Shutdown directive bundle doesn't allow windows updates

Similar Messages

• [Solved] Windows Firewall rule that allows Windows Update

  Can anyone kindly give me a Windows Firewall rule that allows Windows Update? Assume I'm running MMC's "Windows Firewall with Advanced Security" snap-in as Administrator. Note that a "solution" that takes down the outbound firewall is
  not acceptable.
  Thank You.
  ===== Solution =====
  Suppose that, as the default, you've set the outbound firewall to block (see
  To close the outbound firewall, below). In order for Windows Update to check whether an update is available and then to download the update files, you first need an outbound firewall
  allow-rule that allows the Windows Update service to pass through the outbound firewall.
  Prerequisite: Knowledge of the Microsoft Management Console (MMC) and its "Windows Firewall with Advanced Security" plug-in.
  What you will do: You will use the "Windows Firewall with Advanced Security" MMC plug-in to create an outbound firewall rule that
  allows '%SystemRoot%\System32\svchost.exe' (the generic service driver) to pass through the outbound firewall on behalf of 'wuauserv' (the name of the specific service that performs the update).
  Warning: If you don't know what I'm writing about, get help.
  Name: Allow Windows Update (...or any name you prefer - it doesn't matter)
  Group:
  Profile: Public
  Enabled: Yes
  Action: Allow
  Program: %SystemRoot%\System32\svchost.exe
  Local Address: Any
  Remote Address: Any
  Protocol: Any
  Local Port: Any
  Remote Port: Any
  Allowed Computers: Any
  Status: OK
  Service: wuauserv
  Rule Source: Local Setting
  Interface Type: All interface types
  Excepted Computers: None
  Description:
  To open the outbound firewall:
  More accurate wording would be
  Outbound connections are allowed unless explicitly blocked by a rule.
  If you look at the standard rules you will find no block-rules. That means that nothing is blocked, everything is allowed, and the outbound firewall is wide open.
  To close the outbound firewall:
  More accurate wording would be
  Outbound connections are blocked unless explicitly allowed by a rule.
  If you look at the standard rules you will find only allow-rules that have been crafted to allow the vital Windows connections to pass through the outbound firewall. To an informed observer it's obvious that the firewall engineers crafted these
  allow-rules so that users who closed the outbound firewall wouldn't have to write them. But the firewall engineers left out Windows Update.

  Hi mark,
  Thanks for sharing, it will help other users who have similar issue.
  Regards

• [Solved] Windows Firewall rule that will allow Windows Update

  The problem has been solved here:
  https://social.technet.microsoft.com/Forums/en-US/62b9fd5c-10b2-4266-bc15-fcf3e79d20d4/solved-windows-firewall-rule-that-allows-windows-update?forum=w7itpronetworking
  Everything from here down is obsolete.

  Go to Control Panel >Firewall>Advanced Settings. Then click
  Action>Export policy to make a copy of your current policy in case you want to restore it. Then click
  Action>Restore Default Policy.
  This should allow you to use Windows Update.
  See also:
  https://technet.microsoft.com/en-in/library/bb693717.aspx
  https://support.microsoft.com/kb/836941
  S.Sengupta, Windows Entertainment and Connected Home MVP

• ASHA 200 doesn't allow to update software

  ASHA 200 doesn't allow to update software
  First it says feature supported for sim1 only
  then when selecting download it says Unable to download when abroad

  FOTA updates can be only downloaded via SIM1 on dual-SIM phones. That's a known limitation.  
  The other option is to use Nokia Suite. Find the instructions from here: http://www.nokia.com/global/support/software-update/belle-asha-symbian-software-update
  http://www.microsoft.com/en/mobile/nokia-x-updates/
  http://www.microsoft.com/en/mobile/nokia-x2-update/
  http://www.microsoft.com/en/mobile/asha-software-update/
  http://www.microsoft.com/en/mobile/support/software-update/wp8-software-update/
  http://www.developer.nokia.com/Community/Wiki/Nokia_firmware_change_logs
  https://twitter.com/LumiaSWUpdates

• Lenovo Solution Center does not sense or allow Windows Update after Windows 10 upgrade

  Also see: https://forums.lenovo.com/t5/Lenovo-A-B-C-N-S-Flex-and/Lenovo-Solution-Center-says-Windows-Update-needed-Windows-10/m-p/2136161#M6832 I'm having exactly the same issue as the user who started the thread linked above. After installing Windows 10 (and having no particular issues with the installation), LSC won't leave me alone about needing to run Windows Update. But when I click the Launch button provided, nothing happens. LSC is also recommending I update drivers and things, but the link provided to the Lenovo website also doesn't work. I had to run Windows Update and find the updated drivers on the Lenovo site myself. I happen to have a G505s, but the issue is obviously not restricted to one model.

  Maybe a Lenovo server is down. Check again later or tomorrow.
  Of course it might be that your firewall or other protection software is blocking the application from communicating with the Lenovo server...
  Did someone help you today? Press the star on the left to thank them with a Kudo!
  If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"!
  This will help the rest of the Community with similar issues identify the verified solution and benefit from it.

• OSD: capture TS doesn't install Windows updates

  Hi,
  We capture a Windows 7 machine, this works fine but the mandatory updates do not install.
  It says "no updates need to be installed" though there ARE updates available (checked on the captured machine andstarted update, see screenshots for clarification).
  We did a capture with this TS before and updates installed correctly then. Do we need to add an extra step to install Windows updates (see screenshot below: "you must first install an update" ...).
  Please advise.
  J.
  Jan Hoedt

  Is a software update group targeted to the collection where the TS is deployed to?
  Torsten Meringer | http://www.mssccmfaq.de

• Downloaded Maverick Safari doesn't open window, update done on safari

  I Dowloaded Maverick and now I am trying to find things and update.  I updated Safari but it still wont open its window.  What can I do?

  Click the Apple () menu top left in your screen. From the drop down menu click About This Mac.
  Which version number do you see?

• [Answered] Is akamai screwing up Windows Update?

  This problem has been solved here:
  https://social.technet.microsoft.com/Forums/en-US/62b9fd5c-10b2-4266-bc15-fcf3e79d20d4/solved-windows-firewall-rule-that-allows-windows-update?forum=w7itpronetworking
  Everything from here down is obsolete.
  There are 2 URLs involved with Windows Update. They are
  (This is an excerpt of the help page related to my Windows Update failure.) Put those URLs in your memory banks, and then take a look at this:
  What I'm trying to do is get the IP for 'download.windowsupdate.com'. Why? Because you can't put 'download.windowsupdate.com' into an outbound firewall allow rule, but you can put an IP into an outbound firewall allow rule.
  But look what happens to my ping. I ping 'download.windowsupdate.com' but get back the IP for 'a767.g.akamai.net'.
  Holy Smoke! I've never seen that. The DNS request is being completely overwritten by a different DN. It's like email forwarding, or like HTTP redirection, but at the DNS level. whois download.windowsupdate.com fails. Looking up 'download.windowsupdate.com'
  at Network Solutions fails.
  Could this be what's causing my Windows Update to fail?
  This thread is closely related to this thread:
  https://social.technet.microsoft.com/Forums/en-US/065dae90-e76c-4b10-9258-b086ce59e46c/windows-update-error?forum=w7itpronetworking

  Thank you for replying, mystifeid.
  First, let's establish that prior to this evening (early morning now in the Eastern USA), everything worked except Windows Update. All I needed was an outbound firewall rule that would allow Windows Update. I've successfully created plenty of rules (I'm an
  electronics engineer, formerly a developer at Intel). S.Sengupta gave me unwelcome advice. He wanted me to bring down my outbound firewall when all I need is a rule to allow Windows Update. Having responded with inappropriate advice that was not germane to
  my issue, he did indeed poison the thread because no one at Microsoft will take my issue seriously after I reject his advice. And make not mistake, I reject his advice. Taking down the outbound firewall is dangerous and I will not do it. I realize that such
  is the default setup, but that really makes the Windows Firewall with Advanced Security a sham, doesn't it. After all, why have a bi-directional firewall if you're going to open up outbound to any and all connections? I don't want to argue this point with
  Microsoft technicians. If you insist that I have to take down the outbound firewall, then we might as well escalate this to Microsoft engineering right now and save ourselves a lot of typing.
  Here's the rule I created to allow Windows Update. I named it "Allow Windows Update"
  Name: Allow Windows Update
  Group:
  Profile: Public
  Enabled: Yes
  Action: Allow
  Program: C:\Windows\System32\wuapp.exe
  Local Address: Any
  Remote Address: Any
  Protocol: Any
  Local Port: Any
  Remote Port: Any
  Allowed Computers: Any
  Status: OK
  Service: wuauserv
  Rule Source: Local Setting
  Interface Type: All interface types
  Excepted Computers: None
  Description:
  As you see, I've enabled both the 'wuapp.exe' update launcher and the 'wuauserv' update service.
  Kindly tell me: Why doesn't that rule work? Why can I not perform a Windows Update without bringing the outbound firewall down?
  By the way, I took the advice a Microsoft technician gave earlier and now, only my Linux virtual machine can get on-line. The Windows host can't. I'm writing this in Firefox running in the Linux VM.
  UPDATE: Windows host is back on-line. Windows Update still doesn't work, but the error code has changed to 8024402c (was 80072efd).

• Windows Media Player keeping Automatic Maintenance window/Windows Updates from doing auto-restart

  I have a system that is connected to a domain, and it runs a video playlist in Windows Media Player for digital signage upon bootup (and auto-login).  WMP is set to loop the videos over and over again, but it also is preventing automatic updates from
  installing and/or auto-restarting at 3:00AM in the morning (and yes, the system power management is set to keep the computer on all the time).
  How can I fix this?
  I have a GPO set up to install updates and restart automatically (option 4).  I tried the GPO option to use the Windows 8 maintenance window to install updates, and also tried turning that option off and just using a 3:00AM restart period.  Neither
  option seems to work, so it looks like Windows Media Player is preventing an auto-restart to finish the update installation.  Is there any way around this, so that Windows Media Player doesn't stop Windows Updates from doing its job?  I don't care
  if that means the video stops playing because it just starts up again on the next bootup.
  I looked at the WMP GPO's and the only option that sounds like it's related is the option to turn on or off the auto-updating of media info for WMP, but it has nothing to do with what I'm trying to accomplish.  If I missed something, let me know. 
  If there is some other way to accomplish this, such as associating and launching the playlist file with the Xbox Videos app, I would be fine with that, but I need it to loop the playlist continually (I also use the Shuffle option
  in WMP - ***see note below for another question).  I still want the system to automatically install updates and reboot on a regular schedule despite the video playing in the foreground.
  ***Side question: is there any way to turn Repeat and Shuffle options on in WMP without having to load the GUI (for scripting a playlist)?
  Just FYI: this system is actually using Windows Embedded 8.1 Industry Enterprise (from a MAPS account), but it isn't customized aside from not having the standard WinRT apps from a stock Win 8.1 install loaded - it is a stock install from the ISO. 
  From what I understand, it is the same as Windows 8.1 Enterprise, except that it is only licensed to be used as an "appliance" machine for a single role - which it is.  So I'm assuming that there are no actual differences from a "regular"
  Windows 8.1 SKU that would cause this issue.  If I am completely mistaken about this, please notify me on it.  The reason I'm making this statement is in case there are any differences in Embedded 8.1 Industry Enterprise that I am not aware of. 
  Otherwise, I welcome any assistance that would target a "regular" version of 8.1 Enterprise.  NOTE:  Someone said to post this into the Windows Embedded forum, but the only one that exists is the one for POSready - and this is HARDLY the
  POSready version of Windows Embedded that I'm using.

  Hi,
  Did you use the policy Local Computer Policy\Administrative Templates\Windows Components\Windows Update\Always automatically restart at the scheduled time?
  I noticed an description "restart with logged on users for scheduled automatic updates installations" policy is enabled, then this policy has no effect." it means if system installed some updates which unneeds restart computer, this policy would has no effect.
  In my opinion, your problem should not caused by WMP setting. please check your installed updates whether they need restart computer.
  In addition, Power Managment in Control Panel also can prevent the schedule task running.
  Control Panel\System and Security\Power Options\Edit Plan Settings\Change advanced power settings\Sleep\Allow wake timers
  Please make sure this option is enable.
  Roger Lu
  TechNet Community Support

• Monitor Color Profile Coming In With Windows Update

  I recently had to revisit the color-management logic in my software, owing to a monitor profile showing up and being installed on users' machines through Windows Update. 
  Specifically, for some reason a VMware virtual machine running 32 bit Windows 7 is now considered to have an Acer monitor, rather than a "Generic Plug n Play Monitor" (which actually made more sense).
  This is the specific Windows Update that brought it in:
  Beyond the obvious problem (of a virtual machine not actually having a physical monitor, certainly not an Acer S271HL in this case), this Windows Update is installed with virtually no fanfare.  Though as a rule I set my own systems to notify me but not install updates, and I do actually read about the updates Microsoft is proposing installing on my system, most folks don't - they simply allow Windows Update to do its thing without much thought.
  This particular monitor profile wasn't bad per se, but it did have an attribute that I didn't anticipate in my color-management implementation.  Photoshop seemed to deal with it okay - in this case it was just my plug-ins that didn't (all fixed now).  But sometimes we see monitor profiles that aren't okay pushed on users, and they throw Photoshop and other color-managed applications off unexpectedly for users.  This profile was set active, overriding the Windows default that was previously set.  Would it have overridden a profile (e.g., made with a calibrator/profiler) that had been explicitly set on a system?  Not sure.  But if so that would have been bad!
  Does it seem that Microsoft may be trying to become more aggressive about pushing color-management out to users?  If that's the case, wouldn't you think they should fully implement color-management in their own software - e.g., in their browsers?  Conveniently, Internet Explorer wasn't affected by this update, because it ignores monitor profiles.
  Please excuse my little rant to let off a little frustration over unexpected system changes.  Thanks for reading.
  -Noel

  No, actually the System Default stayed the same, but the ACER profile showed up in the Devices panel.  However, [ ] Use My Settings was NOT checked, implying they found some way to install the profile that's outside the normal configuration settings somewhere between the Advanced and Devices level configuration.
  The fix is to check the [ ] Use My Settings box, add the profile one wants to use in the Devices panel, and [Set as Default Profile].  This overrides the setting above.
  -Noel

• Directive Bundle - Shutdown workstation no longer works

  Our network has been using a directive bundle to shutdown our pc's for over a year now and it had worked quite well up until a couple of weeks ago.
  At that point I added an additional requirement to keep it from shutting down a pc on our network, since then the pc's are no longer turning off as they had.
  The action is set to shutdown the pc's after 900 seconds(15 minutes) and gives the user the option to cancel. The bundle is associated to 4 different workstation groups. The schedule for each association is set to "recurring" and has both the Distribution Schedule and the Launch Schedule set for 6:45pm M,T,W,T,F.
  I originally tried to edit the bundle back to its original state by removing the requirement I had added, they still didn't shut down.
  Then I rebooted the ZEN server(10.1.1) in case a service or something had been stopped or affected.
  The bundle appears on all the clients under the "assigned bundles" in the agent and shows it is available and effective.
  Yet the pc's still do not power off... any ideas?

  szartman,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://forums.novell.com/

• Firefox did an automatic update to 6.01, and now my middle mouse button is not working in the browser. It doesn't close tabs, it doesn't open new tabs by middle clicking a link, it doesn't allow me to middle click to scroll the page...

  Firefox did an automatic update to 6.01, and now my middle mouse button is not working in the browser. It doesn't close tabs, it doesn't open new tabs by middle clicking a link, it doesn't allow me to middle click to scroll the page..

  [BUG FIXED, see "EDIT 2" at the end of my post]
  I'm on Firefox 3.6.21, and I got this problem today after a Greasemonkey update (To version 0.9.10, apparently).
  Disabling Greasemonkey solved the problem, and re-enabling it reproduced the problem (middle-clicking links to open in new tab did not work, merely highlighted the link).
  I should also note that while Greasemonkey was enabled and the bug was affecting me, Ctrl+Click to open links in new tabs was also broken.
  I hope this helps!
  EDIT: It appears this is a known incompatibility/conflict bug between current versions of Greasemonkey and Tab Mix Plus. Read more here:
  https://github.com/greasemonkey/greasemonkey/issues/1406
  EDIT 2: GREASEMONKEY HAS NOW BEEN UPDATED with a workaround to fix the problem. Go to https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/versions/ to install the update manually. It hasn't been reviewed by Mozilla yet, so it won't be an automatic update for another day or two. All credit to "cannonfodder" below for noticing this; please mark his post as helpful!

• Arch doesn't boot up after Windows Update on Surface Pro 3

  Hi all,
  I am using a Microsoft Surface Pro 3. I have a persistent installation of Arch on a USB drive. It works very well on the Surface. The only problem I am facing is, whenever I run Windows Update, I am not able to boot from the USB Arch installation after that. It just guides me to the BitLocker recovery page. The only way to boot from the USB drive is to install GRUB on the EFI partition again. It'll work until the next Windows Update, but then again the same thing repeats itself. I am stumped as to how to resolve this.
  Disabling BitLocker doesn't work too, as the system then boots straight into Windows instead of going to the BitLocker recovery page.

  parag14 wrote:Would efibootmgr help in any way?
  You can check the boot order by using:
  efibootmgr
  You can set the boot order using:
  # efibootmgr -o xxxx,yyyy,zzzz
  Replace the letters with the bootnumbers given by the first command.
  You can probably use this method to reset Arch at the top of the list rather than re-installing GRUB.

• Windows 2003 R2 Gray Screen Hang on HP DL380 G5 when restarting or shutdown after Nov/Dec 2011 Windows Update

  I’ve 4 identical HP DL 380 G5 Servers with Windows 2003 R2 Std.  The 4 machines have the same Windows driver version and motherboard BIOS version.  2 have no problem.  2 have problems after Nov/Dec 2011 Windows Update!
  After running for a few days from power-up, the 2 problem servers will hang at gray screen during restart.  After clicking for restart,
  - The Event Log service will stop normally so there is no more error log can be seen!
  - The IP ping to the server can still work.  The mouse pointer in Windows can still be moved.
  - The Windows shutdown gray screen can be shown.
  - [Ctrl-Alt-Del] has stopped to function.
  Then the system just freezes at that status.  I can only cold-boot the system!
  After power-up again, I can do the Windows restart / shutdown normally!  But after a few day of running, the above symptom repeats!  The symptom happened since I installed the Windows Update in Dec 2011.  It didn’t happen before that!
  Anyone can give a hint on how to diagnose it?

  Hi,
  In order to troubleshoot the server hang issue, you can first preform a clean boot on the problematic system.
  Steps:
  ====================
   1. Click Start->Run…->type
  msconfig and press Enter
  2. Click Services tab and select Hide All Microsoft Services
  and Disable All third party Services
  3. Click Startup tab and Disable All startup items
  4. Click OK and choose Restart
  5. After reboot, check whether the problem still occurs
  If the server hang on issue still continues in clean boot mode, for the further troubleshooting, you may check in the Task Manager to see which process takes the memory resources.
  Meanwhile, you can also use reliability and performance Monitor to track down what cause the performance issue.
  Windows Reliability and Performance Monitor
  http://technet.microsoft.com/en-us/library/cc755081(WS.10).aspx
  Windows Performance Monitor
  http://technet.microsoft.com/en-us/library/cc749249.aspx
  Best Regards,
  Aiden
  Aiden Cao
  TechNet Community Support

• Windows Update - Shock Doesn't Work in IE

  Hi. I have Windows 7 and IE 11.0.9.  Yesterday there was an automatic Windows update and changes were made to IE.  Now I have problems with Shock.  I go to this news website and for every video it tells me that I need Adobe Shock Wave, but I do. I tried all the troubleshooting for Shock on your website but nothing works.  http://www.cbc.ca/news I did try re-installing Shock but it did not solve the problem even though it congratulates me saying my new Shock works.  I have a copy of Chrome and tried the same web page and the videos work.  I’ve thought of uninstalling the Windows update, but not fussy about that.

  Ah ha!  I found some information from the website that I noted in my opening question. I am on Windows 7 but believe this is the answer to my problem.  Announcement below.
  "Microsoft recently updated Windows 8 and Internet Explorer 11 to include a bundled version of Flash in the browser.
  This has caused issues on multiple sites, including ours, whereby the user is prompted to download Flash, even though they already have it.
  Please be advised that this is not a problem with the video delivery platform, but Microsoft code (IE 11). Microsoft is working on a patch to fix this problem.
  In the meantime, the best workaround is to use a different browser."