Preventing a driver from automatically installing from Windows Update on Windows 10 (when it keeps reinstalling before you can run the driver blocking tool)

System Requirements:

  • Windows 10

The Problem:

Microsoft’s descent into Apple design and general irrelevancy continues unabated with design time decisions for Windows 10. Obviously when drivers get released onto Windows Update, they’re going to work for everyone. Obviously.

In my experience the main issue is with integrated chips from the large PC OEM’s (Dell, HP etc). The subtle modifications that they make in their own proprietary releases of their “2010” driver when do not necessarily directly map onto the generalised driver with the same PnP ID’s being detected from Windows Update.

In the last week I’ve had to deal with this no less than 8 time on 6 separate occasions. I, like most people in IT, have encountered this many times before however it has usually been with fairly large driver updates that require a reboot – prolific Windows 10 dual screen problems with Windows Update Intel HD Graphics drivers anyone?

So unlike previous Windows versions, there is no longer a way to stop Windows Update automatically installing updates immediately using the UI, you have to resort to group policy to have any chance of delaying it. In Windows 10 there is also no way to block certain updates if you do not want them / they don’t work.

Of course Microsoft’s business decision behind this end user horror is quite simple: Too many people blocked or are blocking KB3035583 (the Windows 10 installer update for Windows 7 and 8.x) preventing them from force feeding you Windows 10. They also want to de-fragment their ecosystem (I can empathise with this) and consequently they want to ensure that people are being spoon fed the latest feature updates as soon as possible under the new Windows feature release cycle.

Of course, if you get a bad update or a bad driver, now that there is no way to block it, you will uninstall it and it will simply come back.

The problem is exacerbated with small driver downloads (in the kilobytes range) that do not require reboots. In my most recent cases a 2009 HP Laptop Webcam. a 2010 HP Laptop Fingerprint reader and a 2008 Toshiba laptop touch screen driver. By the time that you have uninstalled the bad driver, rolled back to ‘no driver’/a working driver, run Windows Update to make Windows aware that there is a bad one available and then in turn run the Window Update Show/Hide Tool. Windows has already reinstalled the bad driver and as a consequence the WU Show/Hide tool is unable to give you the option to block the driver.

Bravo Microsoft. Bravo!

More Info

As eluded to above, the issue is one of timing. Windows 10’s brutal and where possible immediate desire to install anything that comes down the update channel is breaking the sequence necessary to correctly use the WU Show/Hide tool.

The required sequence is:

  1. Uninstall defective device, deleting the old driver
  2. Run Windows Update so that the local Windows Update Available Updates Catalogue shows an available driver update for that device
  3. <Windows Update should NOT do anything at this point>
  4. Run the Windows Update Show/Hide Tool
  5. Block the bad driver update
  6. Re-scan Windows Update to clear the update from the Available Updates Catalogue
  7. Install updates manually / after a sensible delay

In practice, at step 3 Windows Update – now aware that there is a driver waiting – is simply installing the bad driver again. This prevents you from running the WU Blocker tool. The problem is exacerbated by small updates (or fast Internet connections) because there isn’t a delay between Windows realising that there is an update and taking the time to download it before executing the Install.

This delay is useful for things like the Intel HD Graphics problem because the driver files is over 120MB and in many cases this gives you enough time to run the WU Blocker tool successfully.

The Fix

Yes, you can mess around with Group Policy to fix this – unless of course you are on a home edition. Yes, you can also modify the driver installation policy, however again this isn’t always desirable. So I present a simple way to solve this.

  1. Download the Windows Update Show/Hide (blocker) tool from KB3073930
  2. Open Windows Explorer at C:\Windows\SoftwareDistribution\Download
  3. Open en elevated command prompt and type:
net stop wuauserv
  1. Return to C:\Windows\SoftwareDistribution\Download and delete everything in the folder (but not the folder itself) – this deletes the installer cache for the driver
  2. Right click on the C:\Windows\SoftwareDistribution\Download folder itself, choose properties
  3. Open the security tab
  4. Click Edit to change permissions
  5. Select the SYSTEM account from the accounts list
  6. In the Deny column next to the permission for “Write” place a tick – JUST place a tick next to Write, that is all that is needed!
  7. Click OK twice to return to Windows Explorer – accepting any messages and warnings about Deny actions and system folders
  8. Go to device manager, uninstall the defective device – ensuring that you select the option to delete the driver along with it
  9. Run Windows Update
  10. Windows Update will now attempt to install the device, however it will fail with error code 0x80246007
  11. Now run the Windows Update Show/Hide Tool, block the update
  12. Return to Windows Update and re-scan for the update to flush it out of the available update list
  13. Go back to setup 5 and REMOVE the Deny Write permission tick to undo your changes
  14. Return to Windows Update and re-scan for updates. Windows Update should inform you that your device is up to date and will not attempt to install the driver

View: Windows Update Show/Hide Tool

PDF of MSKB 824184 How to set up Automated System Recovery on a Windows Server 2003 computer that is running Remote Installation Services

System Requirements:

  • Windows Server 2003

The Problem:

For some reason Microsoft removed KB824184 from the website, yet it is the only reference to the fact that you can merge Automated System Recovery (ASR) with Remote Installation Service (RIS) to perform floppy-less network recovery installs under Windows Server 2003.

It is also reported that they even still test exam candidates on knowing that it is possible despite the fact that it isn’t mentioned where else!

This article provides a PDF download of 824184 in the interest of aiding the curious.

The Fix

Download a PDF of the (clearly not intended for real use by anyone) instructions here.

Download: 824184 How to set up Automated System Recovery on a Windows Server 2003 computer that is running Remote Installation Services (71 KB)

Windows Vista & Windows 7 Implicit Answer File Search Order (Unattend.xml) Clarifying “Setup!UnattendFile”

System Requirements:

  • Windows Vista, SP1, SP2
  • Windows 7, SP1

The Problem:

A slight matter of a documentation error on TechNet that has existed for a very long time and is causing a lot of confusion.

More Info

TechNet states that the first and preferred search location for an Unattend.xml file is the registry location:


This is vague and confusing and is in fact probably typo that has been left for a long time. This could mean a value called Setup!UnattendFile under HKLM\System or a number of other things.

You can see the TechNet link below.

View: Manual Installation of Windows 7: Overview

The Fix

I can confirm from first hand experience with Vista, 7 and 7 SP1 that this should be:

Value Name [REG_SZ (String)]: UnattendFile
Value Data [e.g.]: C:\Windows\Setup\Scripts\MyUnattendFile.xml

Unattend.xml files found through this registry key do not have to be named Unattend.xml, you can call them whatever you like.