Why settle for mainstream? Go upstream!

+46-8-56610670 info@upstream.se

3 steps to prevent Windows 10 upgrade notification with Kaseya

Windows 10 is now released to the world. Like it or not, Microsoft is on a mission to upgrade as many users as possible. However, right in the middle of  vacation (at least here in Scandinavia) may not be the perfect time for your customers to do so. If you are a Managed Service Provider (MSP) and responsible for your customers IT you may end up with confused end users if any upgrade slips through your safety net. Face it, you will always have rouge and ”semi tech savvy” customers that do a little bit more that they should and blame you if things go wrong.

Let’s go trough what you need to have in place to prevent disaster when vacation time ends.

First of all, Windows 10 is a free upgrade, but there are limitations to that offer and how it is delivered. Those include:

  • The device is NOT running at least Windows 7 SP1 or Windows 8.1 Update.
  • Windows Update is turned off or is not set to receive updates automatically.
  • Windows Update functionality is blocked or uninstalled.
  • The device is not running genuine Windows.
  • The device is part of Enterprise licensing (SKU).
  • The device is domain-joined (this is very important).
  • The device is MDM-managed.

Microsoft released the confusing update KB3035583 some time ago promoting Windows 10 to users. On July 29:th a whopping 2Gb KB3012973 optional update patch will also be released in more than 190 countries. We bet that many of your customers are running domain-joined machines so the annoying pop-up will not be visible at all, nor the 2Gb blob. But still, we see a growing number of end customers running in Workgroup mode, so please be aware of the difference in behaviour.

So, what will you have to do to prevent users from starting to download Windows 10 July 29:th? If you are running Kaseya as the tool of choice managing your customers, it’s quite easy. Follow the three steps below.

1. Prevent any machine running Kaseya Patch Management from getting the KB3035583 and the KB3012973 patch in the future by making a ”blacklist” entry in KB Override. This will be a pro-active global setting and ignores any applied Kaseya Patch Policy you may have assigned to the machines. It’s better to set this up now as many machines are offline a long period during vacation time. Again, this setting only applies if you are running a scheduled Automatic Update from Kaseya.


2. Damage control. Views in Kaseya are a great way to get a quick list of machines with specific kind of settings and attributes. In this case we are looking for all Workstations with KB3035583 installed. This will give you a list of machines with the ability to get upgraded.


3. Take action. Now that you know the list of machines having KB3035583 you can easily create a Kaseya Agent Procedure that removes the installed patch. There are several guides on the Internet floating around how to do this, but we created a ready to run Kaseya Agent Procedure. Download the Upstream Kaseya Power Pack by registering for free here. After importing the Kaseya Agent Procedures folder, look in the ”Windows, Sys Mgmnt” section for ”Sys Mgmnt – Windows – Remove Windows 10 Upgrade Notification”. We want this to be executed instanly, not betting on the machines to be restarted. Here is a short summary of the steps involved.

  • The EXE file responsible for the pop-ip is called ”c:\Windows\System32\GWX\GWX.exe”. Let’s continue if present.
  • Uninstall the patch from the command line within a Kaseya Agent Procedure. No reboot required.
  • Verify that ”c:\Windows\System32\GWX\GWX.exe” does not exist and write a success log entry. If the file still exists, write a unsuccessful log entry.

By triggering removal only when ”GWX.EXE” is present you can schedule this Kaseya Agent Procedure to run recurring without making any big impact. Good luck and happy scripting!

The Upstream team

11 augusti, 2015 • AV Ronny Tunfjord