How to use CMD script and VBScript to control Windows Update in Windows 10


The Enable or Disable Windows Update Automatic Updates in Windows 10 tutorial already lists a number of methods for controlling Windows Update. My tutorial is intended for members interested in playing with scripts.

The attached "Matthew's preference.zip" contains the CMD and VBScript files that I have been using to disable automatic updates, run update checks, and update Windows Defender. The core commands in "Disable hijackers.cmd" are extracted from Sledgehammer with the author's consent. This script will lock (disable) the system files that force auto-updates. The locking has to be done via NSudo, which allows the script full privileges to run the commands. Another script "Metered or unmetered.cmd" lets users choose between metered and unmetered connection simply by entering an option number. I have run "Ethernet_as_metered_connection.reg" downloaded from Brink's tutorial, but the .reg file cannot be imported, as Registry Editor says "you have insufficient privileges to perform this operation". My script can perform the operations with sufficient privileges via NSudo, which has been included in my zipped file. When auto-updates have been disabled, the daily check for updates and Microsoft Defender update will also be disabled. So, I have been using Task Scheduler to run two VBScript files, ①"WDD_Updates.vbs" and ②"Check_for_updates.vbs", which will do the following in the background:

① Update Microsoft Defender at six-hour intervals without notification.
② Check for other updates every day. Bring up a message only when updates are found.

"WDD_Updates.vbs" will automatically install definition updates (KB2267602) and updates for antimalware platform (KB4052623). The core commands in "Check_for_updates.vbs" are extracted from Microsoft Docs. My simplified version only searches for updates but not downloads and installs them. Note that the scripts will neither enable nor update Microsoft Defender if it has already been disabled.

The scripts in my zipped file will do everything automatically, including importing "Scheduled Task.xml" and "WDD_Updates Task.xml". Everything in the scripts can be modified at will. Everything done by the scripts can be undone at your pleasure. You just have to go through the following after signing in as an administrator:

1 Click here to download "Matthew's preference.zip" and extract the files.

Download

2 Double-click on "Disable hijackers.cmd" to run it. Unblock the .cmd file, and click on "Yes" if prompted by UAC. The file will lock the hijackers, the system files that force auto-updates.

3 On completion, a CMD Prompt window will pop up, asking you whether you want to import "Scheduled Task".

4 If you select Yes, "Scheduled Task.xml" will be imported. "WDD_Updates Task.xml" will be imported only if Microsoft Defender is running at the moment of your selection. Both tasks can be modified, disabled, or deleted via Task Scheduler.

5 On completion, another CMD window will pop up, asking you whether you want to set connections as metered.

6 If you select Yes, another CMD window will pop up. Enter 1 for unmetered connections (Windows default). Enter 2 (recommended) for metered connections, which help prevent auto-updates. Restart Windows for it to take effect.

7 If you want to undo everything done by the scripts, just double-click on "Undo everything.cmd".

If you have not undone everything, you will see a pop-up dialog box when updates are found. You may select Yes to run Windows Update MiniTool (included in my zipped file). To view the updates found by VBScript, double-click on "# Updates found by VBScript". To exclude the updates found by VBScript, double-click on "# Add exclusions.vbs" or "# Auto-exclusion.vbs"; then, you will not be notified of the same updates again. To install/hide updates, use Windows Update MiniTool or any other tools of your choice.

The scripts will also prevent automatic driver updates, including those for Intel HD Graphics drivers.

If you need to run the command "sfc /scannow" mentioned in this tutorial, you firstly have to run "Undo everything.cmd", which will unlock the system files previously locked by "Disable hijackers.cmd". Otherwise, errors will arise because the locked files cannot be read by System File Checker (sfc.exe). After running "sfc /scannow" and finishing the related operations, you may re-run "Disable hijackers.cmd".

VirusTotal detected no malware in "Matthew's preference.zip" ✔.
See the analysis results on VirusTotal. 👌

Other screenshots: The one below shows "0x00000002 (2)", which denotes a metered connection. https://www.tenforums.com/attachment...pect-dword.jpg The one below shows metered connection has prevented the downloading of a cumulative update. https://www.tenforums.com/attachment...ive-update.jpg The one below shows metered connection has prevented the downloading of a language pack. https://www.tenforums.com/attachment...ge-options.jpg The one below shows available updates are listed on Windows Update MiniTool. https://www.tenforums.com/attachment...nd-updates.jpg The one below shows driver updates have been hidden via Windows Update MiniTool. https://www.tenforums.com/attachment...en-drivers.jpg The one below shows even security and quality updates will not be installed automatically. https://www.tenforums.com/attachment...ot-up-date.jpg The one below shows even critical updates will not be installed automatically. https://www.tenforums.com/attachment...al-updates.jpg The one below shows even a feature update will not be installed automatically. https://www.tenforums.com/attachment...do-image-1.jpg The one below shows the dialog box that pops up when updates are found. https://www.tenforums.com/attachment...dialog-box.jpg