Windows Update being a bit naughty?

Recently, I audited my work laptop.  I set lots of the services disabled so that I control to some extent what runs and when.  All pretty obvious stuff for a security professional.  An interesting point was noted when I next tried to run Windows Update though.

Not surprisingly, Windows update has some dependancies which must be satisfied for update to work.  They are BITS, Automatic updates and Event Log.

I can understand that.  Windows update kindly reported to me that some of Automatic Update, Event Log and BITS were not running and asked me to go start them.

I did and interestingly, Windows Update still did not work.  It transpires that it is not good enough to start the services: You must set them to Automatic in order for windows update to work.

This is a bit of an arse.  I can see that MS want this stuff running, but it's a bit naughty to insist that the services are set automatic rather than that they are running.  It means that to apply updates, I need to jump through a whole lot of hoops: changing service settings every time.  I'm certainly not happy to just leavee this stuff running the whole time.

Unfortunately, it seems that MS still don't get it..

Leave a Reply