Hi. I'm debating the pros and cons of removing windows update from my installation media before it's a live/installed image. Either that, or leaving it in but trying to make it truly manual-update only. What are the potential downsides of not having Windows Update at all? Only thing I can think of would be security updates, but I'd like to ask here for other opinions. If I leave it in, then there is the issue that when windows updates, it tends to break my modifications by re-adding the components that I removed, along with breaking other things in general sometimes.
Downsides of removing Windows Update pre-install?
- Thread starter NCSGeek
- Start date
-
- Tags
- windows update
Hm, okay. Thanks. Curious to see what they say then.
Hellbovine
Well-Known Member
Basically everything you said already. Some people are advocates of security while others care more about having control over their computer. There is not a universal answer because it really depends on the user's intentions and their knowledge of Windows. There are dependency problems you can run into if you uninstall the Windows Update component, though I think Defender is free of those. I elaborate on all of this in the sections below.
SECURITY
If we're talking about my co-workers, grandparents, etcetera, then yeah leave things like Windows update and Defender alone, because I'd rather be able to blame Microsoft when my mother-in-law gets yet another virus since she keeps downloading "free" Sims expansion packs from shady sites. Free is in quotes because she ends up paying for it with malware. She's also one of those people with a dozen browser toolbar add-ons.
For people with a decent computer background, the story changes because security becomes almost a non-issue since they know more about reducing attack vectors by disabling unused Windows features, using a good browser (Chromium-based) and ad-blocker (uBlock Origin), making sure they are behind a router with NAT, optimizing settings, downloading only from reputable sources, etcetera. Using a program like NTLite and creating a custom image to install in case of disaster also goes a long way, as does treating your computer like it's volatile and saving important files to a USB or secondary disk instead of keeping them on the Windows drive.
I was using XP SP3 all the way until December of 2021 on my main machine with these kinds of techniques, without an antivirus or firewall on the computer or router, and never experienced a problem. I only moved on because I needed more advanced/modern tools which didn't run on XP, games and clients became unsupported, and the browser choices were terrible (web page rendering became an issue). If you ask the masses though, my computer should have literally caught on fire at some point after it reached end of support.
For people with a decent computer background, the story changes because security becomes almost a non-issue since they know more about reducing attack vectors by disabling unused Windows features, using a good browser (Chromium-based) and ad-blocker (uBlock Origin), making sure they are behind a router with NAT, optimizing settings, downloading only from reputable sources, etcetera. Using a program like NTLite and creating a custom image to install in case of disaster also goes a long way, as does treating your computer like it's volatile and saving important files to a USB or secondary disk instead of keeping them on the Windows drive.
I was using XP SP3 all the way until December of 2021 on my main machine with these kinds of techniques, without an antivirus or firewall on the computer or router, and never experienced a problem. I only moved on because I needed more advanced/modern tools which didn't run on XP, games and clients became unsupported, and the browser choices were terrible (web page rendering became an issue). If you ask the masses though, my computer should have literally caught on fire at some point after it reached end of support.
STABILITY
The benefits of disabling Windows Update and Defender is substantially reduced resource usage, as well as preventing tweaks from being reset to default or components being restored. Another benefit is you don't have to deal with the bugs that are introduced with updates (link), which is a problem that has been frequently covered in recent years by every major computer news site. You really aren't missing out on new features or improvements to Windows from updates, so long as you're using a stable version to begin with, because the quality control from Microsoft these days just isn't very good.
The main thing is, it's kind of pointless to use NTLite to do any major tweaking, if you're just going to leave Windows Update to do whatever it wants. Modern operating systems have reached a point where the user has lost too much control, and the amount of effort required to gain it back (tweaking) just isn't worth the hassle of then dealing with updates constantly interfering with that.
Me personally, what I settled on is to download the new ISO from Microsoft that they release once a year, and if it's stable and has good performance, I use NTLite to add all my tweaks to it and cleanly install Windows again. These ISO releases contain all of the updates that occurred in the previous 12 months. Sometimes a version is botched, like 22H2, which has too many bugs for my liking and so I skipped it and will wait for 23H2. Other people like to use NTLite to manually install updates, since it gives them more control.
There are some important things to note about uninstalling Windows Update and Defender. I would personally suggest pausing Windows Update forever, instead of uninstalling it, because there are a number of dependencies related to it that I don't think are worth the headache of dealing with. Defender I think can be uninstalled without any issues, aside from a problem that NTLite causes, which is that NTLite doesn't separate out the files as it should, and so the Security Center gets uninstalled along with Defender. That's a problem because that interface has options which someone like a gamer needs to toggle, and unless you have a deep understanding of the registry it's too difficult to manipulate without the interface. I use registry keys to handle Windows Update and Defender since it's far safer and just as effective.
The main thing is, it's kind of pointless to use NTLite to do any major tweaking, if you're just going to leave Windows Update to do whatever it wants. Modern operating systems have reached a point where the user has lost too much control, and the amount of effort required to gain it back (tweaking) just isn't worth the hassle of then dealing with updates constantly interfering with that.
Me personally, what I settled on is to download the new ISO from Microsoft that they release once a year, and if it's stable and has good performance, I use NTLite to add all my tweaks to it and cleanly install Windows again. These ISO releases contain all of the updates that occurred in the previous 12 months. Sometimes a version is botched, like 22H2, which has too many bugs for my liking and so I skipped it and will wait for 23H2. Other people like to use NTLite to manually install updates, since it gives them more control.
There are some important things to note about uninstalling Windows Update and Defender. I would personally suggest pausing Windows Update forever, instead of uninstalling it, because there are a number of dependencies related to it that I don't think are worth the headache of dealing with. Defender I think can be uninstalled without any issues, aside from a problem that NTLite causes, which is that NTLite doesn't separate out the files as it should, and so the Security Center gets uninstalled along with Defender. That's a problem because that interface has options which someone like a gamer needs to toggle, and unless you have a deep understanding of the registry it's too difficult to manipulate without the interface. I use registry keys to handle Windows Update and Defender since it's far safer and just as effective.
Last edited:
Necrosaro
Active Member
I removed it as a live component so that I could use Ntlite for installations when I want them. Have not seen any issue with this....you may have issues with the update itself but that is a windows thing and not Ntlite.
Will never look back and will most likely do this on all my systems.
Will never look back and will most likely do this on all my systems.
WU service has many roles, it doesn't just download/install monthly Windows updates & security fixes. When you disable or remove it, then Windows will lose the following self-maintenance tasks:
1. WU features work during OOBE to install Zero Day Patches (ZDP), last-minute fixes to correct Windows installation issues. This step has no impact if you're using already updated images.
2. Download Windows Defender platform updates (code) & definitions (AV signatures).
3. Download Office 365 app updates.
4. Download Certificate Revocation List (CRL) to check for Root Authority changes to digital certificates used to verify executable files & drivers.
Of course, you can leave WU running and selectively block each of these tasks -- but it's extra work.
1. WU features work during OOBE to install Zero Day Patches (ZDP), last-minute fixes to correct Windows installation issues. This step has no impact if you're using already updated images.
2. Download Windows Defender platform updates (code) & definitions (AV signatures).
3. Download Office 365 app updates.
4. Download Certificate Revocation List (CRL) to check for Root Authority changes to digital certificates used to verify executable files & drivers.
Of course, you can leave WU running and selectively block each of these tasks -- but it's extra work.
Got it. Yeah, your "Stability" spoiler section is exactly what I'm trying to figure out actually. Your spoiler states the following:
So there is a way to truly forever pause windows update and make it manual only? If so, that would account for the "number of dependencies related to it" right? If so, what are these dependencies?
By "Use NTLite for installations" do you mean you can use NTLite to update windows and/or install KB updates/packages? If so, can you elaborate somewhat on that?
This is exactly what I had in mind when posting this question thread. Thanks, I'll go through these one-by-one.
I'm unsure on what you mean by "already updated images" honestly. Do you mean an installation image that already contains all of the patches and updates?
This part is important to me somewhat. Alright.
I'll be honest and say I'm unsure how important this is. I'm pretty 50/50 on if it's negligible or not.
Yeah, seeing alot of the things in this thread, I'm thinking I may prefer to keep Windows Update inside of my installation media but instead, just have it setup to where it can fullfil it's duties except do not update windows and/or break my NTLite modifications unless I manually update. Is this possible? (Asking this part to anyone that knows, honestly)
I've tried forcing windows update to be manual before but somehow it always manages to come back some way, some how.
Trying to disable Windows Updates but cannot
Hi, I am trying to permanently disable the Windows Update Service on W10 using NTLite but I cannot uncheck the box as it is greyed out. I am looking under: Components -> System -> Windows Update Service Any help would be greatly appreciated Thanks Victor
www.ntlite.com
I have an active license. I'm familiar with many places something can automatically run from, including Task Scheduler, but I've seen it somehow trigger some kind of update regardless. Of course I could've missed something.
Hellbovine
Well-Known Member
I wrote a guide on pausing updates for any amount of time over here (link).
The list that Garlin provided are dependencies and things that would be negatively affected with the removal of the Windows Update component. There are still going to be many more issues to be discovered that you may come across as you actively use a custom image, such as a recent post by AeonX in which he gave us some additional examples (link). I try to go into more detail in the section below about why we don't really have complete lists of everything that breaks when components are removed, as well as other relevant information.
DEPENDENCY INFORMATION
Dependencies aren't an exact science because they are undocumented, and can change based on the operating system and versions since Microsoft frequently modifies them over time. In addition, components are extra tricky because 3rd party software also rely on various components and that too is undocumented. It's all trial and error to figure out what you can safely remove while protecting your specific needs.
There are components that many veterans have come to realize are more trouble than it's worth to mess with, and so instead of bothering to figure out all the various dependency issues we instead just mentally note, "Don't remove it" and then we work around it instead. That's why it's hard to get precise answers to questions like, "List everything that breaks if I remove X component." We're not being vague on purpose, it's just way too much work to try to document these things because the operating systems are so huge nowadays and also not open source.
NTLite provides a "Compatibility" tab that preserves important files while removing components to prevent dependency problems. NTLite also displays some important info text in the status bar at the bottom of the screen when you click on something like a component. As you come across dependency issues you can report them to the forum so that the developer can add more compatibility options and/or split a component into smaller sub-components so that we can remove the fluff while leaving the important files behind.
Some other components I personally would never fully remove because they break important things are:
Xbox / Microsoft Store / Cortana / Internet Explorer / Windows Media Player
Note: to clarify, the term "fully remove" means every trace of the component being uninstalled. Several of these are already split out into smaller components and some of those can be safely removed, while some of these components are also a part of the compatibility tab as well. If you disable compatibility options and/or remove all the components (including the smaller sub-components) it will result in broken features. Not every feature is important to everyone though, and many people will remove Xbox for example because they don't play games and it doesn't affect them that some games can break. This is why you will get different answers from people because it depends on how the computer is used.
There are components that many veterans have come to realize are more trouble than it's worth to mess with, and so instead of bothering to figure out all the various dependency issues we instead just mentally note, "Don't remove it" and then we work around it instead. That's why it's hard to get precise answers to questions like, "List everything that breaks if I remove X component." We're not being vague on purpose, it's just way too much work to try to document these things because the operating systems are so huge nowadays and also not open source.
NTLite provides a "Compatibility" tab that preserves important files while removing components to prevent dependency problems. NTLite also displays some important info text in the status bar at the bottom of the screen when you click on something like a component. As you come across dependency issues you can report them to the forum so that the developer can add more compatibility options and/or split a component into smaller sub-components so that we can remove the fluff while leaving the important files behind.
Some other components I personally would never fully remove because they break important things are:
Xbox / Microsoft Store / Cortana / Internet Explorer / Windows Media Player
Note: to clarify, the term "fully remove" means every trace of the component being uninstalled. Several of these are already split out into smaller components and some of those can be safely removed, while some of these components are also a part of the compatibility tab as well. If you disable compatibility options and/or remove all the components (including the smaller sub-components) it will result in broken features. Not every feature is important to everyone though, and many people will remove Xbox for example because they don't play games and it doesn't affect them that some games can break. This is why you will get different answers from people because it depends on how the computer is used.
Last edited:
Hellbovine
Well-Known Member
There are 2 primary methods to incorporate a Windows Update download into an image using NTLite:
1) Download the individual updates from the main Microsoft site (link) or the Microsoft Update Catalog (link), then integrate them into an image using the "Integrate" tab from the left menu once an image has been loaded in NTLite.
2) From the top menu bar, click on "Tools" and it has a "Download Updates" option which can selectively pull the updates you want from the Microsoft servers. This method essentially acts like how Windows Update used to work in the old days, like on Windows XP where users had complete control of the situation and weren't forced to download updates or drivers they didn't want. You can use this method to also update your live Windows, which is what Necrosaro was referring to.
Last edited:
Thanks a ton for all of this info. It's very much appreciated! Will check out the guide also.
Yep. Before I found NTLite I was amateurly "breaking" windows update in my own ways for years. It's a stubborn one for sure.
Necrosaro
Active Member
Yes as Clanger said you can use windows update through Ntlite. However everyone's needs are different and the way I do it works for me. Lots of options provided here so just pick what you think would work best for you.