diff --git a/functions/public/Invoke-WPFUpdatesdefault.ps1 b/functions/public/Invoke-WPFUpdatesdefault.ps1 index 0b8403c6..78104a23 100644 --- a/functions/public/Invoke-WPFUpdatesdefault.ps1 +++ b/functions/public/Invoke-WPFUpdatesdefault.ps1 @@ -5,6 +5,9 @@ function Invoke-WPFUpdatesdefault { Resets Windows Update settings to default #> + + Write-Host "Restoring Windows Update registry settings..." -ForegroundColor Yellow + If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU")) { New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Force | Out-Null } @@ -15,17 +18,99 @@ function Invoke-WPFUpdatesdefault { } Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode" -Type DWord -Value 1 + # Reset WaaSMedicSvc registry settings to defaults + Write-Host "Restoring WaaSMedicSvc settings..." -ForegroundColor Yellow + Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" -Name "Start" -Type DWord -Value 3 -ErrorAction SilentlyContinue + Remove-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" -Name "FailureActions" -ErrorAction SilentlyContinue + + # Restore update services to their default state + Write-Host "Restoring update services..." -ForegroundColor Yellow + $services = @( - "BITS" - "wuauserv" + @{Name = "BITS"; StartupType = "Manual"}, + @{Name = "wuauserv"; StartupType = "Manual"}, + @{Name = "UsoSvc"; StartupType = "Automatic"}, + @{Name = "uhssvc"; StartupType = "Disabled"}, + @{Name = "WaaSMedicSvc"; StartupType = "Manual"} ) foreach ($service in $services) { - # -ErrorAction SilentlyContinue is so it doesn't write an error to stdout if a service doesn't exist - - Write-Host "Setting $service StartupType to Automatic" - Get-Service -Name $service -ErrorAction SilentlyContinue | Set-Service -StartupType Automatic + try { + Write-Host "Restoring $($service.Name) to $($service.StartupType)..." + $serviceObj = Get-Service -Name $service.Name -ErrorAction SilentlyContinue + if ($serviceObj) { + Set-Service -Name $service.Name -StartupType $service.StartupType -ErrorAction SilentlyContinue + + # Reset failure actions to default using sc command + Start-Process -FilePath "sc.exe" -ArgumentList "failure `"$($service.Name)`" reset= 86400 actions= restart/60000/restart/60000/restart/60000" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue + + # Start the service if it should be running + if ($service.StartupType -eq "Automatic") { + Start-Service -Name $service.Name -ErrorAction SilentlyContinue + } + } + } + catch { + Write-Host "Warning: Could not restore service $($service.Name) - $($_.Exception.Message)" -ForegroundColor Yellow + } } + + # Restore renamed DLLs if they exist + Write-Host "Restoring renamed update service DLLs..." -ForegroundColor Yellow + + $dlls = @("WaaSMedicSvc", "wuaueng") + + foreach ($dll in $dlls) { + $dllPath = "C:\Windows\System32\$dll.dll" + $backupPath = "C:\Windows\System32\${dll}_BAK.dll" + + if ((Test-Path $backupPath) -and !(Test-Path $dllPath)) { + try { + # Take ownership of backup file + Start-Process -FilePath "takeown.exe" -ArgumentList "/f `"$backupPath`"" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue + + # Grant full control to everyone + Start-Process -FilePath "icacls.exe" -ArgumentList "`"$backupPath`" /grant *S-1-1-0:F" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue + + # Rename back to original + Rename-Item -Path $backupPath -NewName "$dll.dll" -ErrorAction SilentlyContinue + Write-Host "Restored ${dll}_BAK.dll to $dll.dll" + + # Restore ownership to TrustedInstaller + Start-Process -FilePath "icacls.exe" -ArgumentList "`"$dllPath`" /setowner `"NT SERVICE\TrustedInstaller`"" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue + Start-Process -FilePath "icacls.exe" -ArgumentList "`"$dllPath`" /remove *S-1-1-0" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue + } + catch { + Write-Host "Warning: Could not restore $dll.dll - $($_.Exception.Message)" -ForegroundColor Yellow + } + } + } + + # Enable update related scheduled tasks + Write-Host "Enabling update related scheduled tasks..." -ForegroundColor Yellow + + $taskPaths = @( + '\Microsoft\Windows\InstallService\*' + '\Microsoft\Windows\UpdateOrchestrator\*' + '\Microsoft\Windows\UpdateAssistant\*' + '\Microsoft\Windows\WaaSMedic\*' + '\Microsoft\Windows\WindowsUpdate\*' + '\Microsoft\WindowsUpdate\*' + ) + + foreach ($taskPath in $taskPaths) { + try { + $tasks = Get-ScheduledTask -TaskPath $taskPath -ErrorAction SilentlyContinue + foreach ($task in $tasks) { + Enable-ScheduledTask -TaskName $task.TaskName -TaskPath $task.TaskPath -ErrorAction SilentlyContinue + Write-Host "Enabled task: $($task.TaskName)" + } + } + catch { + Write-Host "Warning: Could not enable tasks in path $taskPath - $($_.Exception.Message)" -ForegroundColor Yellow + } + } + Write-Host "Enabling driver offering through Windows Update..." Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Device Metadata" -Name "PreventDeviceMetadataFromNetwork" -ErrorAction SilentlyContinue Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DontPromptForWindowsUpdate" -ErrorAction SilentlyContinue @@ -39,6 +124,7 @@ function Invoke-WPFUpdatesdefault { Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Name "BranchReadinessLevel" -ErrorAction SilentlyContinue Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Name "DeferFeatureUpdatesPeriodInDays" -ErrorAction SilentlyContinue Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Name "DeferQualityUpdatesPeriodInDays" -ErrorAction SilentlyContinue + Write-Host "===================================================" Write-Host "--- Windows Update Settings Reset to Default ---" Write-Host "===================================================" @@ -62,4 +148,6 @@ function Invoke-WPFUpdatesdefault { Write-Host "===================================================" Write-Host "--- Windows Local Policies Reset to Default ---" Write-Host "===================================================" + + Write-Host "Note: A system restart may be required for all changes to take full effect." -ForegroundColor Yellow } diff --git a/functions/public/Invoke-WPFUpdatesdisable.ps1 b/functions/public/Invoke-WPFUpdatesdisable.ps1 index d3f28815..27389846 100644 --- a/functions/public/Invoke-WPFUpdatesdisable.ps1 +++ b/functions/public/Invoke-WPFUpdatesdisable.ps1 @@ -6,30 +6,130 @@ function Invoke-WPFUpdatesdisable { .NOTES Disabling Windows Update is not recommended. This is only for advanced users who know what they are doing. + This function requires administrator privileges and will attempt to run as SYSTEM for certain operations. #> + + Write-Host "Configuring registry settings..." -ForegroundColor Yellow + If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU")) { New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Force | Out-Null } Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "NoAutoUpdate" -Type DWord -Value 1 Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "AUOptions" -Type DWord -Value 1 + If (!(Test-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config")) { New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Force | Out-Null } Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode" -Type DWord -Value 0 + + # Additional registry settings + Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" -Name "Start" -Type DWord -Value 4 -ErrorAction SilentlyContinue + $failureActions = [byte[]](0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x03,0x00,0x00,0x00,0x14,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xc0,0xd4,0x01,0x00,0x00,0x00,0x00,0x00,0xe0,0x93,0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00) + Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" -Name "FailureActions" -Type Binary -Value $failureActions -ErrorAction SilentlyContinue + # Disable and stop update related services + Write-Host "Disabling update services..." -ForegroundColor Yellow + $services = @( "BITS" "wuauserv" + "UsoSvc" + "uhssvc" + "WaaSMedicSvc" ) foreach ($service in $services) { - # -ErrorAction SilentlyContinue is so it doesn't write an error to stdout if a service doesn't exist - - Write-Host "Setting $service StartupType to Disabled" - Get-Service -Name $service -ErrorAction SilentlyContinue | Set-Service -StartupType Disabled + try { + Write-Host "Stopping and disabling $service..." + $serviceObj = Get-Service -Name $service -ErrorAction SilentlyContinue + if ($serviceObj) { + Stop-Service -Name $service -Force -ErrorAction SilentlyContinue + Set-Service -Name $service -StartupType Disabled -ErrorAction SilentlyContinue + + # Set failure actions to nothing using sc command + Start-Process -FilePath "sc.exe" -ArgumentList "failure `"$service`" reset= 0 actions= `"`"" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue + } + } + catch { + Write-Host "Warning: Could not process service $service - $($_.Exception.Message)" -ForegroundColor Yellow + } } - Write-Host "=================================" - Write-Host "--- Updates ARE DISABLED ---" - Write-Host "=================================" + + # Rename critical update service DLLs (requires SYSTEM privileges) + Write-Host "Attempting to rename critical update service DLLs..." -ForegroundColor Yellow + + $dlls = @("WaaSMedicSvc", "wuaueng") + + foreach ($dll in $dlls) { + $dllPath = "C:\Windows\System32\$dll.dll" + $backupPath = "C:\Windows\System32\${dll}_BAK.dll" + + if (Test-Path $dllPath) { + try { + # Take ownership + Start-Process -FilePath "takeown.exe" -ArgumentList "/f `"$dllPath`"" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue + + # Grant full control to everyone + Start-Process -FilePath "icacls.exe" -ArgumentList "`"$dllPath`" /grant *S-1-1-0:F" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue + + # Rename file + if (!(Test-Path $backupPath)) { + Rename-Item -Path $dllPath -NewName "${dll}_BAK.dll" -ErrorAction SilentlyContinue + Write-Host "Renamed $dll.dll to ${dll}_BAK.dll" + + # Restore ownership to TrustedInstaller + Start-Process -FilePath "icacls.exe" -ArgumentList "`"$backupPath`" /setowner `"NT SERVICE\TrustedInstaller`"" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue + Start-Process -FilePath "icacls.exe" -ArgumentList "`"$backupPath`" /remove *S-1-1-0" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue + } + } + catch { + Write-Host "Warning: Could not rename $dll.dll - $($_.Exception.Message)" -ForegroundColor Yellow + } + } + } + + # Delete downloaded update files + Write-Host "Cleaning up downloaded update files..." -ForegroundColor Yellow + + try { + $softwareDistPath = "C:\Windows\SoftwareDistribution" + if (Test-Path $softwareDistPath) { + Get-ChildItem -Path $softwareDistPath -Recurse -Force | Remove-Item -Force -Recurse -ErrorAction SilentlyContinue + Write-Host "Cleared SoftwareDistribution folder" + } + } + catch { + Write-Host "Warning: Could not fully clear SoftwareDistribution folder - $($_.Exception.Message)" -ForegroundColor Yellow + } + + # Disable update related scheduled tasks + Write-Host "Disabling update related scheduled tasks..." -ForegroundColor Yellow + + $taskPaths = @( + '\Microsoft\Windows\InstallService\*' + '\Microsoft\Windows\UpdateOrchestrator\*' + '\Microsoft\Windows\UpdateAssistant\*' + '\Microsoft\Windows\WaaSMedic\*' + '\Microsoft\Windows\WindowsUpdate\*' + '\Microsoft\WindowsUpdate\*' + ) + + foreach ($taskPath in $taskPaths) { + try { + $tasks = Get-ScheduledTask -TaskPath $taskPath -ErrorAction SilentlyContinue + foreach ($task in $tasks) { + Disable-ScheduledTask -TaskName $task.TaskName -TaskPath $task.TaskPath -ErrorAction SilentlyContinue + Write-Host "Disabled task: $($task.TaskName)" + } + } + catch { + Write-Host "Warning: Could not disable tasks in path $taskPath - $($_.Exception.Message)" -ForegroundColor Yellow + } + } + + Write-Host "=================================" -ForegroundColor Green + Write-Host "--- Updates ARE DISABLED ---" -ForegroundColor Green + Write-Host "===================================" -ForegroundColor Green + Write-Host "Note: Some operations may require a system restart to take full effect." -ForegroundColor Yellow }