadowEnabled :" (($flags -band $kvaShadowEnabledFlag) -ne 0)
Write-Host "KvaShadowUserGlobal :" (($flags -band $kvaShadowUserGlobalFlag) -ne 0)
Write-Host "KvaShadowPcid :" (($flags -band $kvaShadowPcidFlag) -ne 0)
Write-Host "KvaShadowInvpcid :" (($flags -band $kvaShadowInvpcidFlag) -ne 0)
}
}
if ($Quiet -ne $true) {
Write-Host "Hardware requires kernel VA shadowing:"$kvaShadowRequired
if ($kvaShadowRequired) {
Write-Host "Windows OS support for kernel VA shadow is present:"$kvaShadowPresent -ForegroundColor $(If ($kvaShadowPresent) { [System.ConsoleColor]::Green } Else { [System.ConsoleColor]::Red })
Write-Host "Windows OS support for kernel VA shadow is enabled:"$kvaShadowEnabled -ForegroundColor $(If ($kvaShadowEnabled) { [System.ConsoleColor]::Green } Else { [System.ConsoleColor]::Red })
if ($kvaShadowEnabled) {
Write-Host "Windows OS support for PCID performance optimization is enabled: $kvaShadowPcidEnabled [not required for security]" -ForegroundColor $(If ($kvaShadowPcidEnabled) { [System.ConsoleColor]::Green } Else { [System.ConsoleColor]::White })
}
}
}
$object | Add-Member -MemberType NoteProperty -Name KVAShadowRequired -Value $kvaShadowRequired
$object | Add-Member -MemberType NoteProperty -Name KVAShadowWindowsSupportPresent -Value $kvaShadowPresent
$object | Add-Member -MemberType NoteProperty -Name KVAShadowWindowsSupportEnabled -Value $kvaShadowEnabled
$object | Add-Member -MemberType NoteProperty -Name KVAShadowPcidEnabled -Value $kvaShadowPcidEnabled
#
# Provide guidance as appropriate.
#
$actions = @()
if ($btiHardwarePresent -eq $false) {
$actions += "Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation."
}
if ($btiWindowsSupportPresent -eq $false -or $kvaShadowPresent -eq $false) {
$actions += "Install the latest available updates for Windows with support for speculation control mitigations."
}
if (($btiHardwarePresent -eq $true -and $btiWindowsSupportEnabled -eq $false) -or ($kvaShadowRequired -eq $true -and $kvaShadowEnabled -eq $false)) {
$guidanceUri = ""
$guidanceType = ""
$os = Get-WmiObject Win32_OperatingSystem
if ($os.ProductType -eq 1) {
# Workstation
$guidanceUri = "https://support.microsoft.com/help/4073119"
$guidanceType = "Client"
}
else {
# Server/DC
$guidanceUri = "https://support.microsoft.com/help/4072698"
$guidanceType = "Server"
}
$actions += "Follow the guidance for enabling Windows $guidanceType support for speculation control mitigations described in $guidanceUri"
}
if ($Quiet -ne $true -and $actions.Length -gt 0) {
Write-Host
Write-Host "Suggested actions" -ForegroundColor Cyan
Write-Host
foreach ($action in $actions) {
Write-Host " *" $action
}
}
return $object
}
finally
{
if ($systemInformationPtr -ne [System.IntPtr]::Zero) {
[System.Runtime.InteropServices.Marshal]::FreeHGlobal($systemInformationPtr)
}
if ($returnLengthPtr -ne [System.IntPtr]::Zero) {
[System.Runtime.InteropServices.Marshal]::FreeHGlobal($returnLengthPtr)
}
}
}
}
Get-SpeculationControlSettings
#
goto="init" /* %~nx0
:: unified v9 final builds: Notifications = low block, Installs = medium block, Downloads = high block, Service = full block
:: v9.1: add a DefenderUpdate 4-hours scheduled task (if automatic updates are disabled, Defender update on it's own just daily)
:: v9.2: fix DefenderUpdate dependency on wuauclt in 1803
::----------------------------------------------------------------------------------------------------------------------------------
:about Consider using the much safer and convenient windows_update_toggle.bat instead!
::----------------------------------------------------------------------------------------------------------------------------------
title Windows Update Toggle
call :check_status
echo.
echo ---------------------------------------------------------------------
echo : Windows Update Downloads Toggle v9.2 :
echo :---------------------------------------------------------------------:
echo : Block all updates from even downloading [High] :
echo : Store works, Defender protection updates do not so get another AV :
echo : Use Desktop right-click context menu entry to toggle :
echo : :
echo : Currently: %STATUS%%_% :
echo : :
echo : Press Alt+F4 to cancel Always run latest version :
echo ---------------------------------------------------------------------
echo Installs and Notifications only builds available: https://git.io/vx2et
echo.
exit/b
:: What could go wrong: pending updates and manually disable updates before reboot? pc could not continue to login screen
:: And how to fix it: hit reset button 3 times until auto repair menu, select troubleshooting - command prompt and enter:
:: reg load HKLM\FIX c:\windows\system32\config\SOFTWARE
:: reg delete "HKLM\FIX\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" /f
:: reg unload HKLM\FIX
:: So Always reboot to finish pending updates Before disabling! to prevent such (very unlikely) issue
::----------------------------------------------------------------------------------------------------------------------------------
:main [ Batch main function ]
::----------------------------------------------------------------------------------------------------------------------------------
set "build=Downloads" &set "xnotify=" &set "xerr=" &set "xupd=" &set "xopt=" &color 07 &call :about &timeout /t 10
:: notification blocking
set "xnotify=%xnotify% MusNotification MusNotifyIcon" || Tasks\Microsoft\Windows\UpdateOrchestrator ESSENTIAL!
set "xnotify=%xnotify% UpdateNotificationMgr UNPUXLauncher UNPUXHost" || Tasks\Microsoft\Windows\UNP
set "xnotify=%xnotify% Windows10UpgraderApp DWTRIG20 DW20 GWX" || Windows10Upgrade
:: error reporting blocking
set "xerr=%xerr% wermgr WerFault WerFaultSecure DWWIN" || Tasks\Microsoft\Windows\Windows Error Reporting
:: update blocking - temporarily restore using Desktop right-click context menu: Windows Update
set "xupd=%xupd% TiWorker" || BLOCKS ANY UPDATE DOWNLOADS - CRIPPLING DEFENDER+UNINST UPD
set "xupd=%xupd% UsoClient" || Tasks\Microsoft\Windows\UpdateOrchestrator ESSENTIAL!
set "xupd=%xupd% WaaSMedic" || Tasks\Microsoft\Windows\WaaSMedic
set "xupd=%xupd% SIHClient WindowsUpdateBox" || Tasks\Microsoft\Windows\WindowsUpdate
set "xupd=%xupd% GetCurrentRollback WinREBootApp64 WinREBootApp32" || Windows10Upgrade
:: diag - optional blocking of diagnostics / telemetry
rem set "xopt=%xopt% compattelrunner" || Tasks\Microsoft\Windows\Application Experience
rem set "xopt=%xopt% dstokenclean appidtel" || Tasks\Microsoft\Windows\ApplicationData
rem set "xopt=%xopt% wsqmcons" || Tasks\Microsoft\Windows\Customer Experience Improvement Prg
rem set "xopt=%xopt% dusmtask" || Tasks\Microsoft\Windows\DUSM
rem set "xopt=%xopt% dmclient" || Tasks\Microsoft\Windows\Feedback\Siuf
rem set "xopt=%xopt% DataUsageLiveTileTask" || Tasks\{SID}\DataSenseLiveTileTask
rem set "xopt=%xopt% DiagnosticsHub.StandardCollector.Service" || System32\DiagSvcs
rem set "xopt=%xopt% HxTsr" || WindowsApps\microsoft.windowscommunicationsapps
:: other - optional blocking of other tools
rem set "xopt=%xopt% PilotshubApp" || WindowsApps\Microsoft.WindowsFeedbackHub_
rem set "xopt=%xopt% SpeechModelDownload SpeechRuntime" || Tasks\Microsoft\Windows\Speech RECOMMENDED
rem set "xopt=%xopt% LocationNotificationWindows WindowsActionDialog" || Tasks\Microsoft\Windows\Location
rem set "xopt=%xopt% DFDWiz disksnapshot" || Tasks\Microsoft\Windows\DiskFootprint
::----------------------------------------------------------------------------------------------------------------------------------
:: all_entries - used to cleanup orphaned / commented entries between script versions
set e1=TiWorker UsoClient wuauclt wusa WaaSMedic SIHClient WindowsUpdateBox GetCurrentRollback WinREBootApp64 WinREBootApp32
set e2=MusNotification MusNotifyIcon UpdateNotificationMgr UNPUXLauncher UNPUXHost Windows10UpgraderApp DWTRIG20 DW20 GWX wuapihost
set e3=wermgr WerFault WerFaultSecure DWWIN compattelrunner dstokenclean appidtel wsqmcons dusmtask dmclient DataUsageLiveTileTask
set e4=DiagnosticsHub.StandardCollector.Service HxTsr PilotshubApp SpeechModelDownload SpeechRuntime LocationNotificationWindows
set e5=WindowsActionDialog DFDWiz disksnapshot TrustedInstaller
set all_entries=%e1% %e2% %e3% %e4% %e5% & set exe=%xnotify% %xerr% %xupd% %xopt%
:: Cleanup orphaned / commented items between script versions
echo.
for %%C in (%all_entries%) do call :cleanup_orphaned %%C
echo.
:: Toggle execution via IFEO
set/a "bl=0" & set/a "unbl=0" & set "REGISTRY_MISMATCH=echo [REGISTRY MISMATCH CORRECTED] & echo."
for %%a in (%exe%) do call :ToggleExecution "%ifeo%\%%a.exe"
if %bl% gtr 0 if %unbl% gtr 0 %REGISTRY_MISMATCH% & for %%a in (%exe%) do call :ToggleExecution "%ifeo%\%%a.exe" forced
echo.
call :check_status
:: Generate WindowsUpdate.cmd script to update manually
pushd "%systemroot%" & set wu=WindowsUpdate.cmd
>%wu% echo/goto="init" /*
>>%wu% echo/:main Windows Update %build% Toggle - Desktop right-click menu entry [ https://git.io/vx2et ]
>>%wu% echo/set "ifeo=HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options"
>>%wu% echo/reg query "%%ifeo%%\TiWorker.exe" /v Debugger 1^>nul 2^>nul ^&^& set "STATUS=OFF" ^|^| set "STATUS=ON!"
>>%wu% echo/set "dmy=%%systemroot%%\System32\systray.exe" ^&set "exe=%xupd%"
>>%wu% echo/if "%%STATUS%%"=="OFF" for %%%%a in ^(%%exe%%^) do reg delete "%%ifeo%%\%%%%a.exe" /v "Debugger" /f ^>nul 2^>nul
>>%wu% echo/if "%%STATUS%%"=="ON!" for %%%%a in ^(%%exe%%^) do reg add "%%ifeo%%\%%%%a.exe" /v "Debugger" /d "%%dmy%%" /f ^>nul
>>%wu% echo/if "%%STATUS%%"=="ON!" for %%%%a in ^(%%exe%%^) do taskkill /IM %%%%a.exe /t /f ^>nul 2^>nul
>>%wu% echo/reg query "%%ifeo%%\TiWorker.exe" /v Debugger 1^>nul 2^>nul ^&^& set "STATUS=OFF" ^|^| set "STATUS=ON!"
>>%wu% echo/set "key=HKEY_CLASSES_ROOT\DesktopBackground\Shell\WindowsUpdate"
>>%wu% echo/reg add "%%key%%" /v "MUIVerb" /d "Windows Update %build% : %%STATUS%%" /f ^>nul 2^>nul
>>%wu% echo/echo Always reboot to finish pending updates Before disabling! ^&echo. ^&echo Windows Update %build% now: %%STATUS%%
>>%wu% echo/schtasks /Run /TN DefenderUpdate ^>nul 2^>nul
>>%wu% echo/timeout /t 6 ^>nul ^& exit
>>%wu% echo/:"init"
>>%wu% echo/@echo off ^&title Windows Update ^&mode 80,4 ^&color 1f ^&setlocal ^&if "%%1"=="init" shift ^&shift ^&goto :main
>>%wu% echo/reg query "HKEY_USERS\S-1-5-20\Environment" /v temp 1^>nul 2^>nul ^&^& goto :main ^|^| echo. ^&echo Requesting rights..
>>%wu% echo/call cscript /nologo /e:JScript "%%~f0" get_rights "%%1" ^& exit *^/
>>%wu% echo/function get_rights^(fn^) { var console_init_shift='/c start "init" "'+fn+'"'+' init '+fn+' '+WSH.Arguments^(1^);
>>%wu% echo/ WSH.CreateObject^("Shell.Application"^).ShellExecute^('cmd.exe',console_init_shift,"","runas",1^); }
>>%wu% echo/if ^(WSH.Arguments.length^>=1 ^&^& WSH.Arguments^(0^)=="get_rights"^) get_rights^(WSH.ScriptFullName^);
takeown /f %wu% >nul 2>nul &icacls %wu% /grant %username%:F >nul 2>nul
if "%STATUS%"=="ON!" del /f /q %wu% >nul 2>nul
:: Add Desktop right-click entry [Windows Update] to update manually
set "key=HKEY_CLASSES_ROOT\DesktopBackground\Shell\WindowsUpdate"
reg delete "%key%" /f >nul 2>nul
reg add "%key%" /v "MUIVerb" /d "Windows Update %build% : OFF" /f >nul 2>nul
reg add "%key%" /v "Icon" /d "appwiz.cpl,5" /f >nul 2>nul
reg add "%key%" /v "Position" /d "Bottom" /f >nul 2>nul
reg add "%key%\command" /ve /d "%systemroot%\WindowsUpdate.cmd" >nul 2>nul
if "%STATUS%"=="ON!" reg delete "%key%" /f >nul 2>nul
:: Add a DefenderUpdate scheduled task every 4-hours
set "defu=cmd.exe /c pushd \"%%ProgramFiles%%\Windows Defender\""
set "defu=%defu% & MpCmdRun.exe -removedefinitions -dynamicsignatures"
set "defu=%defu% & MpCmdRun.exe -SignatureUpdate"
schtasks /Delete /TN DefenderUpdate /f >nul 2>nul
if "%STATUS%"=="OFF" schtasks /Create /RU "System" /sc MINUTE /MO 240 /TN DefenderUpdate /TR "%defu%" /ST "12:00:00" /NP >nul 2>nul
if "%STATUS%"=="OFF" schtasks /Run /TN DefenderUpdate >nul 2>nul
:: Done!
echo ---------------------------------------------------------------------
if "%STATUS%"=="OFF" ( color 0c &echo Windows Update %build% now: OFF ) else color 0b &echo Windows Update %build% now: ON!
if "%STATUS%"=="OFF" ( echo Use Desktop right-click menu to toggle.. ) else echo Desktop right-click menu removed..
echo ---------------------------------------------------------------------
echo.
pause
exit
::----------------------------------------------------------------------------------------------------------------------------------
:: Utility functions
::----------------------------------------------------------------------------------------------------------------------------------
:check_status
set "ifeo=HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options"
reg query "%ifeo%\TiWorker.exe" /v Debugger 1>nul 2>nul && set "STATUS=OFF" || set "STATUS=ON!"
set "_= " &if "%STATUS%"=="OFF" ( color 0c ) else color 0b
exit/b
:cleanup_orphaned %1:[entry to check, used internally] %2:[anytext=silent]
call set "orphaned=%%exe:%1=%%" & set "okey="%ifeo%\%1.exe""
if /i "%orphaned%"=="%exe%" reg delete %okey% /v "Debugger" /f >nul 2>nul & if /i ".%2"=="." echo %1 not selected..
exit/b
:ToggleExecution %1:[regpath] %2:[optional "forced"]
set "dummy=%windir%\System32\systray.exe" & rem allow dummy process creation to limit errors
if "%STATUS%_%2"=="OFF_forced" reg delete "%~1" /v "Debugger" /f >nul 2>nul & exit/b
if "%STATUS%_%2"=="ON!_forced" reg add "%~1" /v Debugger /d "%dummy%" /f >nul 2>nul & exit/b
reg query "%~1" /v Debugger 1>nul 2>nul && set "isBlocked=1" || set "isBlocked="
if defined isBlocked reg delete "%~1" /v "Debugger" /f >nul 2>nul & set/a "unbl+=1" & echo %~n1 un-blocked! & exit/b
reg add "%~1" /v Debugger /d "%dummy%" /f >nul 2>nul & set/a "bl+=1" & echo %~n1 blocked! & taskkill /IM %~n1 /t /f >nul 2>nul
exit/b
::----------------------------------------------------------------------------------------------------------------------------------
:"init" [ Batch entry function ]
::----------------------------------------------------------------------------------------------------------------------------------
@echo off & cls & setlocal & if "%1"=="init" shift &shift & goto :main &rem Admin self-restart flag found, jump to main
reg query "HKEY_USERS\S-1-5-20\Environment" /v temp 1>nul 2>nul && goto :main || call :about 0c & echo Requesting admin rights..
call cscript /nologo /e:JScript "%~f0" get_rights "%1" & exit
::----------------------------------------------------------------------------------------------------------------------------------
*/ // [ JScript functions ] all batch lines above are treated as a /* js comment */ in cscript
function get_rights(fn) { var console_init_shift='/c start "init" "'+fn+'"'+' init '+fn+' '+WSH.Arguments(1);
WSH.CreateObject("Shell.Application").ShellExecute('cmd.exe',console_init_shift,"","runas",1); }
if (WSH.Arguments.length>=1 && WSH.Arguments(0)=="get_rights") get_rights(WSH.ScriptFullName);
//
goto="init" /* %~nx0
:: unified v9 final builds: Notifications = low block, Installs = medium block, Downloads = high block, Service = full block
:: v9.1: add a DefenderUpdate 4-hours scheduled task (if automatic updates are disabled, Defender update on it's own just daily)
:: v9.2: fix DefenderUpdate dependency on wuauclt in 1803
::----------------------------------------------------------------------------------------------------------------------------------
:about Consider using the much safer and convenient windows_update_toggle.bat instead!
::----------------------------------------------------------------------------------------------------------------------------------
title Windows Update Toggle
call :check_status
echo.
echo ---------------------------------------------------------------------
echo : Windows Update Installs Toggle v9.2 :
echo :---------------------------------------------------------------------:
echo : Block all updates from installing [Medium] :
echo : Store and Defender protection updates both work :
echo : Use Desktop right-click context menu entry to toggle :
echo : :
echo : Currently: %STATUS%%_% :
echo : :
echo : Press Alt+F4 to cancel Always run latest version :
echo ---------------------------------------------------------------------
echo Downloads and Notifications only builds available: https://git.io/vx2et
echo.
exit/b
:: What could go wrong: pending updates and manually disable updates before reboot? pc could not continue to login screen
:: And how to fix it: hit reset button 3 times until auto repair menu, select troubleshooting - command prompt and enter:
:: reg load HKLM\FIX c:\windows\system32\config\SOFTWARE
:: reg delete "HKLM\FIX\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" /f
:: reg unload HKLM\FIX
:: So Always reboot to finish pending updates Before disabling! to prevent such (very unlikely) issue
::----------------------------------------------------------------------------------------------------------------------------------
:main [ Batch main function ]
::----------------------------------------------------------------------------------------------------------------------------------
set "build=Installs" &set "xnotify=" &set "xerr=" &set "xupd=" &set "xopt=" &color 07 &call :about &timeout /t 10
:: notification blocking
set "xnotify=%xnotify% MusNotification MusNotifyIcon" || Tasks\Microsoft\Windows\UpdateOrchestrator ESSENTIAL!
set "xnotify=%xnotify% UpdateNotificationMgr UNPUXLauncher UNPUXHost" || Tasks\Microsoft\Windows\UNP
set "xnotify=%xnotify% Windows10UpgraderApp DWTRIG20 DW20 GWX" || Windows10Upgrade
:: error reporting blocking
set "xerr=%xerr% wermgr WerFault WerFaultSecure DWWIN" || Tasks\Microsoft\Windows\Windows Error Reporting
:: update blocking - temporarily restore using Desktop right-click context menu: Windows Update
set "xupd=%xupd% UsoClient" || Tasks\Microsoft\Windows\UpdateOrchestrator ESSENTIAL!
set "xupd=%xupd% WaaSMedic" || Tasks\Microsoft\Windows\WaaSMedic
set "xupd=%xupd% SIHClient WindowsUpdateBox" || Tasks\Microsoft\Windows\WindowsUpdate
set "xupd=%xupd% GetCurrentRollback WinREBootApp64 WinREBootApp32" || Windows10Upgrade
:: diag - optional blocking of diagnostics / telemetry
rem set "xopt=%xopt% compattelrunner" || Tasks\Microsoft\Windows\Application Experience
rem set "xopt=%xopt% dstokenclean appidtel" || Tasks\Microsoft\Windows\ApplicationData
rem set "xopt=%xopt% wsqmcons" || Tasks\Microsoft\Windows\Customer Experience Improvement Prg
rem set "xopt=%xopt% dusmtask" || Tasks\Microsoft\Windows\DUSM
rem set "xopt=%xopt% dmclient" || Tasks\Microsoft\Windows\Feedback\Siuf
rem set "xopt=%xopt% DataUsageLiveTileTask" || Tasks\{SID}\DataSenseLiveTileTask
rem set "xopt=%xopt% DiagnosticsHub.StandardCollector.Service" || System32\DiagSvcs
rem set "xopt=%xopt% HxTsr" || WindowsApps\microsoft.windowscommunicationsapps
:: other - optional blocking of other tools
rem set "xopt=%xopt% PilotshubApp" || WindowsApps\Microsoft.WindowsFeedbackHub_
rem set "xopt=%xopt% SpeechModelDownload SpeechRuntime" || Tasks\Microsoft\Windows\Speech RECOMMENDED
rem set "xopt=%xopt% LocationNotificationWindows WindowsActionDialog" || Tasks\Microsoft\Windows\Location
rem set "xopt=%xopt% DFDWiz disksnapshot" || Tasks\Microsoft\Windows\DiskFootprint
::----------------------------------------------------------------------------------------------------------------------------------
:: all_entries - used to cleanup orphaned / commented entries between script versions
set e1=TiWorker UsoClient wuauclt wusa WaaSMedic SIHClient WindowsUpdateBox GetCurrentRollback WinREBootApp64 WinREBootApp32
set e2=MusNotification MusNotifyIcon UpdateNotificationMgr UNPUXLauncher UNPUXHost Windows10UpgraderApp DWTRIG20 DW20 GWX wuapihost
set e3=wermgr WerFault WerFaultSecure DWWIN compattelrunner dstokenclean appidtel wsqmcons dusmtask dmclient DataUsageLiveTileTask
set e4=DiagnosticsHub.StandardCollector.Service HxTsr PilotshubApp SpeechModelDownload SpeechRuntime LocationNotificationWindows
set e5=WindowsActionDialog DFDWiz disksnapshot TrustedInstaller
set all_entries=%e1% %e2% %e3% %e4% %e5% & set exe=%xnotify% %xerr% %xupd% %xopt%
:: Cleanup orphaned / commented items between script versions
echo.
for %%C in (%all_entries%) do call :cleanup_orphaned %%C
echo.
:: Toggle execution via IFEO
set/a "bl=0" & set/a "unbl=0" & set "REGISTRY_MISMATCH=echo [REGISTRY MISMATCH CORRECTED] & echo."
for %%a in (%exe%) do call :ToggleExecution "%ifeo%\%%a.exe"
if %bl% gtr 0 if %unbl% gtr 0 %REGISTRY_MISMATCH% & for %%a in (%exe%) do call :ToggleExecution "%ifeo%\%%a.exe" forced
echo.
call :check_status
:: Generate WindowsUpdate.cmd script to update manually
pushd "%systemroot%" & set wu=WindowsUpdate.cmd
>%wu% echo/goto="init" /*
>>%wu% echo/:main Windows Update %build% Toggle - Desktop right-click menu entry [ https://git.io/vx2et ]
>>%wu% echo/set "ifeo=HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options"
>>%wu% echo/reg query "%%ifeo%%\UsoClient.exe" /v Debugger 1^>nul 2^>nul ^&^& set "STATUS=OFF" ^|^| set "STATUS=ON!"
>>%wu% echo/set "dmy=%%systemroot%%\System32\systray.exe" ^&set "exe=%xupd%"
>>%wu% echo/if "%%STATUS%%"=="OFF" for %%%%a in ^(%%exe%%^) do reg delete "%%ifeo%%\%%%%a.exe" /v "Debugger" /f ^>nul 2^>nul
>>%wu% echo/if "%%STATUS%%"=="ON!" for %%%%a in ^(%%exe%%^) do reg add "%%ifeo%%\%%%%a.exe" /v "Debugger" /d "%%dmy%%" /f ^>nul
>>%wu% echo/if "%%STATUS%%"=="ON!" for %%%%a in ^(%%exe%%^) do taskkill /IM %%%%a.exe /t /f ^>nul 2^>nul
>>%wu% echo/reg query "%%ifeo%%\UsoClient.exe" /v Debugger 1^>nul 2^>nul ^&^& set "STATUS=OFF" ^|^| set "STATUS=ON!"
>>%wu% echo/set "key=HKEY_CLASSES_ROOT\DesktopBackground\Shell\WindowsUpdate"
>>%wu% echo/reg add "%%key%%" /v "MUIVerb" /d "Windows Update %build% : %%STATUS%%" /f ^>nul 2^>nul
>>%wu% echo/echo Always reboot to finish pending updates Before disabling! ^&echo. ^&echo Windows Update %build% now: %%STATUS%%
>>%wu% echo/schtasks /Run /TN DefenderUpdate ^>nul 2^>nul
>>%wu% echo/timeout /t 6 ^>nul ^& exit
>>%wu% echo/:"init"
>>%wu% echo/@echo off ^&title Windows Update ^&mode 80,4 ^&color 1f ^&setlocal ^&if "%%1"=="init" shift ^&shift ^&goto :main
>>%wu% echo/reg query "HKEY_USERS\S-1-5-20\Environment" /v temp 1^>nul 2^>nul ^&^& goto :main ^|^| echo. ^&echo Requesting rights..
>>%wu% echo/call cscript /nologo /e:JScript "%%~f0" get_rights "%%1" ^& exit *^/
>>%wu% echo/function get_rights^(fn^) { var console_init_shift='/c start "init" "'+fn+'"'+' init '+fn+' '+WSH.Arguments^(1^);
>>%wu% echo/ WSH.CreateObject^("Shell.Application"^).ShellExecute^('cmd.exe',console_init_shift,"","runas",1^); }
>>%wu% echo/if ^(WSH.Arguments.length^>=1 ^&^& WSH.Arguments^(0^)=="get_rights"^) get_rights^(WSH.ScriptFullName^);
takeown /f %wu% >nul 2>nul &icacls %wu% /grant %username%:F >nul 2>nul
if "%STATUS%"=="ON!" del /f /q %wu% >nul 2>nul
:: Add Desktop right-click entry [Windows Update] to update manually
set "key=HKEY_CLASSES_ROOT\DesktopBackground\Shell\WindowsUpdate"
reg delete "%key%" /f >nul 2>nul
reg add "%key%" /v "MUIVerb" /d "Windows Update %build% : OFF" /f >nul 2>nul
reg add "%key%" /v "Icon" /d "appwiz.cpl,5" /f >nul 2>nul
reg add "%key%" /v "Position" /d "Bottom" /f >nul 2>nul
reg add "%key%\command" /ve /d "%systemroot%\WindowsUpdate.cmd" >nul 2>nul
if "%STATUS%"=="ON!" reg delete "%key%" /f >nul 2>nul
:: Add a DefenderUpdate scheduled task every 4-hours
set "defu=cmd.exe /c pushd \"%%ProgramFiles%%\Windows Defender\""
set "defu=%defu% & MpCmdRun.exe -removedefinitions -dynamicsignatures"
set "defu=%defu% & MpCmdRun.exe -SignatureUpdate"
schtasks /Delete /TN DefenderUpdate /f >nul 2>nul
if "%STATUS%"=="OFF" schtasks /Create /RU "System" /sc MINUTE /MO 240 /TN DefenderUpdate /TR "%defu%" /ST "12:00:00" /NP >nul 2>nul
if "%STATUS%"=="OFF" schtasks /Run /TN DefenderUpdate >nul 2>nul
:: Done!
echo ---------------------------------------------------------------------
if "%STATUS%"=="OFF" ( color 0c &echo Windows Update %build% now: OFF ) else color 0b &echo Windows Update %build% now: ON!
if "%STATUS%"=="OFF" ( echo Use Desktop right-click menu to toggle.. ) else echo Desktop right-click menu removed..
echo ---------------------------------------------------------------------
echo.
pause
exit
::----------------------------------------------------------------------------------------------------------------------------------
:: Utility functions
::----------------------------------------------------------------------------------------------------------------------------------
:check_status
set "ifeo=HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options"
reg query "%ifeo%\UsoClient.exe" /v Debugger 1>nul 2>nul && set "STATUS=OFF" || set "STATUS=ON!"
set "_= " &if "%STATUS%"=="OFF" ( color 0c ) else color 0b
exit/b
:cleanup_orphaned %1:[entry to check, used internally] %2:[anytext=silent]
call set "orphaned=%%exe:%1=%%" & set "okey="%ifeo%\%1.exe""
if /i "%orphaned%"=="%exe%" reg delete %okey% /v "Debugger" /f >nul 2>nul & if /i ".%2"=="." echo %1 not selected..
exit/b
:ToggleExecution %1:[regpath] %2:[optional "forced"]
set "dummy=%windir%\System32\systray.exe" & rem allow dummy process creation to limit errors
if "%STATUS%_%2"=="OFF_forced" reg delete "%~1" /v "Debugger" /f >nul 2>nul & exit/b
if "%STATUS%_%2"=="ON!_forced" reg add "%~1" /v Debugger /d "%dummy%" /f >nul 2>nul & exit/b
reg query "%~1" /v Debugger 1>nul 2>nul && set "isBlocked=1" || set "isBlocked="
if defined isBlocked reg delete "%~1" /v "Debugger" /f >nul 2>nul & set/a "unbl+=1" & echo %~n1 un-blocked! & exit/b
reg add "%~1" /v Debugger /d "%dummy%" /f >nul 2>nul & set/a "bl+=1" & echo %~n1 blocked! & taskkill /IM %~n1 /t /f >nul 2>nul
exit/b
::----------------------------------------------------------------------------------------------------------------------------------
:"init" [ Batch entry function ]
::----------------------------------------------------------------------------------------------------------------------------------
@echo off & cls & setlocal & if "%1"=="init" shift &shift & goto :main &rem Admin self-restart flag found, jump to main
reg query "HKEY_USERS\S-1-5-20\Environment" /v temp 1>nul 2>nul && goto :main || call :about 0c & echo Requesting admin rights..
call cscript /nologo /e:JScript "%~f0" get_rights "%1" & exit
::----------------------------------------------------------------------------------------------------------------------------------
*/ // [ JScript functions ] all batch lines above are treated as a /* js comment */ in cscript
function get_rights(fn) { var console_init_shift='/c start "init" "'+fn+'"'+' init '+fn+' '+WSH.Arguments(1);
WSH.CreateObject("Shell.Application").ShellExecute('cmd.exe',console_init_shift,"","runas",1); }
if (WSH.Arguments.length>=1 && WSH.Arguments(0)=="get_rights") get_rights(WSH.ScriptFullName);
//
goto="init" /* %~nx0
:: unified v9 final builds: Notifications = low block, Installs = medium block, Downloads = high block, Service = full block
:: v9.1: removed desktop right-click context menu, it was not intended for this set-it-and-forget-it build - just run again to undo
:: v9.2: add a DefenderUpdate 4-hours scheduled task (if automatic updates are disabled, Defender update on it's own just daily)
::----------------------------------------------------------------------------------------------------------------------------------
:about Consider using the much safer and convenient windows_update_toggle.bat instead!
::----------------------------------------------------------------------------------------------------------------------------------
title Windows Update Toggle
call :check_status
echo.
echo ---------------------------------------------------------------------
echo : Windows Update Notifications-only Toggle v9.2 :
echo :---------------------------------------------------------------------:
echo : Block updates just from notifying and rebooting [Low] :
echo : Manual Update, Store and Defender protection updates all work :
echo : Just run this script again to toggle on/off :
echo : :
echo : Currently: %STATUS%%_% :
echo : :
echo : Press Alt+F4 to cancel Always run latest version :
echo ---------------------------------------------------------------------
echo Installs and Downloads complete builds available: https://git.io/vx2et
echo.
exit/b
:: What could go wrong: nothing!
::----------------------------------------------------------------------------------------------------------------------------------
:main [ Batch main function ]
::----------------------------------------------------------------------------------------------------------------------------------
set "build=Notifications" &set "xnotify=" &set "xerr=" &set "xupd=" &set "xopt=" &color 07 &call :about &timeout /t 10
:: notification blocking
set "xnotify=%xnotify% MusNotification MusNotifyIcon" || Tasks\Microsoft\Windows\UpdateOrchestrator ESSENTIAL!
set "xnotify=%xnotify% UpdateNotificationMgr UNPUXLauncher UNPUXHost" || Tasks\Microsoft\Windows\UNP
set "xnotify=%xnotify% Windows10UpgraderApp DWTRIG20 DW20 GWX" || Windows10Upgrade
:: error reporting blocking
set "xerr=%xerr% wermgr WerFault WerFaultSecure DWWIN" || Tasks\Microsoft\Windows\Windows Error Reporting
:: diag - optional blocking of diagnostics / telemetry
rem set "xopt=%xopt% compattelrunner" || Tasks\Microsoft\Windows\Application Experience
rem set "xopt=%xopt% dstokenclean appidtel" || Tasks\Microsoft\Windows\ApplicationData
rem set "xopt=%xopt% wsqmcons" || Tasks\Microsoft\Windows\Customer Experience Improvement Prg
rem set "xopt=%xopt% dusmtask" || Tasks\Microsoft\Windows\DUSM
rem set "xopt=%xopt% dmclient" || Tasks\Microsoft\Windows\Feedback\Siuf
rem set "xopt=%xopt% DataUsageLiveTileTask" || Tasks\{SID}\DataSenseLiveTileTask
rem set "xopt=%xopt% DiagnosticsHub.StandardCollector.Service" || System32\DiagSvcs
rem set "xopt=%xopt% HxTsr" || WindowsApps\microsoft.windowscommunicationsapps
:: other - optional blocking of other tools
rem set "xopt=%xopt% PilotshubApp" || WindowsApps\Microsoft.WindowsFeedbackHub_
rem set "xopt=%xopt% SpeechModelDownload SpeechRuntime" || Tasks\Microsoft\Windows\Speech RECOMMENDED
rem set "xopt=%xopt% LocationNotificationWindows WindowsActionDialog" || Tasks\Microsoft\Windows\Location
rem set "xopt=%xopt% DFDWiz disksnapshot" || Tasks\Microsoft\Windows\DiskFootprint
::----------------------------------------------------------------------------------------------------------------------------------
:: all_entries - used to cleanup orphaned / commented entries between script versions
set e1=TiWorker UsoClient wuauclt wusa WaaSMedic SIHClient WindowsUpdateBox GetCurrentRollback WinREBootApp64 WinREBootApp32
set e2=MusNotification MusNotifyIcon UpdateNotificationMgr UNPUXLauncher UNPUXHost Windows10UpgraderApp DWTRIG20 DW20 GWX wuapihost
set e3=wermgr WerFault WerFaultSecure DWWIN compattelrunner dstokenclean appidtel wsqmcons dusmtask dmclient DataUsageLiveTileTask
set e4=DiagnosticsHub.StandardCollector.Service HxTsr PilotshubApp SpeechModelDownload SpeechRuntime LocationNotificationWindows
set e5=WindowsActionDialog DFDWiz disksnapshot TrustedInstaller
set all_entries=%e1% %e2% %e3% %e4% %e5% & set exe=%xnotify% %xerr% %xupd% %xopt%
:: Cleanup orphaned / commented items between script versions
echo.
for %%C in (%all_entries%) do call :cleanup_orphaned %%C
echo.
:: Toggle execution via IFEO
set/a "bl=0" & set/a "unbl=0" & set "REGISTRY_MISMATCH=echo [REGISTRY MISMATCH CORRECTED] & echo."
for %%a in (%exe%) do call :ToggleExecution "%ifeo%\%%a.exe"
if %bl% gtr 0 if %unbl% gtr 0 %REGISTRY_MISMATCH% & for %%a in (%exe%) do call :ToggleExecution "%ifeo%\%%a.exe" forced
echo.
call :check_status
:: Undo v9 right-click desktop menu and clean after other batch files in the suite
(reg delete "HKEY_CLASSES_ROOT\DesktopBackground\Shell\WindowsUpdate" /f &del /f /q "%systemroot%\WindowsUpdate.cmd") >nul 2>nul
rem :: Generate WindowsUpdate.cmd script to update manually
rem pushd "%systemroot%" & set wu=WindowsUpdate.cmd
rem >%wu% echo/goto="init" /*
rem >>%wu% echo/:main Windows Update %build% Toggle - Desktop right-click menu entry [ https://git.io/vx2et ]
rem >>%wu% echo/set "ifeo=HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options"
rem >>%wu% echo/reg query "%%ifeo%%\MusNotification.exe" /v Debugger 1^>nul 2^>nul ^&^& set "STATUS=OFF" ^|^| set "STATUS=ON!"
rem >>%wu% echo/set "dmy=%%systemroot%%\System32\systray.exe" ^&set "exe=%exe%"
rem >>%wu% echo/if "%%STATUS%%"=="OFF" for %%%%a in ^(%%exe%%^) do reg delete "%%ifeo%%\%%%%a.exe" /v "Debugger" /f ^>nul 2^>nul
rem >>%wu% echo/if "%%STATUS%%"=="ON!" for %%%%a in ^(%%exe%%^) do reg add "%%ifeo%%\%%%%a.exe" /v "Debugger" /d "%%dmy%%" /f ^>nul
rem >>%wu% echo/if "%%STATUS%%"=="ON!" for %%%%a in ^(%%exe%%^) do taskkill /IM %%%%a.exe /t /f ^>nul 2^>nul
rem >>%wu% echo/reg query "%%ifeo%%\MusNotification.exe" /v Debugger 1^>nul 2^>nul ^&^& set "STATUS=OFF" ^|^| set "STATUS=ON!"
rem >>%wu% echo/set "key=HKEY_CLASSES_ROOT\DesktopBackground\Shell\WindowsUpdate"
rem >>%wu% echo/reg add "%%key%%" /v "MUIVerb" /d "Windows Update %build% : %%STATUS%%" /f ^>nul 2^>nul
rem >>%wu% echo/echo. ^&echo Windows Update %build% now: %%STATUS%%
rem >>%wu% echo/schtasks /Run /TN DefenderUpdate ^>nul 2^>nul
rem >>%wu% echo/timeout /t 6 ^>nul ^& exit
rem >>%wu% echo/:"init"
rem >>%wu% echo/@echo off ^&title Windows Update ^&mode 80,4 ^&color 1f ^&setlocal ^&if "%%1"=="init" shift ^&shift ^&goto :main
rem >>%wu% echo/reg query "HKEY_USERS\S-1-5-20\Environment" /v temp 1^>nul 2^>nul ^&^& goto :main ^|^| echo. ^&echo Requesting rights..
rem >>%wu% echo/call cscript /nologo /e:JScript "%%~f0" get_rights "%%1" ^& exit *^/
rem >>%wu% echo/function get_rights^(fn^) { var console_init_shift='/c start "init" "'+fn+'"'+' init '+fn+' '+WSH.Arguments^(1^);
rem >>%wu% echo/ WSH.CreateObject^("Shell.Application"^).ShellExecute^('cmd.exe',console_init_shift,"","runas",1^); }
rem >>%wu% echo/if ^(WSH.Arguments.length^>=1 ^&^& WSH.Arguments^(0^)=="get_rights"^) get_rights^(WSH.ScriptFullName^);
rem takeown /f %wu% >nul 2>nul &icacls %wu% /grant %username%:F >nul 2>nul
rem if "%STATUS%"=="OFF" del /f /q %wu% >nul 2>nul
rem :: Add Desktop right-click entry [Windows Update] to update manually
rem set "key=HKEY_CLASSES_ROOT\DesktopBackground\Shell\WindowsUpdate"
rem reg delete "%key%" /f >nul 2>nul
rem reg add "%key%" /v "MUIVerb" /d "Windows Update %build% : OFF" /f >nul 2>nul
rem reg add "%key%" /v "Icon" /d "appwiz.cpl,5" /f >nul 2>nul
rem reg add "%key%" /v "Position" /d "Bottom" /f >nul 2>nul
rem reg add "%key%\command" /ve /d "%systemroot%\WindowsUpdate.cmd" >nul 2>nul
rem if "%STATUS%"=="OFF" reg delete "%key%" /f >nul 2>nul
:: Add a DefenderUpdate scheduled task every 4-hours
set "defu=cmd.exe /c pushd \"%%ProgramFiles%%\Windows Defender\""
set "defu=%defu% & MpCmdRun.exe -removedefinitions -dynamicsignatures"
set "defu=%defu% & MpCmdRun.exe -SignatureUpdate"
schtasks /Delete /TN DefenderUpdate /f >nul 2>nul
if "%STATUS%"=="OFF" schtasks /Create /RU "System" /sc MINUTE /MO 240 /TN DefenderUpdate /TR "%defu%" /ST "12:00:00" /NP >nul 2>nul
if "%STATUS%"=="OFF" schtasks /Run /TN DefenderUpdate >nul 2>nul
:: Done!
echo ---------------------------------------------------------------------
if "%STATUS%"=="OFF" ( color 0c &echo Windows Update %build% now: OFF ) else color 0b &echo Windows Update %build% now: ON!
rem if "%STATUS%"=="OFF" ( echo Use Desktop right-click menu to toggle.. ) else echo Desktop right-click menu removed..
echo ---------------------------------------------------------------------
echo.
pause
exit
::----------------------------------------------------------------------------------------------------------------------------------
:: Utility functions
::----------------------------------------------------------------------------------------------------------------------------------
:check_status
set "ifeo=HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options"
reg query "%ifeo%\MusNotification.exe" /v Debugger 1>nul 2>nul && set "STATUS=OFF" || set "STATUS=ON!"
set "_= " &if "%STATUS%"=="OFF" ( color 0c ) else color 0b
exit/b
:cleanup_orphaned %1:[entry to check, used internally] %2:[anytext=silent]
call set "orphaned=%%exe:%1=%%" & set "okey="%ifeo%\%1.exe""
if /i "%orphaned%"=="%exe%" reg delete %okey% /v "Debugger" /f >nul 2>nul & if /i ".%2"=="." echo %1 not selected..
exit/b
:ToggleExecution %1:[regpath] %2:[optional "forced"]
set "dummy=%windir%\System32\systray.exe" & rem allow dummy process creation to limit errors
if "%STATUS%_%2"=="OFF_forced" reg delete "%~1" /v "Debugger" /f >nul 2>nul & exit/b
if "%STATUS%_%2"=="ON!_forced" reg add "%~1" /v Debugger /d "%dummy%" /f >nul 2>nul & exit/b
reg query "%~1" /v Debugger 1>nul 2>nul && set "isBlocked=1" || set "isBlocked="
if defined isBlocked reg delete "%~1" /v "Debugger" /f >nul 2>nul & set/a "unbl+=1" & echo %~n1 un-blocked! & exit/b
reg add "%~1" /v Debugger /d "%dummy%" /f >nul 2>nul & set/a "bl+=1" & echo %~n1 blocked! & taskkill /IM %~n1 /t /f >nul 2>nul
exit/b
::----------------------------------------------------------------------------------------------------------------------------------
:"init" [ Batch entry function ]
::----------------------------------------------------------------------------------------------------------------------------------
@echo off & cls & setlocal & if "%1"=="init" shift &shift & goto :main &rem Admin self-restart flag found, jump to main
reg query "HKEY_USERS\S-1-5-20\Environment" /v temp 1>nul 2>nul && goto :main || call :about 0c & echo Requesting admin rights..
call cscript /nologo /e:JScript "%~f0" get_rights "%1" & exit
::----------------------------------------------------------------------------------------------------------------------------------
*/ // [ JScript functions ] all batch lines above are treated as a /* js comment */ in cscript
function get_rights(fn) { var console_init_shift='/c start "init" "'+fn+'"'+' init '+fn+' '+WSH.Arguments(1);
WSH.CreateObject("Shell.Application").ShellExecute('cmd.exe',console_init_shift,"","runas",1); }
if (WSH.Arguments.length>=1 && WSH.Arguments(0)=="get_rights") get_rights(WSH.ScriptFullName);
//
@echo off &title Windows Update Reboot Toggle
reg query "HKEY_USERS\S-1-5-20\Environment" /v TEMP >nul 2>nul || goto need_admin_rights
set "updatetasks=HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator"
call :check_status "%updatetasks%\Reboot"
echo.
echo ---------------------------------------------------------------------
echo : Windows Update Reboot Toggle v4.2 :
echo :---------------------------------------------------------------------:
echo : Prevent protected reboot and wake to run tasks without disabling WU :
echo : Just run this script again to toggle tasks on/off :
echo : :
echo : Currently: %STATUS%%_% :
echo : :
echo : Press Alt+F4 to cancel Always run latest version :
echo ---------------------------------------------------------------------
echo All-around Windows Update Toggle available at https://git.io/vx2et
echo.
timeout /t 10 &echo.
:: Use TakeKeyOwnership snippet to unprotect UpdateOrchestrator task cache registry keys
reg add "%updatetasks%" /v checkrights /d 1 /f >nul 2>nul
reg delete "%updatetasks%" /v checkrights /f >nul 2>nul || call :reg_takeownership "%updatetasks%"
reg delete "%updatetasks%" /v checkrights /f >nul 2>nul
:: Toggle Reboot task
call :toggle_task "%updatetasks%\Reboot"
:: Toggle Schedule Retry Scan task
call :toggle_task "%updatetasks%\Schedule Retry Scan"
:: Update status
call :check_status "%updatetasks%\Reboot"
echo.
:: Done!
echo ----------------------------------
if "%STATUS%"=="OFF" ( echo Windows Update RebootTask now: OFF ) else echo Windows Update RebootTask now: ON!
echo ----------------------------------
echo.
pause
exit
::----------------------------------------------------------------------------------------------------------------------------------
:: Utility functions
::----------------------------------------------------------------------------------------------------------------------------------
:check_status %1:TaskCache entry in registry
reg query %1 /v "Id_OFF" >nul 2>nul && set "STATUS=OFF" || set "STATUS=ON!"
set "_= " &if "%STATUS%"=="OFF" ( color 0c ) else color 0b
exit/b
:toggle_task %1:TaskCache entry in registry
reg query %1 /v "Id_OFF" >nul 2>nul && set "isOFF=1" || set "isOFF="
reg query %1 /v "Id" >nul 2>nul && set "isOFF=" || set "isOFF=1"
if defined isOFF ( call :reg_query %1 "Id_OFF" ID_BACKUP ) else call :reg_query %1 "Id" ID_BACKUP
if defined isOFF ( reg delete %1 /v "Id_OFF" /f &reg add %1 /v "Id" /d %ID_BACKUP% /f )
if not defined isOFF ( reg delete %1 /v "Id" /f &reg add %1 /v "Id_OFF" /d %ID_BACKUP% /f )
exit/b
:reg_takeownership %1:regkey[ex:"HKCU\Console"] %2:_user[optional, default:"Administrators"] %3:_recursive[optional, default:""]
set "s10=$dll0='[DllImport(''ntdll.dll'')]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);'; $ntdll="
set "s11=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)};"
set "s12=function Reg_TakeOwnership { param($hive, $key, $own, $inherit=$false);"
set "s13= $reg=[Microsoft.Win32.Registry]::$hive.OpenSubKey($key,'ReadWriteSubTree','TakeOwnership');"
set "s14= $acl=New-Object System.Security.AccessControl.RegistrySecurity; $acl.SetOwner($own); $reg.SetAccessControl($acl);"
set "s15= $acl.SetAccessRuleProtection($false,$false);$reg.SetAccessControl($acl);"
set "s16= $reg=$reg.OpenSubKey('','ReadWriteSubTree','ChangePermissions'); if($inherit){"
set "s17= $rule=New-Object System.Security.AccessControl.RegistryAccessRule($own,'FullControl','ContainerInherit','None','Allow');"
set "s18= $acl.ResetAccessRule($rule);$reg.SetAccessControl($acl);} }; $rk=$regkey -split '\\\\',2; $key=$rk[1];"
set "s19=switch -regex ($rk[0]) { '[mM]'{$HK='LocalMachine'};'[uU]'{$HK='CurrentUser'}; default {$HK='ClassesRoot'}; }; $HK; $key;"
set "s20=if($user -eq ''){$user='Administrators'}; [System.Security.Principal.NTAccount]$owner=$user; $rcsv=($recursive -ne '');"
set "s21=Reg_TakeOwnership $HK $key $owner $true; if($rcsv){$r=[Microsoft.Win32.Registry]::$HK.OpenSubKey($key);"
set "s22=foreach($sk in $r.GetSubKeyNames()){$sk; try{ Reg_TakeOwnership $HK $($key+'\\'+$sk) $owner }catch{} }} "
setlocal &for /l %%# in (10,1,22) do call set "ps_RegTakeOwnership=%%ps_RegTakeOwnership%%%%s%%#:'=\"%%"
powershell.exe -c " $regkey='%~1';$user='%~2';$recursive='%~3'; %ps_RegTakeOwnership%;"
exit/b AveYo: call :reg_takeownership "HKLM\MyKey" "NT Service\TrustedInstaller"
:reg_query %1:KeyName %2:ValueName %3:OutputVariable %4:other_options[example: "/t REG_DWORD"]
setlocal & for /f "skip=2 delims=" %%s in ('reg query "%~1" /v "%~2" /z 2^>nul') do set "rq=%%s" & call set "rv=%%rq:*) =%%"
endlocal & set "%~3=%rv%" & exit/b AveYo: call :reg_query "HKCU\MyKey" "MyValue" MyVar
:need_admin_rights
color 0c&echo. &echo PERMISSION DENIED! Right-click %~nx0 ^& Run as administrator &timeout /t 60 &color 0f&title %COMSPEC% &exit/b
::end
goto="init" /* %~nx0
:: unified v9 final builds: Notifications = low block, Installs = medium block, Downloads = high block, Service = full block
:: v9.1: add a DefenderUpdate 4-hours scheduled task (if automatic updates are disabled, Defender can fail updating on it's own)
:: v9.2: switch wuauserv to own process for more reliable on-demand start
::----------------------------------------------------------------------------------------------------------------------------------
:about Consider using the much safer and convenient windows_update_toggle.bat instead!
::----------------------------------------------------------------------------------------------------------------------------------
title Windows Update Toggle
call :check_status
echo.
echo ---------------------------------------------------------------------
echo : Windows Update Service Toggle v9.2 :
echo :---------------------------------------------------------------------:
echo : Block wuauserv from even checking [Full] :
echo : Store and Defender protection updates don't work - get another AV :
echo : Use Desktop right-click context menu entry to toggle :
echo : :
echo : Currently: %STATUS%%_% :
echo : :
echo : Press Alt+F4 to cancel Always run latest version :
echo ---------------------------------------------------------------------
echo Installs and Notifications only builds available: https://git.io/vx2et
echo.
exit/b
:: What could go wrong: nothing - simply run the script again to undo. Windows Update troubleshooter can do the rest
::----------------------------------------------------------------------------------------------------------------------------------
:main [ Batch main function ]
::----------------------------------------------------------------------------------------------------------------------------------
set "build=Service" &set "xnotify=" &set "xerr=" &set "xupd=" &set "xopt=" &color 07 &call :about &timeout /t 10
:: notification blocking
set "xnotify=%xnotify% MusNotification MusNotifyIcon" || Tasks\Microsoft\Windows\UpdateOrchestrator ESSENTIAL!
set "xnotify=%xnotify% UpdateNotificationMgr UNPUXLauncher UNPUXHost" || Tasks\Microsoft\Windows\UNP
set "xnotify=%xnotify% Windows10UpgraderApp DWTRIG20 DW20 GWX" || Windows10Upgrade
:: error reporting blocking
set "xerr=%xerr% wermgr WerFault WerFaultSecure DWWIN" || Tasks\Microsoft\Windows\Windows Error Reporting
:: diag - optional blocking of diagnostics / telemetry
rem set "xopt=%xopt% compattelrunner" || Tasks\Microsoft\Windows\Application Experience
rem set "xopt=%xopt% dstokenclean appidtel" || Tasks\Microsoft\Windows\ApplicationData
rem set "xopt=%xopt% wsqmcons" || Tasks\Microsoft\Windows\Customer Experience Improvement Prg
rem set "xopt=%xopt% dusmtask" || Tasks\Microsoft\Windows\DUSM
rem set "xopt=%xopt% dmclient" || Tasks\Microsoft\Windows\Feedback\Siuf
rem set "xopt=%xopt% DataUsageLiveTileTask" || Tasks\{SID}\DataSenseLiveTileTask
rem set "xopt=%xopt% DiagnosticsHub.StandardCollector.Service" || System32\DiagSvcs
rem set "xopt=%xopt% HxTsr" || WindowsApps\microsoft.windowscommunicationsapps
:: other - optional blocking of other tools
rem set "xopt=%xopt% PilotshubApp" || WindowsApps\Microsoft.WindowsFeedbackHub_
rem set "xopt=%xopt% SpeechModelDownload SpeechRuntime" || Tasks\Microsoft\Windows\Speech RECOMMENDED
rem set "xopt=%xopt% LocationNotificationWindows WindowsActionDialog" || Tasks\Microsoft\Windows\Location
rem set "xopt=%xopt% DFDWiz disksnapshot" || Tasks\Microsoft\Windows\DiskFootprint
::----------------------------------------------------------------------------------------------------------------------------------
:: all_entries - used to cleanup orphaned / commented entries between script versions
set e1=TiWorker UsoClient wuauclt wusa WaaSMedic SIHClient WindowsUpdateBox GetCurrentRollback WinREBootApp64 WinREBootApp32
set e2=MusNotification MusNotifyIcon UpdateNotificationMgr UNPUXLauncher UNPUXHost Windows10UpgraderApp DWTRIG20 DW20 GWX wuapihost
set e3=wermgr WerFault WerFaultSecure DWWIN compattelrunner dstokenclean appidtel wsqmcons dusmtask dmclient DataUsageLiveTileTask
set e4=DiagnosticsHub.StandardCollector.Service HxTsr PilotshubApp SpeechModelDownload SpeechRuntime LocationNotificationWindows
set e5=WindowsActionDialog DFDWiz disksnapshot TrustedInstaller
set all_entries=%e1% %e2% %e3% %e4% %e5% & set exe=%xnotify% %xerr% %xupd% %xopt%
:: Cleanup orphaned / commented items between script versions
echo.
for %%C in (%all_entries%) do call :cleanup_orphaned %%C
echo.
:: Toggle execution via IFEO
set/a "bl=0" & set/a "unbl=0" & set "REGISTRY_MISMATCH=echo [REGISTRY MISMATCH CORRECTED] & echo."
for %%a in (%exe%) do call :ToggleExecution "%ifeo%\%%a.exe"
if %bl% gtr 0 if %unbl% gtr 0 %REGISTRY_MISMATCH% & for %%a in (%exe%) do call :ToggleExecution "%ifeo%\%%a.exe" forced
echo.
call :check_status
:: Block wuauserv via clever sc method - survives update troubleshooter
if "%STATUS%"=="OFF" ( set "wuauserv=svchost.exe" ) else set "wuauserv=svchost.exe -k netsvcs"
net stop wuauserv /y &sc config wuauserv binPath= "%%systemroot%%\system32\%wuauserv%" type= own>nul 2>nul
echo.
:: Generate WindowsUpdate.cmd script to update manually
pushd "%systemroot%" & set wu=WindowsUpdate.cmd
>%wu% echo/goto="init" /*
>>%wu% echo/:main Windows Update %build% Toggle - Desktop right-click menu entry [ https://git.io/vx2et ]
>>%wu% echo/set "ifeo=HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options"
>>%wu% echo/reg query "%%ifeo%%\MusNotification.exe" /v Debugger 1^>nul 2^>nul ^&^& set "STATUS=OFF" ^|^| set "STATUS=ON!"
>>%wu% echo/set "dmy=%%systemroot%%\System32\systray.exe" ^&set "exe=%exe%"
>>%wu% echo/if "%%STATUS%%"=="OFF" for %%%%a in ^(%%exe%%^) do reg delete "%%ifeo%%\%%%%a.exe" /v "Debugger" /f ^>nul 2^>nul
>>%wu% echo/if "%%STATUS%%"=="ON!" for %%%%a in ^(%%exe%%^) do reg add "%%ifeo%%\%%%%a.exe" /v "Debugger" /d "%%dmy%%" /f ^>nul
>>%wu% echo/if "%%STATUS%%"=="ON!" for %%%%a in ^(%%exe%%^) do taskkill /IM %%%%a.exe /t /f ^>nul 2^>nul
>>%wu% echo/net stop wuauserv /y ^>nul 2^>nul ^&timeout /t 2 ^>nul
>>%wu% echo/if "%%STATUS%%"=="OFF" ^( set "wuauserv=svchost.exe -k netsvcs" ^) else set "wuauserv=svchost.exe"
>>%wu% echo/sc config wuauserv binPath= "%%%%systemroot%%%%\system32\%%wuauserv%%" type= own^>nul 2^>nul ^&timeout /t 2 ^>nul
>>%wu% echo/if "%%STATUS%%"=="OFF" net start wuauserv ^&timeout /t 2 ^>nul
>>%wu% echo/reg query "%%ifeo%%\MusNotification.exe" /v Debugger 1^>nul 2^>nul ^&^& set "STATUS=OFF" ^|^| set "STATUS=ON!"
>>%wu% echo/set "key=HKEY_CLASSES_ROOT\DesktopBackground\Shell\WindowsUpdate"
>>%wu% echo/reg add "%%key%%" /v "MUIVerb" /d "Windows Update %build% : %%STATUS%%" /f ^>nul 2^>nul
>>%wu% echo/echo. ^&echo Windows Update %build% now: %%STATUS%%
>>%wu% echo/schtasks /Run /TN DefenderUpdate ^>nul 2^>nul
>>%wu% echo/timeout /t 6 ^>nul ^& exit
>>%wu% echo/:"init"
>>%wu% echo/@echo off ^&title Windows Update ^&mode 80,4 ^&color 1f ^&setlocal ^&if "%%1"=="init" shift ^&shift ^&goto :main
>>%wu% echo/reg query "HKEY_USERS\S-1-5-20\Environment" /v temp 1^>nul 2^>nul ^&^& goto :main ^|^| echo. ^&echo Requesting rights..
>>%wu% echo/call cscript /nologo /e:JScript "%%~f0" get_rights "%%1" ^& exit *^/
>>%wu% echo/function get_rights^(fn^) { var console_init_shift='/c start "init" "'+fn+'"'+' init '+fn+' '+WSH.Arguments^(1^);
>>%wu% echo/ WSH.CreateObject^("Shell.Application"^).ShellExecute^('cmd.exe',console_init_shift,"","runas",1^); }
>>%wu% echo/if ^(WSH.Arguments.length^>=1 ^&^& WSH.Arguments^(0^)=="get_rights"^) get_rights^(WSH.ScriptFullName^);
takeown /f %wu% >nul 2>nul &icacls %wu% /grant %username%:F >nul 2>nul
if "%STATUS%"=="ON!" del /f /q %wu% >nul 2>nul
:: Add Desktop right-click entry [Windows Update] to update manually
set "key=HKEY_CLASSES_ROOT\DesktopBackground\Shell\WindowsUpdate"
reg delete "%key%" /f >nul 2>nul
reg add "%key%" /v "MUIVerb" /d "Windows Update %build% : OFF" /f >nul 2>nul
reg add "%key%" /v "Icon" /d "appwiz.cpl,5" /f >nul 2>nul
reg add "%key%" /v "Position" /d "Bottom" /f >nul 2>nul
reg add "%key%\command" /ve /d "%systemroot%\WindowsUpdate.cmd" >nul 2>nul
if "%STATUS%"=="ON!" reg delete "%key%" /f >nul 2>nul
:: Add a DefenderUpdate scheduled task every 4-hours
set "defu=cmd.exe /c pushd \"%%ProgramFiles%%\Windows Defender\""
set "defu=%defu% & MpCmdRun.exe -removedefinitions -dynamicsignatures"
set "defu=%defu% & MpCmdRun.exe -SignatureUpdate"
schtasks /Delete /TN DefenderUpdate /f >nul 2>nul
if "%STATUS%"=="OFF" schtasks /Create /RU "System" /sc MINUTE /MO 240 /TN DefenderUpdate /TR "%defu%" /ST "12:00:00" /NP >nul 2>nul
if "%STATUS%"=="OFF" schtasks /Run /TN DefenderUpdate >nul 2>nul
:: Done!
echo ---------------------------------------------------------------------
if "%STATUS%"=="OFF" ( color 0c &echo Windows Update %build% now: OFF ) else color 0b &echo Windows Update %build% now: ON!
if "%STATUS%"=="OFF" ( echo Use Desktop right-click menu to toggle.. ) else echo Desktop right-click menu removed..
echo ---------------------------------------------------------------------
echo.
pause
exit
::----------------------------------------------------------------------------------------------------------------------------------
:: Utility functions
::----------------------------------------------------------------------------------------------------------------------------------
:check_status
set "ifeo=HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options"
reg query "%ifeo%\MusNotification.exe" /v Debugger 1>nul 2>nul && set "STATUS=OFF" || set "STATUS=ON!"
set "_= " &if "%STATUS%"=="OFF" ( color 0c ) else color 0b
exit/b
:cleanup_orphaned %1:[entry to check, used internally] %2:[anytext=silent]
call set "orphaned=%%exe:%1=%%" & set "okey="%ifeo%\%1.exe""
if /i "%orphaned%"=="%exe%" reg delete %okey% /v "Debugger" /f >nul 2>nul & if /i ".%2"=="." echo %1 not selected..
exit/b
:ToggleExecution %1:[regpath] %2:[optional "forced"]
set "dummy=%windir%\System32\systray.exe" & rem allow dummy process creation to limit errors
if "%STATUS%_%2"=="OFF_forced" reg delete "%~1" /v "Debugger" /f >nul 2>nul & exit/b
if "%STATUS%_%2"=="ON!_forced" reg add "%~1" /v Debugger /d "%dummy%" /f >nul 2>nul & exit/b
reg query "%~1" /v Debugger 1>nul 2>nul && set "isBlocked=1" || set "isBlocked="
if defined isBlocked reg delete "%~1" /v "Debugger" /f >nul 2>nul & set/a "unbl+=1" & echo %~n1 un-blocked! & exit/b
reg add "%~1" /v Debugger /d "%dummy%" /f >nul 2>nul & set/a "bl+=1" & echo %~n1 blocked! & taskkill /IM %~n1 /t /f >nul 2>nul
exit/b
::----------------------------------------------------------------------------------------------------------------------------------
:"init" [ Batch entry function ]
::----------------------------------------------------------------------------------------------------------------------------------
@echo off & cls & setlocal & if "%1"=="init" shift &shift & goto :main &rem Admin self-restart flag found, jump to main
reg query "HKEY_USERS\S-1-5-20\Environment" /v temp 1>nul 2>nul && goto :main || call :about 0c & echo Requesting admin rights..
call cscript /nologo /e:JScript "%~f0" get_rights "%1" & exit
::----------------------------------------------------------------------------------------------------------------------------------
*/ // [ JScript functions ] all batch lines above are treated as a /* js comment */ in cscript
function get_rights(fn) { var console_init_shift='/c start "init" "'+fn+'"'+' init '+fn+' '+WSH.Arguments(1);
WSH.CreateObject("Shell.Application").ShellExecute('cmd.exe',console_init_shift,"","runas",1); }
if (WSH.Arguments.length>=1 && WSH.Arguments(0)=="get_rights") get_rights(WSH.ScriptFullName);
//
@set @version=10.1 /* &title Windows Update Toggle
@echo off
echo.
echo ---------------------------------------------------------------------
echo : Windows Update Toggle v10.1 :
echo :---------------------------------------------------------------------:
echo : Block/Enable Upgrades, Installs, Downloads, Service :
echo : Disable/Enable Reports, Speech, SearchUI, Defender :
echo : Hide/Unhide/Apply update lists with count and max size :
echo : Preset Defender updates and Store downloads working :
echo : :
echo : Toggle from the comfort of Desktop right-click context menu :
echo ---------------------------------------------------------------------
echo.
:: 2018-05-15 v10.1: streamlined toggling with a nicer gui
:: Focus set on Defender updates working independently from windows mayhem automatic updates
:: so this script will not sacrifice built-in protection layer, unlike most other -DIY- updates "management" just killing wuauserv
:: Update lists will be refreshed whenever Windows would nag -and-force-reboot- via MusNotification (hijacked)
:: had to use separate context menus for each category due to limitation of max 16 cascading items.. tx bill gates, 2018
:: if Defender protection updates are detected in the Apply list, a manual signature update is set to trigger
:: SearchUI option will disable start menu search - obviously, but you can use Classic Shell instead to have it working
:: Disable option provided for wuauserv, but not recommended since a lot of stuff depends on it
:: Mostly IFEO safe blocking with no destructive changes of ownership, deleting files, removing tasks, or over-blocking
:: Troubleshooter option will just revert blocking done by this and former suite scripts; launches official update troubleshooter
:: If blocking caused an unlikely logon issue, do advanced startup-troubleshoot-commandprompt and run WUTUndo.bat from C:\Windows
:: There is a lot of ping-pong in the backend between CMD and WScript to bypass popups and prompts, yet neatly structured script
:: AveYo, 2018-05-13
if %1.==. timeout /t 10 &call wscript /e:JScript "%~f0" runas setup &exit &rem : no arguments, run setup elevated
if %1.==shift. shift &shift &rem : if loaded by WScript, shift args to prevent loop and restore %0
if %1.==. echo ERROR! &timeout /t 5 &exit/b : must have at least one arg
:: Setup executable blocking via ifeo
set notifier=EOSNotify MusNotification
set upgrader=Windows10UpgraderApp Windows10Upgrade WindowsUpdateBox SetupHost setupprep
set installer=wuauclt
set reporter=wermgr wsqmcons DiagTrackRunner DiagnosticsHub.StandardCollector.Service CompatTelRunner
set speecher=SpeechRuntime SpeechModelDownload
set searcher=SearchUI
set "exe=%notifier% %upgrader% %installer% %reporter%"
set "noop=%SystemRoot%\system32\systray.exe"
set "ifeo=HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options"
set "wut=HKCR\DesktopBackground\shell\WUT"
set "menu=%wut%\shell"
set "f0=%SystemRoot%\windows_update_toggle.bat"
set ".=>nul 2>nul"
set "verbose="
for /f "tokens=2 delims=1234567890" %%# in ('shutdown /?^|findstr /bc:"E"') do set "[T]=%%#" &rem : cosmetic usage in menus
if defined verbose (echo on &set ".=" &set "window=") else set "window=hide"
call :%~1 %2 %3 %4 %5 %6 %7 %8 %9 &rem : launch secondary functions below dinamically, passing next args
echo.
echo Done! Use the Desktop right-click context menu to toggle, renew or uninstall
if "%~1"=="setup" (pause) else if defined verbose timeout /t 5
exit/b : End of main script, functions below
::---------------------------------------------------------------------------------------------------------------------------------
:refresh context menu
echo %0 %*
call :reg_query "HKLM\SOFTWARE\WUT.bat" NoBlock noblock
if "%noblock%"=="Enable" exit/b
call :reg_query "%wut%0pending" MUIVerb pending
if defined pending exit/b
for %%# in ("1hide" "2unhide" "3apply") do reg delete "%wut%%%~#" /f %.%
reg add "%wut%0pending" /v MUIVerb /d "Pending.." /f %.%
reg add "%wut%0pending" /v Icon /d "ieframe.dll,11" /f %.%
reg add "%wut%0pending" /v SubCommands /d "" /f %.%
call :reg_query "HKLM\SOFTWARE\WUT.bat" NoRefresh norefresh
if "%norefresh%"=="Disable" (set "toggle=39") else set "toggle=38"
reg add "%menu%\2Lists" /v Icon /d "ieframe.dll,%toggle%" /f %.%
if "%norefresh%"=="Disable" start "WUT" wscript /e:JScript "%f0%" WUTRefresh
call :status SetupHost 3Upgrades
call :status wuauclt 4Installs
for /f "tokens=3" %%# in ('sc qc TrustedInstaller ^| find /I "WUTblocked"') do set "blocked=%%#"
if /i "%blocked%"=="[WUTblocked]" (set "toggle=38") else set "toggle=39"
reg add "%menu%\5Downloads" /v Icon /d "ieframe.dll,%toggle%" /f %.%
for /f "tokens=3" %%# in ('sc qc wuauserv ^| find /I "WUTblocked"') do set "blocked=%%#"
if /i "%blocked%"=="rpcss[WUTblocked]" (set "toggle=38") else set "toggle=39"
reg add "%menu%\6Service" /v Icon /d "ieframe.dll,%toggle%" /f %.%
call :status wermgr 81Report
call :status SpeechRuntime 82Speech
call :status SearchUI 83Search
set "defstatus=if((Get-MpPreference).DisableRealtimeMonitoring){write-host 38}else{write-host 39}"
for /f "delims=" %%# in ('call powershell.exe -c "%defstatus%;"') do set "toggle=%%#"
reg add "%menu%\84Defender" /v Icon /d "ieframe.dll,%toggle%" /f %.%
if "%norefresh%"=="Enable" reg delete "%wut%0pending" /f %.%
exit/b
:status %1:exe %2:submenu
call :reg_query "%ifeo%\%~1.exe" Debugger block
if defined block (set "toggle=38") else set "toggle=39"
reg add "%menu%\%~2" /v Icon /d "ieframe.dll,%toggle%" /f %.%
exit/b
:flip %1:exe %2:submenu
call :reg_query "%ifeo%\%~1.exe" Debugger block
if defined block (set "toggle=39") else set "toggle=38"
reg add "%menu%\%~2" /v Icon /d "ieframe.dll,%toggle%" /f %.%
exit/b
:toggle WUT
echo %0 %*
call :reg_query "HKLM\SOFTWARE\WUT.bat" NoBlock noblock
if "%noblock%"=="Disable" (set "toggle=Enable") else set "toggle=Disable"
for %%# in (NoBlock NoRefresh) do reg add "HKLM\SOFTWARE\WUT.bat" /v %%# /d "%toggle%" /f %.%
set "task=wscript.exe /e:JScript \"%f0%\" schtasks WUT"
:: Generate WUT main context menu
for %%# in ("" "0pending" "1hide" "2unhide" "3apply") do reg delete "%wut%%%~#" /f %.%
reg add "%wut%" /v MUIVerb /d "Windows Update Toggle" /f %.%
reg add "%wut%" /v Icon /d "comres.dll,4" /f %.%
reg add "%wut%" /v SubCommands /d "" /f %.%
reg add "%menu%\9Setup" /v MUIVerb /d "Configure WUT v%@version:~0,4%" /f %.%
reg add "%menu%\9Setup" /v SubCommands /d "" /f %.%
reg add "%menu%\9Setup\shell\1Toggle" /v MUIVerb /d "%toggle%" /f %.%
reg add "%menu%\9Setup\shell\2Renew" /v MUIVerb /d "Renew" /f %.%
reg add "%menu%\9Setup\shell\3Remove" /v MUIVerb /d "Remove" /f %.%
reg add "%menu%\9Setup\shell\1Toggle\command" /ve /d "%task%\toggle" /f %.%
reg add "%menu%\9Setup\shell\2Renew\command" /ve /d "%task%\renew" /f %.%
reg add "%menu%\9Setup\shell\3Remove\command" /ve /d "%task%\remove" /f %.%
if "%toggle%"=="Disable" (
reg add "%menu%\1Refresh" /v MUIVerb /d "Refresh" /f %.%
reg add "%menu%\2Lists" /v MUIVerb /d "Lists" /f %.%
reg add "%menu%\3Upgrades" /v MUIVerb /d "Upgrades %[T]% setuphost" /f %.%
reg add "%menu%\4Installs" /v MUIVerb /d "Installs %[T]% wuauclt" /f %.%
reg add "%menu%\5Downloads" /v MUIVerb /d "Downloads ! %[T]% trustedinstaller" /f %.%
reg add "%menu%\6Service" /v MUIVerb /d "Service ! ! %[T]% wuauserv" /f %.%
reg add "%menu%\7Repair" /v MUIVerb /d "Troubleshooter" /f %.%
reg add "%menu%\81Report" /v MUIVerb /d "Report" /f %.%
reg add "%menu%\82Speech" /v MUIVerb /d "Speech" /f %.%
reg add "%menu%\83Search" /v MUIVerb /d "SearchUI" /f %.%
reg add "%menu%\84Defender" /v MUIVerb /d "Defender" /f %.%
reg add "%menu%\1Refresh\command" /ve /d "%task%\refresh" /f %.%
reg add "%menu%\2Lists\command" /ve /d "%task%\lists" /f %.%
reg add "%menu%\3Upgrades\command" /ve /d "%task%\upgrades" /f %.%
reg add "%menu%\4Installs\command" /ve /d "%task%\installs" /f %.%
reg add "%menu%\5Downloads\command" /ve /d "%task%\downloads" /f %.%
reg add "%menu%\6Service\command" /ve /d "%task%\service" /f %.%
reg add "%menu%\7Repair\command" /ve /d "%task%\repair" /f %.%
reg add "%menu%\81Report\command" /ve /d "%task%\report" /f %.%
reg add "%menu%\82Speech\command" /ve /d "%task%\speech" /f %.%
reg add "%menu%\83Search\command" /ve /d "%task%\search" /f %.%
reg add "%menu%\84Defender\command" /ve /d "%task%\defender" /f %.%
)
:: Toggle immersive context-menu crap
::if "%toggle%"=="Disable" set "icm=0x0" else set "icm=0x1"
::reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\FlightedFeatures" /v ImmersiveContextMenu /t REG_DWORD /d %icm% /f %.%
:: Disabling automatic updates hinders Defender, so get definitions from MMPC first
set "DefMUS={MicrosoftUpdateServer|MMPC|InternalDefinitionUpdateServer}"
set "DefMMPC={MMPC|MicrosoftUpdateServer|InternalDefinitionUpdateServer}"
if "%toggle%"=="Enable" ( set "DefSig=%DefMUS%" ) else set "DefSig=%DefMMPC%"
start "WUT:MpPref" wscript /e:JScript "%~f0" cmd "powershell.exe -c `Set-MpPreference -SignatureFallbackOrder %DefSig%;`"
:: Default services
sc config wuauserv type= share depend= rpcss %.%
sc config TrustedInstaller type= own depend= / %.%
:: Toggle ifeo exe blocking
for %%# in (%exe% %speech% %search%) do reg delete "%ifeo%\%%#.exe" /f %.%
if "%toggle%"=="Enable" exit/b WUT disabled, so skip the code below
for %%# in (%exe%) do reg add "%ifeo%\%%#.exe" /v Debugger /d "%noop%" /f %.% &taskkill /im "%%#.exe" /t /f %.%
:: WUTRefresh hijacking
for %%# in (MusNotification EOSNotify) do reg add "%ifeo%\%%#.exe" /v Debugger /d "%SystemRoot%\WUTRefresh.bat" /f %.%
call :refresh menu
exit/b
:hide update
echo %0 %*
call :reg_query "%wut%1hide\shell\%~1" MUIVerb updatefound
echo -%updatefound%
if not defined updatefound exit/b
call wscript /e:JScript "%f0%" hide "%updatefound%"
exit/b
:unhide update
echo %0 %*
call :reg_query "%wut%2unhide\shell\%~1" MUIVerb updatefound
echo -%updatefound%
if not defined updatefound exit/b
call wscript /e:JScript "%f0%" unhide "%updatefound%"
exit/b
:apply update
echo %0 %*
call :reg_query "%wut%3apply\shell\%~1" MUIVerb updatefound
echo -%updatefound%
if not defined updatefound exit/b
:: Cache current blocks status, because Apply will unblock downloads and installs in the WScript stage
call :reg_query "%ifeo%\wuauclt.exe" Debugger installs_blocked
for /f "tokens=3" %%# in ('sc qc TrustedInstaller ^| find /I "WUTblocked"') do set "downloads_blocked=%%#"
call wscript /e:JScript "%f0%" apply "%updatefound%"
:: Restore cached blocks
if defined installs_blocked reg add "%ifeo%\wuauclt.exe" /v Debugger /d "%noop%" /f %.% &taskkill /im "wuauclt.exe" /t /f %.%
if defined downloads_blocked sc config TrustedInstaller type= own depend= [WUTblocked] %.%
exit/b
:lists
echo %0 %*
call :reg_query "HKLM\SOFTWARE\WUT.bat" NoRefresh norefresh
if "%norefresh%"=="Disable" ( set "norefresh=Enable" &set "toggle=38") else set "norefresh=Disable" &set "toggle=39"
reg add "HKLM\SOFTWARE\WUT.bat" /v NoRefresh /d "%norefresh%" /f %.%
reg add "%menu%\2Lists" /v Icon /d "ieframe.dll,%toggle%" /f %.%
if "%norefresh%"=="Enable" (
reg delete "%wut%1hide" /f %.% &reg delete "%wut%2unhide" /f %.% &reg delete "%wut%3apply" /f %.%
reg delete "%wut%0pending" /f %.%
)
call :refresh lists
exit/b
:upgrades
echo %0 %*
call :flip SetupHost 3Upgrades
for %%# in (%upgrader%) do if defined block (
reg delete "%ifeo%\%%#.exe" /f %.%
) else (
reg add "%ifeo%\%%#.exe" /v Debugger /d "%noop%" /f %.% &taskkill /im "%%#.exe" /t /f %.%
)
exit/b
:installs
echo %0 %*
call :flip wuauclt 4Installs
for %%# in (%installer%) do if defined block (
do reg delete "%ifeo%\%%#.exe" /f %.%
) else (
reg add "%ifeo%\%%#.exe" /v Debugger /d "%SystemRoot%\WUTRefresh.bat" /f %.% &taskkill /im "%%#.exe" /t /f %.%
)
if defined block start "wut" wscript /e:JScript "%f0%" WUTRefresh
exit/b
:downloads
echo %0 %*
call :reg_query "%wut%3apply" MUIVerb pending
set "reboot=%pending:reboot=%"
if defined pending if "%pending%"=="%reboot%" set "pending="
if defined pending (
sc config TrustedInstaller type= own depend= / %.%
reg add "%menu%\5Downloads" /v Icon /d "ieframe.dll,11" /f %.%
exit/b
)
for /f "tokens=3" %%# in ('sc qc TrustedInstaller ^| find /I "WUTblocked"') do set "blocked=%%#"
if /i "%blocked%"=="[WUTblocked]" (set "blocked=/" &set "toggle=39") else set "blocked=[WUTblocked]" &set "toggle=38"
reg add "%menu%\5Downloads" /v Icon /d "ieframe.dll,%toggle%" /f %.%
net stop TrustedInstaller /y %.%
for /f "tokens=3" %%# in ('sc queryex TrustedInstaller ^| find /i "PID"') do set "pid=%#"
if not "%pid%"=="0" taskkill /pid %pid% /f %.%
sc config TrustedInstaller type= own depend= %blocked% %.%
if defined block start "wut" wscript /e:JScript "%f0%" WUTRefresh
exit/b
:service
echo %0 %*
for /f "tokens=3" %%# in ('sc qc wuauserv ^| find /I "WUTblocked"') do set "blocked=%%#"
if /i "%blocked%"=="rpcss[WUTblocked]" (set "blocked=rpcss" &set "toggle=39") else set "blocked=rpcss[WUTblocked]" &set "toggle=38"
reg add "%menu%\6Service" /v Icon /d "ieframe.dll,%toggle%" /f %.%
net stop wuauserv /y %.%
for /f "tokens=3" %%# in ('sc queryex wuauserv ^| find /i "PID"') do set "pid=%#"
if not "%pid%"=="0" taskkill /pid %pid% /f %.%
sc config wuauserv type= share depend= %blocked% %.%
if defined block start "wut" wscript /e:JScript "%f0%" WUTRefresh
exit/b
:repair
echo %0 %*
:: Restore services (undo only the changes made by this script, not whatever blocking was done by other means)
sc config wuauserv type= share depend= rpcss %.%
sc config TrustedInstaller type= own depend= / %.%
:: Remove any IFEO blocking done by past scripts
set eo=DiagnosticsHub.StandardCollector.Service WindowsUpdateElevatedInstaller LocationNotificationWindows InstallAgentUserBroker
set eo=%eo% UpdateNotificationMgr DataUsageLiveTileTask Windows10UpgraderApp WindowsActionDialog SpeechModelDownload WerFaultSecure
set eo=%eo% GetCurrentRollback WindowsUpdateBox Windows10Upgrade TrustedInstaller MusNotification DiagTrackRunner CompatTelRunner
set eo=%eo% WinREBootApp64 WinREBootApp32 UNPUXLauncher SpeechRuntime MusNotifyIcon PilotshubApp InstallAgent dstokenclean wsqmcons
set eo=%eo% disksnapshot osrssupdate wuapihost WaaSMedic UsoClient UNPUXHost SIHClient setupprep SetupHost osrssinst EOSNotify wusa
set eo=%eo% WerFault TiWorker SearchUI DWTRIG20 dusmtask dmclient appidtel wuauclt wermgr DFDWiz remsh reach HxTsr DWWIN DW20 GWX
for %%# in (%eo%) do reg delete "%ifeo%\%%#.exe" /f %.%
:: Restore notification hijacking
>"%SystemRoot%\WUTRefresh.bat" echo/@start "WUTRefresh" /min wscript.exe /e:JScript "%f0%" WUTRefresh
for %%# in (MusNotification EOSNotify) do reg add "%ifeo%\%%#.exe" /v Debugger /d "%SystemRoot%\WUTRefresh.bat" /f %.%
:: Remove pending instance safeguard
reg delete "HKLM\SOFTWARE\WUT.bat" /v Pending /f %.%
:: Refresh menu
call :refresh repair
:: Open Update Diagnostic
start "wud" msdt.exe /id WindowsUpdateDiagnostic %.%
:: Open official update troubleshooter page
start https://support.microsoft.com/en-us/help/4027322/windows-update-troubleshooter %.%
exit/b
:report
echo %0 %*
call :flip wermgr 81Report
for %%# in (%reporter%) do if defined block ( reg delete "%ifeo%\%%#.exe" /f %.% ) else (
reg add "%ifeo%\%%#.exe" /v Debugger /d "%noop%" /f %.% &taskkill /im "%%#.exe" /t /f %.%
)
exit/b
:speech
echo %0 %*
call :flip SpeechRuntime 82Speech
for %%# in (%speecher%) do if defined block ( reg delete "%ifeo%\%%#.exe" /f %.% ) else (
reg add "%ifeo%\%%#.exe" /v Debugger /d "%noop%" /f %.% &taskkill /im "%%#.exe" /t /f %.%
)
exit/b
:search
echo %0 %*
call :flip SearchUI 83Search
for %%# in (%searcher%) do if defined block ( reg delete "%ifeo%\%%#.exe" /f %.% ) else (
reg add "%ifeo%\%%#.exe" /v Debugger /d "%noop%" /f %.% &taskkill /im "%%#.exe" /t /f %.%
)
exit/b
:defender
echo %0 %*
set "s10=$t=1;$toggle='38'; if((Get-MpPreference).DisableRealtimeMonitoring){$t=0;$toggle='39';}"
set "s11=Set-MpPreference -DisableRealtimeMonitoring $t"
set "s12=Set-MpPreference -DisableBehaviorMonitoring $t"
set "s13=Set-MpPreference -DisableIOAVProtection $t"
set "s14=write-host $toggle"
for /f "delims=" %%# in ('call powershell.exe -c "%s10%;%s11%;%s12%;%s13%;%s14%;"') do set "toggle=%%#"
reg add "%menu%\84Defender" /v Icon /d "ieframe.dll,%toggle%" /f %.%
exit/b
:update_defender - triggered from WScript to get definitions from MMPC, regardless of updates being blocked
tasklist /FI "IMAGENAME eq MpCmdRun.exe" | find ".exe" %.%
if not errorlevel 1 exit/b
pushd %ProgramFiles%\Windows Defender
call MpCmdRun.exe -removedefinitions -dynamicsignatures
call MpCmdRun.exe -SignatureUpdate -MMPC
exit/b
:setup
echo %0 %*
pushd %SystemRoot%
if /i "%~f0"=="%f0%" (set "initial_setup=") else copy /y "%~f0" "%f0%" %.%
:: Create WUTUndo for emergencies
>WUTUndo.bat echo/pushd %%~dp0system32\config
>>WUTUndo.bat echo/reg load HKLM\WUTUndo1 SOFTWARE
>>WUTUndo.bat echo/set "koff=HKLM\WUTUndo1\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" ^&set "kon=%ifeo%"
>>WUTUndo.bat echo/for %%%%B in (%exe%) do for %%%%K in ("%%koff%%" "%%kon%%") do reg delete "%%%%~K\%%%%B.exe" /f 2^>nul
>>WUTUndo.bat echo/reg unload HKLM\WUTUndo1
>>WUTUndo.bat echo/reg load HKLM\WUTUndo2 SYSTEM
>>WUTUndo.bat echo/for %%%%K in (WUTUndo2 SYSTEM) do (
>>WUTUndo.bat echo/ reg delete "HKLM\%%%%~K\ControlSet001\Services\TrustedInstaller" /v DependOnService /f 2^>nul
>>WUTUndo.bat echo/ reg delete "HKLM\%%%%~K\CurrentControlSet\Services\TrustedInstaller" /v DependOnService /f 2^>nul
>>WUTUndo.bat echo/)
>>WUTUndo.bat echo/reg unload HKLM\WUTUndo2
:: Create WUTRefresh to hijack update notifications and refresh context menu in addition to preventing forced reboots
>WUTRefresh.bat echo/@start "WUTRefresh" /min wscript.exe /e:JScript "%f0%" WUTRefresh
:: Create tasks to run context menu entries with proper access and no output window
start "WUT" wscript /e:JScript "%~f0" cmd "call `%~f0` setup_schtasks"
:: WUT options
for %%# in (NoBlock NoRefresh) do reg add "HKLM\SOFTWARE\WUT.bat" /v %%# /d "Enable" /f %.%
call :toggle blocking
exit/b
:setup_schtasks - no stalling separate process
set "strun=wscript.exe /e:JScript \"%f0%\" run%window%"
for %%t in (refresh lists upgrades installs downloads service repair report speech search defender toggle renew remove) do (
schtasks /create /ru "%username%" /sc once /tn "WUT\%%t" /tr "%strun% %%t" /st "00:00:00" /it /rl highest /f %.%
)
for %%t in (hide unhide apply) do for /l %%n in (101,1,116) do (
schtasks /create /ru "%username%" /sc once /tn "WUT\%%t\%%n" /tr "%strun% %%t %%n" /st "00:00:00" /it /rl highest /f %.%
)
exit/b
:renew
echo %0 %*
echo Renewing from internet - old version saved as %SystemRoot%\WUT.old
pushd %SystemRoot%
if exist WUT.new del /f /q WUT.new %.%
call wscript /e:JScript "%~f0" renew "https://pastebin.com/raw/gNsLEWJe" "%SystemRoot%\WUT.new"
if exist WUT.new copy /y "%f0%" WUT.old %.% &copy /y WUT.new "%f0%" %.% &del /f /q WUT.new %.%
start "WUT" "%f0%" %.%
exit
:remove
echo %0 %*
for %%# in (NoBlock NoRefresh) do reg add "HKLM\SOFTWARE\WUT.bat" /v %%# /d "Disable" /f %.%
call :toggle off
reg delete "HKLM\SOFTWARE\WUT.bat" /f %.%
for %%# in ("" "0pending" "1hide" "2unhide" "3apply") do reg delete "%wut%%%~#" /f %.%
for %%t in (refresh lists upgrades installs downloads service repair report speech search defender toggle renew remove) do (
schtasks /delete /tn "WUT\%%t" /f %.%
)
for %%t in (hide unhide apply) do for /l %%n in (101,1,116) do schtasks /delete /tn "WUT\%%t\%%n" /f %.%
for %%t in (hide unhide apply) do schtasks /delete /tn "WUT\%%t" /f %.%
schtasks /delete /tn "WUT" /f %.%
sc config wuauserv type= share depend= rpcss %.%
sc config TrustedInstaller type= own depend= / %.%
pushd %SystemRoot%
del /f /q WUT.bat WUT.old DefenderManualUpdate.bat WUTRefresh.bat WUTUndo.bat "%f0%" %.%
exit/b
:reg_query %1:KeyName %2:ValueName %3:OutputVariable %4:other_options[example: "/t REG_DWORD"]
setlocal & for /f "skip=2 delims=" %%s in ('reg query "%~1" /v "%~2" /z 2^>nul') do set "rq=%%s" & call set "rv=%%rq:*) =%%"
endlocal & set "%~3=%rv%" & exit/b &rem AveYo: call :reg_query "HKCU\MyKey" "MyValue" MyVar
::---------------------------------------------------------------------------------------------------------------------------------
:JScript_functions AveYo: Switch syntax highlighter to 'javascript'
::-------------------------------------------------------------------------------------------------------------------------------*/
f0=WSH.ScriptFullName; run=WSH.Arguments(0); args=''; for(i=1;i<WSH.Arguments.length;i++) args+=' "'+WSH.Arguments(i)+'"';
function sex(exe,args){WSH.CreateObject('Shell.Application').ShellExecute(exe,args,'','',0);}; function reg(s){ sex('reg.exe',s); }
// Open external commands in new hidden cmd instance - backquotes replaced to quotes
if (run=='cmd') sex('cmd','/c '+args.replace(/`/g,'"'));
// Context menu entries trigger - elevated with no popups
if (run=='schtasks') sex('SCHTASKS.EXE','/Run /TN '+args);
// Shift to CMD if loaded by WScript - pass arguments, prevent loop, run as admin at setup, hide window at context-menu
function cmd(adm,win){WSH.CreateObject('Shell.Application').ShellExecute('cmd','/c call "'+f0+'" shift "'+f0+'"'+args,'',adm,win);}
if (run=='run') cmd('',1); if (run=='runhide') cmd('',0); if (run=='runas') cmd('runas',1); if (run=='runashide') cmd('runas',0);
if (run=='renew') {
// renew script over internet
try{
downloader=WSH.CreateObject("WinHttp.WinHttpRequest.5.1");
if (downloader===null) downloader=WSH.CreateObject("WinHttp.WinHttpRequest");
if (downloader===null) downloader=WSH.CreateObject("MSXML2.ServerXMLHTTP");
if (downloader===null) downloader=WSH.CreateObject("Microsoft.XMLHTTP");
downloader.Open("GET",WSH.Arguments(1),false); downloader.Send(); oASI=downloader.ResponseBody(); downloader=undefined;
oASO=WSH.CreateObject("ADODB.Stream"); oASO.type=1; oASO.Mode=3; oASO.Open; oASO.Write(oASI); oASI=undefined;
oASO.SaveToFile(WSH.Arguments(2)); oASO.Close();
}catch(e){} // supress all errors since we're working with com objects
}
// WUT Hide/Unhide/Apply lists
if (run=='WUTRefresh' || run=='hide' || run=='unhide' || run=='apply') {
SRP=GetObject("winmgmts:StdRegProv"); pending=SRP.GetStringValue(2147483650,'SOFTWARE\\WUT.bat','Pending');
if (pending===0) WSH.quit(); else SRP.SetStringValue(2147483650,'SOFTWARE\\WUT.bat','Pending','yes'); // prevent instances
k='HKCR\\DesktopBackground\\shell\\WUT'; hk=k+'1hide'; uk=k+'2unhide'; ik=k+'3apply'; pk=k+'0pending';// short list keys
reg('delete "'+hk+'" /f');reg('delete "'+uk+'" /f');reg('delete "'+ik+'" /f'); reg('add "'+pk+'" /v MUIVerb /d "Pending.." /f');
reg('add "'+pk+'" /v SubCommands /d "" /f'); reg('add "'+pk+'" /v Icon /d "ieframe.dll,11" /f');
// Check for updates
count=0; wuthide=[]; wutunhide=[];
try{
session=WSH.CreateObject("Microsoft.Update.Session"); reboot=WSH.CreateObject("Microsoft.Update.SystemInfo").RebootRequired;
searcher=session.CreateUpdateSearcher();
sresult=searcher.Search("IsInstalled=0"); Updatelist=sresult.Updates; count=sresult.Updates.Count;
for(i=0;i<count;i++) {
itemTitle=Updatelist.Item(i).Title;
minsize=Updatelist.Item(i).MinDownloadSize; maxsize=Updatelist.Item(i).MaxDownloadSize; wutsize='';
if (maxsize > 1073741824) wutsize=' ['+Math.round(minsize/10737418.24)/100+' - '+Math.round(maxsize/10737418.24)/100+'GB]';
else if (maxsize > 1048576) wutsize=' ['+Math.round(minsize/10485.76)/100+' - '+Math.round(maxsize/10485.76)/100+'MB]';
else if (maxsize > 1024) wutsize=' ['+Math.round(minsize/10.24)/100+' - '+Math.round(maxsize/10.24)/100+'KB]';
else if (maxsize > 0) wutsize=' ['+(minsize)+' - '+(maxsize)+'B]';
wutTitle=Updatelist.Item(i).Title + wutsize;
if (run=='apply' && WSH.Arguments(1).indexOf(itemTitle) > -1) {
// Add matching entry to UpdateColl
UpdateColl=WSH.CreateObject("Microsoft.Update.UpdateColl"); UpdateColl.Add(Updatelist.Item(i));
// Download update
downloader=session.CreateUpdateDownloader(); downloader.Updates=UpdateColl; dresult=downloader.Download();
if (dresult.ResultCode==2) {
// Unblock apply
sex('sc','config TrustedInstaller type= own depend= /');
KeyPath='SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\wuauclt.exe';
SRP.DeleteKey(2147483650,KeyPath);
WSH.Sleep(1000);
//Apply update
installer=session.CreateUpdateInstaller(); installer.Updates=UpdateColl; iresult=installer.Install();
if (iresult.ResultCode==2) continue;
}
}
// hide and unhide are very simple bool flip compared to apply
if (run=='hide' && WSH.Arguments(1).indexOf(itemTitle) > -1) {
Updatelist.Item(i).IsHidden=true; wutunhide.push(wutTitle); continue;
}
if (run=='unhide' && WSH.Arguments(1).indexOf(itemTitle) > -1) {
Updatelist.Item(i).IsHidden=false; wuthide.push(wutTitle); continue;
}
// Trigger :update_defender to manually refresh definitions from MMPC
if (Updatelist.Item(i).IsHidden===false && itemTitle.indexOf('(Definition') > -1) {
sex('cmd','/c call "'+f0+'" update_defender');
}
// Sorting lists
if (Updatelist.Item(i).IsHidden) wutunhide.push(wutTitle); else wuthide.push(wutTitle);
}
// Generate Hide context menu
if (wuthide.length>0){
reg('add "'+hk+'" /v MUIVerb /d "Hide '+"\t"+wuthide.length+'" /f');
reg('add "'+hk+'" /v Icon /d "ieframe.dll,42" /f');
reg('add "'+hk+'" /v SubCommands /d "" /f');
for(i=101,n=wuthide.length+101;i<n;i++) {
reg('add "'+hk+'\\shell\\'+i+'" /v MUIVerb /d "'+wuthide[i-101]+'" /f');
reg('add "'+hk+'\\shell\\'+i+'\\command" /ve /d "wscript.exe /e:JScript \\"'+f0+'\\" schtasks WUT\\hide\\'+i+'" /f');
}
}
// Generate Unhide context menu
if (wutunhide.length>0){
reg('add "'+uk+'" /v MUIVerb /d "Unhide '+"\t"+wutunhide.length+'" /f');
reg('add "'+uk+'" /v Icon /d "ieframe.dll,42" /f');
reg('add "'+uk+'" /v SubCommands /d "" /f');
for(i=101,n=wutunhide.length+101;i<n;i++) {
reg('add "'+uk+'\\shell\\'+i+'" /v MUIVerb /d "'+wutunhide[i-101]+'" /f');
reg('add "'+uk+'\\shell\\'+i+'\\command" /ve /d "wscript.exe /e:JScript \\"'+f0+'\\" schtasks WUT\\unhide\\'+i+'" /f');
}
}
// Generate Apply context menu
if (wuthide.length>0){
reg('add "'+ik+'" /v MUIVerb /d "Apply '+"\t"+((reboot) ? 'must reboot ' : wuthide.length)+'" /f');
reg('add "'+ik+'" /v Icon /d "ieframe.dll,42" /f');
reg('add "'+ik+'" /v SubCommands /d "" /f');
for(i=101,n=wuthide.length+101;i<n;i++) {
reg('add "'+ik+'\\shell\\'+i+'" /v MUIVerb /d "'+wuthide[i-101]+'" /f');
reg('add "'+ik+'\\shell\\'+i+'\\command" /ve /d "wscript.exe /e:JScript \\"'+f0+'\\" schtasks WUT\\apply\\'+i+'" /f');
}
}
}catch(e){} // supress all errors since we're working with com objects
reg('delete "'+pk+'" /f'); SRP.DeleteValue(2147483650,'SOFTWARE\\WUT.bat','Pending'); // Remove Pending.. temporary entry
}
//
@set @version=3.1 /*&echo off&title Windows X Bloat Subscribe Toggle
call :check_status
echo.
echo ---------------------------------------------------------------------
echo : Windows X Bloat Subscribe Toggle v3.1 :
echo :---------------------------------------------------------------------:
echo : Only a prevention, won't uninstall existing items for your account :
echo : But new users get a clean LTSB-like menu with no 3rd party items. :
echo : Usually prevents bloat being reinstalled after upgrades :
echo : Run this script again to subscribe on/off :
echo : :
echo : Before: %STATUS%%__% :
echo : :
echo : Press Alt+F4 to cancel Always run latest version :
echo ---------------------------------------------------------------------
echo RED = unsubscribed
:: Init
if %1.==. timeout /t 10 &call wscript /e:JScript "%~f0" shiftrunas &exit &rem : no arguments, run setup elevated
if %1.==shift. shift &shift &rem : if loaded by WScript, shift args to prevent loop and restore %0
:: Main
if "%STATUS%"=="UNSUBSCRIBED" ( set "RV=0x1" &set "RVD=0x0" ) else set "RV=0x0" &set "RVD=0x1"
reg load HKU\NewUsers "C:\Users\Default\NTUSER.DAT" >nul && set "NewUsers=HKU\NewUsers" || set "NewUsers="
:: Manage Content Delivery (SubscribedContent) Bloat
set "cdm=Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager"
for %%u in (HKCU %NewUsers%) do (
reg add "%%u\%cdm%" /v FeatureManagementEnabled /t REG_DWORD /d %RV% /f &rem Feature Management generic
reg add "%%u\%cdm%" /v ContentDeliveryAllowed /t REG_DWORD /d %RV% /f &rem Content Delivery generic
reg add "%%u\%cdm%" /v OemPreInstalledAppsEnabled /t REG_DWORD /d %RV% /f &rem OEM Preinstalled Apps
reg add "%%u\%cdm%" /v PreInstalledAppsEnabled /t REG_DWORD /d %RV% /f &rem Preinstalled Apps
reg add "%%u\%cdm%" /v PreInstalledAppsEverEnabled /t REG_DWORD /d %RV% /f &rem Preinstalled Apps
reg add "%%u\%cdm%" /v RotatingLockScreenEnabled /t REG_DWORD /d %RV% /f &rem Lock Screen Ads
reg add "%%u\%cdm%" /v RotatingLockScreenOverlayEnabled /t REG_DWORD /d %RV% /f &rem Lock Screen Tips
reg add "%%u\%cdm%" /v SilentInstalledAppsEnabled /t REG_DWORD /d %RV% /f &rem Suggested Apps
reg add "%%u\%cdm%" /v SoftLandingEnabled /t REG_DWORD /d %RV% /f &rem Tips about Windows
reg add "%%u\%cdm%" /v SubscribedContentEnabled /t REG_DWORD /d %RV% /f &rem Suggested Apps generic
reg add "%%u\%cdm%" /v SystemPaneSuggestionsEnabled /t REG_DWORD /d %RV% /f &rem Settings Suggestions
reg add "%%u\%cdm%" /v SubscribedContent-202914Enabled /t REG_DWORD /d %RV% /f &rem Windows Spotlight
reg add "%%u\%cdm%" /v SubscribedContent-280810Enabled /t REG_DWORD /d %RV% /f &rem SyncProviders - OneDrive
reg add "%%u\%cdm%" /v SubscribedContent-280811Enabled /t REG_DWORD /d %RV% /f &rem OneDrive
reg add "%%u\%cdm%" /v SubscribedContent-280813Enabled /t REG_DWORD /d %RV% /f &rem Windows Ink - StokedOnIt
reg add "%%u\%cdm%" /v SubscribedContent-280815Enabled /t REG_DWORD /d %RV% /f &rem Share - Facebook Instagram
reg add "%%u\%cdm%" /v SubscribedContent-310091Enabled /t REG_DWORD /d %RV% /f &rem Feature management?
reg add "%%u\%cdm%" /v SubscribedContent-310092Enabled /t REG_DWORD /d %RV% /f &rem Feature management?
reg add "%%u\%cdm%" /v SubscribedContent-310093Enabled /t REG_DWORD /d %RV% /f &rem Windows Welcome Experience
reg add "%%u\%cdm%" /v SubscribedContent-314559Enabled /t REG_DWORD /d %RV% /f &rem BingWeather
reg add "%%u\%cdm%" /v SubscribedContent-314559Enabled /t REG_DWORD /d %RV% /f &rem Candy Crush
reg add "%%u\%cdm%" /v SubscribedContent-314563Enabled /t REG_DWORD /d %RV% /f &rem MyPeople - Suggested Apps
reg add "%%u\%cdm%" /v SubscribedContent-338380Enabled /t REG_DWORD /d %RV% /f &rem Feature management?
reg add "%%u\%cdm%" /v SubscribedContent-338381Enabled /t REG_DWORD /d %RV% /f &rem Windows Maps
reg add "%%u\%cdm%" /v SubscribedContent-338387Enabled /t REG_DWORD /d %RV% /f &rem Lock screen - Hotspot
reg add "%%u\%cdm%" /v SubscribedContent-338388Enabled /t REG_DWORD /d %RV% /f &rem Startmenu - App Suggestions
reg add "%%u\%cdm%" /v SubscribedContent-338389Enabled /t REG_DWORD /d %RV% /f &rem Cortana - Using Windows tips
reg add "%%u\%cdm%" /v SubscribedContent-338393Enabled /t REG_DWORD /d %RV% /f &rem Settings - Microsoft Links
reg add "%%u\%cdm%" /v SubscribedContent-353698Enabled /t REG_DWORD /d %RV% /f &rem Timeline - Suggestions
) >nul 2>nul
:: Discover other subscriptions and add them too
for %%u in (HKCU %NewUsers%) do for /f %%s in ('reg query "HKCU\%cdm%\Subscriptions"') do (
reg add "%%u\%cdm%" /v SubscribedContent-%%~nxsEnabled /t REG_DWORD /d %RV% /f
) >nul 2>nul
:: Discover suggested apps
for %%u in (HKCU %NewUsers%) do for /f %%s in ('reg query "HKCU\%cdm%\SuggestedApps" 2^>nul ^|find "REG_D" 2^>nul') do (
reg add "%%u\%cdm%\SuggestedApps" /v %%s /t REG_DWORD /d %RV% /f
) >nul 2>nul
:: Manage background run for ContentDelivery
set "backgracc=Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications"
for %%u in (HKCU %NewUsers%) do (
reg add "%%u\%backgracc%\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy" /v Disabled /t REG_DWORD /d %RVD% /f
) >nul 2>nul
:: Manage Windows Ink suggestions
set "ink=Software\Microsoft\Windows\CurrentVersion\PenWorkspace"
for %%u in (HKCU %NewUsers%) do (
reg add "%%u\%ink%" /v PenWorkspaceAppSuggestionsEnabled /t REG_DWORD /d %RV% /f
) >nul 2>nul
:: Manage Sync Providers (OneDrive) notifications
set "sync=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
for %%u in (HKCU %NewUsers%) do (
reg add "%%u\%sync%" /v ShowSyncProviderNotifications /t REG_DWORD /d %RV% /f
) >nul 2>nul
:: Manage Generic Cloud features aka bloat
set "cloud=Software\Policies\Microsoft\Windows\CloudContent"
for %%u in (HKLM) do (
reg add "%%u\%cloud%" /v DisableWindowsConsumerFeatures /t REG_DWORD /d %RVD% /f
reg add "%%u\%cloud%" /v DisableSoftLanding /t REG_DWORD /d %RVD% /f
) >nul 2>nul
:: Done!
reg unload HKU\NewUsers >nul
call :check_status
echo.
echo --------------------------
echo After : %STATUS%
echo --------------------------
echo.
pause
exit
::---------------------------------------------------------------------------------------------------------------------------------
:: Utility functions
::---------------------------------------------------------------------------------------------------------------------------------
:check_status
set "bloatkey=HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager"
call :reg_query "%bloatkey%" "ContentDeliveryAllowed" BLOAT_SUBSCRIBE
if "[%BLOAT_SUBSCRIBE%]"=="[0x0]" ( set "STATUS=UNSUBSCRIBED" & color 0c) else set "STATUS= DEFAULT " & color 0b
set "__=" &exit/b
:reg_query %1:KeyName %2:ValueName %3:OutputVariable %4:other_options[example: "/reg:32"]
setlocal & for /f "skip=2 delims=" %%s in ('reg query "%~1" /v "%~2" /z %4 2^>nul') do set "rq=%%s" & call set "rv=%%rq:*) =%%"
endlocal & set "%~3=%rv%" & exit/b ||:i AveYo - Usage:" call :reg_query "HKCU\MyKey" "MyValue" MyVar "
:Ask_to_reload_with_admin_rights [required] */
function ShiftRunAs(f0){WSH.CreateObject('Shell.Application').ShellExecute('cmd','/c call "'+f0+'" shift "'+f0+'"','','runas',1);}
if (WSH.Arguments.length>=1 && WSH.Arguments(0)=="shiftrunas") ShiftRunAs(WSH.ScriptFullName);
//
goto="init" /* %~nx0
::----------------------------------------------------------------------------------------------------------------------------------
:about
::----------------------------------------------------------------------------------------------------------------------------------
title Windows X Update Policy
call :check_status
echo.
echo ---------------------------------------------------------------------
echo : Windows X Update Policy Toggle v2.0 :
echo :---------------------------------------------------------------------:
echo : Pro: Set to notify before download and prevent driver installs :
echo : Just run this script again to toggle on/off :
echo : :
echo : Currently: %STATUS%%_% :
echo : :
echo : Press Alt+F4 to cancel Always run latest version :
echo ---------------------------------------------------------------------
echo.
exit/b
::----------------------------------------------------------------------------------------------------------------------------------
:main [ Batch main function ]
::----------------------------------------------------------------------------------------------------------------------------------
call :about &timeout /t 10 &echo.
if "%STATUS%"=="CUSTOM!" ( set "OP=delete" & set "NOP=/f >nul &rem" ) else set "OP=add" & set "NOP="
net stop wuauserv >nul 2>nul
:: Get current user sid with vmic
for /f "usebackq delims= " %%s in (`wmic useraccount where "name='%username%'" get sid ^| find "S-"`) do set "sid=%%s"
:: Settings Accounts Sign-in options: use my sign-in info to automatically finish setting up my device after an update or restart
set "key=HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserARSO\%sid%"
reg %OP% "%key%" /v "OptOut" %NOP% /t REG_DWORD /d 0x1 /f >nul
if "%STATUS%"=="DEFAULT" reg query "%key%" /v "OptOut" 2>nul
:: Disable Windows Update Delivery Optimization
set "key=HKLM\Software\Policies\Microsoft\Windows\DeliveryOptimization"
echo reg %OP% "%key%" /v "DODownloadMode" %NOP% /t REG_DWORD /d 0x0 /f >nul
if "%STATUS%"=="DEFAULT" reg query "%key%" /v "DODownloadMode" 2>nul
:: Choose how updates are delivered 0=p2p update from MS only, 1=p2p update from PCs on LAN, 3=p2p update from PCs on the internet
set "key=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config"
reg %OP% "%key%" /v "DownloadMode" %NOP% /t REG_DWORD /d 0x0 /f >nul
reg %OP% "%key%" /v "DODownloadMode" %NOP% /t REG_DWORD /d 0x0 /f >nul
if "%STATUS%"=="DEFAULT" reg query "%key%" 2>nul
:: UX and old style update settings - check but don't download, exclude drivers, no metered
if "%STATUS%"=="DEFAULT" call :TakeKeyOwnership "HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX" -y
set "key1=HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings"
set "key2=HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU"
set "key3=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update"
set keys="%key1%" "%key2%" "%key3%"
:: Enable update management
for %%k in (%keys%) do reg %OP% %%k /v "NoAutoUpdate" %NOP% /t REG_DWORD /d 0x0 /f >nul
:: Enable updates 2=notify before download, 3=download and notify install, 4=download and schedule, 5=fully automatic
for %%k in (%keys%) do reg %OP% %%k /v "AUOptions" %NOP% /t REG_DWORD /d 0x2 /f >nul
:: Enable UX settings
for %%k in (%keys%) do reg %OP% %%k /v "UxOption" %NOP% /t REG_DWORD /d 0x1 /f >nul
for %%k in (%keys%) do reg %OP% %%k /v "IsConvergedUpdateStackEnabled" %NOP% /t REG_DWORD /d 0x1 /f >nul
:: Active Hours enabled 08 - 23
for %%k in (%keys%) do reg %OP% %%k /v "SetActiveHours" %NOP% /t REG_DWORD /d 0x0 /f >nul
for %%k in (%keys%) do reg %OP% %%k /v "ActiveHoursEnd" %NOP% /t REG_DWORD /d 0x17 /f >nul 2>nul
for %%k in (%keys%) do reg %OP% %%k /v "ActiveHoursStart" %NOP% /t REG_DWORD /d 0x8 /f >nul 2>nul
:: Disable Windows Update Power Management from automatically wake up the system to install scheduled updates
for %%k in (%keys%) do reg %OP% %%k /v "AUPowerManagement" %NOP% /t REG_DWORD /d 0x0 /f >nul 2>nul
:: Do not download over metered connection
for %%k in (%keys%) do reg %OP% %%k /v "AllowAutoWindowsUpdateDownloadOverMeteredNetwork" %NOP% /t REG_DWORD /d 0x0 /f >nul
:: Include recommended updates
for %%k in (%keys%) do reg %OP% %%k /v "IncludeRecommendedUpdates" %NOP% /t REG_DWORD /d 0x1 /f >nul
:: Do not autoinstall minor updates
for %%k in (%keys%) do reg %OP% %%k /v "AutoInstallMinorUpdates" %NOP% /t REG_DWORD /d 0x1 /f >nul
:: Exclude drivers from updates
for %%k in (%keys%) do reg %OP% %%k /v "ExcludeWUDriversInQualityUpdate" %NOP% /t REG_DWORD /d 0x1 /f >nul
:: Hide Creators Update build is non the way add
for %%k in (%keys%) do reg %OP% %%k /v "HideMCTLink" %NOP% /t REG_DWORD /d 0x1 /f >nul
:: Defer updates
for %%k in (%keys%) do reg %OP% %%k /v "DeferFeatureUpdatesPeriodInDays" %NOP% /t REG_DWORD /d 0x0 /f >nul
for %%k in (%keys%) do reg %OP% %%k /v "DeferQualityUpdatesPeriodInDays" %NOP% /t REG_DWORD /d 0x0 /f >nul
for %%k in (%keys%) do reg %OP% %%k /v "DeferUpgrade" %NOP% /t REG_DWORD /d 0x0 /f >nul
:: Check frequency
for %%k in (%keys%) do reg %OP% %%k /v "DetectionFrequency" %NOP% /t REG_DWORD /d 0xa /f >nul
for %%k in (%keys%) do reg %OP% %%k /v "DetectionFrequencyEnabled" %NOP% /t REG_DWORD /d 0x1 /f >nul
:: Schedule install every day 0=every day, 1=Sunday, 2=Monday, 3=Tuesday, 4=Wednesday, 5=Thursday, 6=Friday, 7=Saturday
for %%k in (%keys%) do reg %OP% %%k /v "ScheduledInstallDay" %NOP% /t REG_DWORD /d 0x0 /f >nul
:: Schedule install time 23pm
for %%k in (%keys%) do reg %OP% %%k /v "ScheduledInstallTime" %NOP% /t REG_DWORD /d 0x17 /f >nul
:: Remove shutdown with update options
for %%k in (%keys%) do reg %OP% %%k /v "NoAUAsDefaultShutdownOption" %NOP% /t REG_DWORD /d 0x1 /f >nul
for %%k in (%keys%) do reg %OP% %%k /v "NoAUShutdownOption" %NOP% /t REG_DWORD /d 0x0 /f >nul
:: Don't autoreboot
for %%k in (%keys%) do reg %OP% %%k /v "NoAutoRebootWithLoggedOnUsers" %NOP% /t REG_DWORD /d 0x1 /f >nul
:: Longer reboot notification
for %%k in (%keys%) do reg %OP% %%k /v "RebootRelaunchTimeout" %NOP% /t REG_DWORD /d 0x5a0 /f >nul
for %%k in (%keys%) do reg %OP% %%k /v "RebootRelaunchTimeoutEnabled" %NOP% /t REG_DWORD /d 0x1 /f >nul
:: Reboot warning
for %%k in (%keys%) do reg %OP% %%k /v "RebootWarningTimeout" %NOP% /t REG_DWORD /d 0x5a0 /f >nul
for %%k in (%keys%) do reg %OP% %%k /v "RebootWarningTimeoutEnabled" %NOP% /t REG_DWORD /d 0x1 /f >nul
:: Longer reschedule wait
for %%k in (%keys%) do reg %OP% %%k /v "RescheduleWaitTime" %NOP% /t REG_DWORD /d 0x14 /f >nul
for %%k in (%keys%) do reg %OP% %%k /v "RescheduleWaitTimeEnabled" %NOP% /t REG_DWORD /d 0x1 /f >nul
:: More restart notifications
for %%k in (%keys%) do reg %OP% %%k /v "RestartNotificationsAllowed" %NOP% /t REG_DWORD /d 0x1 /f >nul
if "%STATUS%"=="DEFAULT" reg query "%key1%" 2>nul
:: Do you want Windows to download driver software 0=never ,1=always, 2=install if not found on my computer
set "key=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching"
reg %OP% "%key%" /v "SearchOrderConfig" %NOP% /t REG_DWORD /d 0x2 /f >nul
if "%STATUS%"=="DEFAULT" reg query "%key%" /v "SearchOrderConfig" 2>nul
:: Disable enhanced manufacturer icons
set "key=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata"
reg %OP% "%key%" /v "PreventDeviceMetadataFromNetwork" %NOP% /t REG_DWORD /d 0x0 /f >nul
if "%STATUS%"=="DEFAULT" reg query "%key%" /v "PreventDeviceMetadataFromNetwork" 2>nul
:: Enable 'Give me updates for other Microsoft products when I update Windows'
set "key=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\7971f918-a847-4430-9279-4a52d1efe18d"
reg %OP% "%key%" /v "RegisteredWithAU" %NOP% /t REG_DWORD /d 0x1 /f >nul
if "%STATUS%"=="DEFAULT" reg query "%key%" /v "RegisteredWithAU" 2>nul
:: Disable Automatic Update of Speech Data
if "%STATUS%"=="DEFAULT" call :TakeKeyOwnership "HKLM\SOFTWARE\Microsoft\Speech_OneCore" -y
set "key=HKLM\SOFTWARE\Microsoft\Speech_OneCore\Preferences"
reg %OP% "%key%\Preferences" /v "ModelDownloadAllowed" %NOP% /t REG_DWORD /d 0x0 /f >nul
if "%STATUS%"=="DEFAULT" reg query "%key%\Preferences" /v "ModelDownloadAllowed" 2>nul
:: Smart multi-homed name resolution - prevent dns timeouts and leaks when using VPN
set "key1=HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient"
set "key2=HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters"
reg %OP% "%key1%" /v "DisableSmartNameResolution" %NOP% /t REG_DWORD /d 0x1 /f >nul
reg %OP% "%key2%" /v "DisableParallelAandAAAA" %NOP% /t REG_DWORD /d 0x1 /f >nul
if "%STATUS%"=="DEFAULT" reg query "%key1%" /v "DisableSmartNameResolution" 2>nul
if "%STATUS%"=="DEFAULT" reg query "%key2%" /v "DisableParallelAandAAAA" 2>nul
net start wuauserv >nul 2>nul
echo.
call :check_status
:: Done!
echo ---------------------------------------------------------------------
if "%STATUS%"=="CUSTOM!" ( color 0c &echo Update Policy now: CUSTOM! ) else color 0b &echo Update Policy now: DEFAULT
echo ---------------------------------------------------------------------
echo.
pause
exit
::----------------------------------------------------------------------------------------------------------------------------------
:: Utility functions
::----------------------------------------------------------------------------------------------------------------------------------
:check_status
set "policykey=HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings"
call :reg_query "%policykey%" "AUOptions" UPDATE_POLICY
if "[%UPDATE_POLICY%]"=="[0x2]" ( set "STATUS=CUSTOM!" ) else set "STATUS=DEFAULT"
set "_= " &if "%STATUS%"=="CUSTOM!" ( color 0c ) else color 0b
exit/b
:TakeKeyOwnership %1:regpath[ex:"HKCU\Console"] %2:_recurse[optional, default:"-n", "-y"] %3:_sid[optional, default:"S-1-5-32-545"]
rem $src=https://stackoverflow.com/questions/12044432/how-do-i-take-ownership-of-a-registry-key-via-powershell snippet-ized by AveYo
set "s10=function TakeKeyOwnership { param($regp, $all, $owner); $recurse=($all -eq '-y'); $RP=($regp -split '\\',2); $key=$RP[1];"
set "s11= switch -regex ($RP[0]) { 'HKLM|HKEY_LOCAL_MACHINE' {$HK='LocalMachine'};'HKCC|HKEY_CURRENT_CONFIG' {$HK='CurrentConfig'};"
set "s12= 'HKCR|HKEY_CLASSES_ROOT' {$HK='ClassesRoot'};'HKU|HKEY_USERS' {$HK='Users'};'HKCU|HKEY_CURRENT_USER' {$HK='CurrentUser'}"
set "s13= }; $rootKey=$HK; if ($owner -eq '') {$owner='S-1-5-32-545'}; [System.Security.Principal.SecurityIdentifier]$sid=$owner;"
set "s14= $import='[DllImport("ntdll.dll")] public static extern int RtlAdjustPrivilege(ulong a, bool b, bool c, ref bool d);';"
set "s15= $ntdll=Add-Type -Member $import -Name NtDll -PassThru; $privileges=@{ SeTakeOwnership=9; SeBackup=17; SeRestore=18 };"
set "s16= foreach ($i in $privileges.Values) { $null=$ntdll::RtlAdjustPrivilege($i, 1, 0, [ref]0) };"
set "s17= function Take-KeyPermissions { param($rootKey, $key, $sid, $recurse, $recurseLevel=0);"
set "s18= $regKey=[Microsoft.Win32.Registry]::$rootKey.OpenSubKey($key, 'ReadWriteSubTree', 'TakeOwnership');"
set "s19= $acl=New-Object System.Security.AccessControl.RegistrySecurity; $acl.SetOwner($sid); $regKey.SetAccessControl($acl);"
set "s20= $acl.SetAccessRuleProtection($false, $false); $regKey.SetAccessControl($acl);"
set "s21= if ($recurseLevel -eq 0) { $regKey=$regKey.OpenSubKey('', 'ReadWriteSubTree', 'ChangePermissions');"
set "s22= $rule=New-Object System.Security.AccessControl.RegistryAccessRule($sid,'FullControl','ContainerInherit','None','Allow');"
set "s23= $acl.ResetAccessRule($rule); $regKey.SetAccessControl($acl) };"
set "s24= if ($recurse) { foreach($subKey in $regKey.OpenSubKey('').GetSubKeyNames()) {"
set "s25= Take-KeyPermissions $rootKey ($key+'\'+$subKey) $sid $recurse ($recurseLevel+1) } };"
set "s26= }; $ErrorActionPreference='Continue'; Take-KeyPermissions $rootKey $key $sid $recurse }"
for /l %%# in (10,1,26) do call set "ps_TakeKeyOwnership=%%ps_TakeKeyOwnership%%%%s%%#:"=\"%%"
powershell.exe -c "%ps_TakeKeyOwnership%; try { TakeKeyOwnership '%~1' '%~2' '%~3' } catch {}"
exit/b
:reg_query %1:KeyName %2:ValueName %3:OutputVariable %4:other_options[example: "/reg:32