KB5005716 Installing on 2004/20h2/21h1 Despite Blocked Updates

T

tharri

Member
Microsoft recently started automatically installing this update during the OOBE process of installation:

https://support.microsoft.com/en-us...r-4-2021-4d3c3e9c-b636-49fd-9d79-3b027dfbaf8f

It offers users the ability to immediately update to Windows 11. As you can imagine, I don't want users to do that, otherwise I would create a Windows 11 iso! ... lol

Blocking updates in settings does not prevent this from being installed. It's especially annoying because it forces a restart as well.

Has anyone found a way to block this? (Other than disconnecting from the internet during installation?)
 
OOBE WU runs separately from WU, and cannot be blocked (except by disabling network). OOBE will download zero-day patches, "critical updates" and offers to download W11 for you.

This feature has been present in W10, but mostly unused. Now with W11's release, they are reaching out to W10 users in the same annoying way they tried to push W7->W10 upgrades. The alternative is to integrate the current OOBE hotfix into the image to skip the reboot.

https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/windows-updates-during-oobe
 
garlin said:
OOBE WU runs separately from WU, and cannot be blocked (except by disabling network). OOBE will download zero-day patches, "critical updates" and offers to download W11 for you.

This feature has been present in W10, but mostly unused. Now with W11's release, they are reaching out to W10 users in the same annoying way they tried to push W7->W10 upgrades. The alternative is to integrate the current OOBE hotfix into the image to skip the reboot.

https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/windows-updates-during-oobe
Click to expand...

Yes, I thought about integrating it, but I'm afraid it will offer users the choice of updating to 11 if their hardware supports it. I don't want that to happen.

Any idea how to go about disabling the network during installation? I tried disabling the TCPIP driver a long time ago during setup and it broke the install process.
 
Last edited:
OOBE setup is very picky, if you disable networking the "wrong" way it breaks. It's clever enough to know "no network connection" vs. network misconfiguration. When the network can't dial home, it throws an OOBE exception.

Try disabling the NIC from BIOS, install, re-enable and reboot.
 
garlin said:
OOBE setup is very picky, if you disable networking the "wrong" way it breaks. It's clever enough to know "no network connection" vs. network misconfiguration. When the network can't dial home, it throws an OOBE exception.

Try disabling the NIC from BIOS, install, re-enable and reboot.
Click to expand...

I'm looking for a way to do this on a shared iso on multiple computers, so that's not really feasible.

I tried integrating it and setting target version to the same version as the iso and it *seems* like it won't offer Windows 11 during setup, but it would be nice to prevent the integration altogether.
 
I have noticed OOBE WU ignores a clean ISO for the upgrade pitch. So there's some versioning check.
 
I'm also highly interested in this as I found myself unplugging the cable during setup.
It should have been the Dynamic Update setting on the Unattended page, but Windows conveniently ignores it.

The obvious idea would be to skip OOBE via the Unattended options.
There are SkipMachineOOBE and SkipUserOOBE options, probably SkipMachine is the only one needed in this case.
There will be a warning on the Apply page, but if it comes to this, I'll remove the warning and start recommending it for OOBE Upgrade skip.
Make sure to set all the relevant entries on pages Settings and Unattended, especially local users as OOBE will be skipped.

Another idea, not a very good one, is to disable Windows Update (not service, that is required for setup and activation) and Windows Update Medic. There is a chance Windows simply ignores it and restarts both during setup, but worth the try.
Alternatively the DNS service disabling?
This is a tricky one, as this service is needed for many things, and must be enabled after setup of course.

If that works, we can think about automatic re-enabling after setup, in case you were wondering what's the point.

I'm trying to rest in the meantime so trying not to jump on it - would appreciate if any of you can test these.
We'll solve this - may be the trigger to finally add some sort of networking setup, been waiting for a good reason.
 
Are guys are talking about "Checking for Updates" during the OOBE process? I've been removing Windows Update (but not service), Update Medic and DNS and it makes no difference at all to that.
 
Did a test run (20H2) with metered network interfaces, and KB5005716 wasn't blocked. Too bad.
 
You must log in or register to reply here.
Back
Top