I want to prevent Windows Update from ever downloading and installing
a particular security patch (329170), which causes my computer to
pause while shutting down, and which I don't need at my site.  But, I
do want new patches.

I don't want to have to remember to uncheck that patch every time- I
want Windows Update to ignore it.  How can that be done?

---

Clarification of Question by fecund-ga on 12 May 2003 09:47 PDT

This is a security patch so it doesn't show up with a checkbox in the
"Personalize Windows Update" screen.

---

Request for Question Clarification by sublime1-ga on 17 May 2003 11:40 PDT

fecund...

I solved the same problem (with the same patch) by using
'Automatic Updates' instead of going to the Windows Update
website. Go to 'Start' --> 'Settings' --> 'Control Panel'
--> 'Automatic Updates', and check the box that says
"Keep my computer up to date...". Then check the box that
says "Notify me before downloading....and notify me before
installing...updates".

When the program runs, it will notify you of the 329170
security patch. In the notification, there will be a 
check box you can check or uncheck (I forget which) that
says, in essence, "don't ask me about this patch again",
and it never will - at least it worked for me.

Let me know if this works for you, and I'll post this
as the official answer. 

sulime1-ga

---

Clarification of Question by fecund-ga on 17 May 2003 13:13 PDT

This now seems to be two questions:
a)how to trick windowsupdate into thinking that the patch is already
installed?
b)how to prevent automatic updates from asking about the patch?

The "Request for Question Clarification by sublime1" addresses b, and
it's useful, however I must have selected that some time ago- I
already have automatic updates running, with "Keep my computer up to
date" and "Notify me before downloading" checked, and I haven't been
asked about Q329170 in a while.

Is there a way to force an automatic update to run, so I can test it?
I suppose I could do the "Automatically download the updates, and
install them on a schedule that I specify" so I can set a time, and
have it run within the hour, but then I don't get a chance to decline.

On the Windows Update page, there's a link in the left border in the
second section down (under "Other Options") that says "Personalize
Windows Update".  Click this link, and there you will find a list of
available updates to display.  Uncheck the box from the update you
don't want to see, and it should not display as an available update in
the future...Hope this helps.

You would have to uninstall Windows Update from automatically
updating.
Then you would have to manually update at windowsupdate.com and then
just uncheck that update each time. That's the best solution I can
think of. Someone else might find a better way...

I'm not much for windows but I suppose you should be able to add the
requesite registry entries to fool your system into thinking the patch
has been applied already.

I suggest you read this article on modifying the registy if you are
not sure http://support.microsoft.com/default.aspx?scid=kb;EN-US;256986.

In addition if you feel uncomfortable editing the registry live with
the problem - don't fiddle then blame me!

Assuming you're on Windows 2000

The entries for the patch you want appear to be found at
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP?\[Patch
Number]

All entries are similar but I have included below a reg file that you
can merge into your registry that has the relevant entries. Copy the
whole thing into a text file - then rename it something like merge.reg
ensuring that the extension is .reg you should then be able to right
click and select Merge to create the entries.



Copy from here to bottom --->

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows
2000\SP4\Q329170]
"InstalledDate"="12/13/2002"
"InstalledBy"="username"
"UninstallCommand"="C:\\WINNT\\$NtUninstallQ329170$\\spuninst\\spuninst.exe
"
"Description"="Windows 2000 Hotfix (Pre-SP4) Q329170"
"Type"="Update"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows
2000\SP4\Q329170\Filelist]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows
2000\SP4\Q329170\Filelist\0]
"FileName"="LOCALSPL.DLL"
"Version"="5.0.2195.6090"
"BuildDate"="Fri Nov 01 19:55:06 2002"
"BuildCheckSum"="4110d"
"Location"="C:\\WINNT\\System32"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows
2000\SP4\Q329170\Filelist\1]
"FileName"="PRINTUI.DLL"
"Version"="5.0.2195.6023"
"BuildDate"="Fri Nov 01 19:55:06 2002"
"BuildCheckSum"="60dc8"
"Location"="C:\\WINNT\\System32"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows
2000\SP4\Q329170\Filelist\10]
"FileName"="printui.dll"
"Version"="5.0.2195.6023"
"BuildDate"="Fri Nov 01 19:55:06 2002"
"BuildCheckSum"="60dc8"
"Location"="C:\\WINNT\\System32\\DllCache"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows
2000\SP4\Q329170\Filelist\11]
"FileName"="spoolss.dll"
"Version"="5.0.2195.6047"
"BuildDate"="Fri Nov 01 19:55:06 2002"
"BuildCheckSum"="147d8"
"Location"="C:\\WINNT\\System32\\DllCache"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows
2000\SP4\Q329170\Filelist\12]
"FileName"="srv.sys"
"Version"="5.0.2195.6110"
"BuildDate"="Thu Oct 31 03:45:10 2002"
"BuildCheckSum"="3e1d3"
"Location"="C:\\WINNT\\System32\\DllCache"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows
2000\SP4\Q329170\Filelist\13]
"FileName"="srvsvc.dll"
"Version"="5.0.2195.6110"
"BuildDate"="Fri Nov 01 19:55:06 2002"
"BuildCheckSum"="1273a"
"Location"="C:\\WINNT\\System32\\DllCache"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows
2000\SP4\Q329170\Filelist\14]
"FileName"="win32spl.dll"
"Version"="5.0.2195.6044"
"BuildDate"="Fri Nov 01 19:55:06 2002"
"BuildCheckSum"="19465"
"Location"="C:\\WINNT\\System32\\DllCache"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows
2000\SP4\Q329170\Filelist\15]
"FileName"="winspool.drv"
"Version"="5.0.2195.6032"
"BuildDate"="Fri Nov 01 19:55:06 2002"
"BuildCheckSum"="2b86b"
"Location"="C:\\WINNT\\System32\\DllCache"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows
2000\SP4\Q329170\Filelist\16]
"FileName"="wlnotify.dll"
"Version"="5.0.2195.6103"
"BuildDate"="Fri Nov 01 19:55:06 2002"
"BuildCheckSum"="194e8"
"Location"="C:\\WINNT\\System32\\DllCache"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows
2000\SP4\Q329170\Filelist\2]
"FileName"="spoolss.dll"
"Version"="5.0.2195.6047"
"BuildDate"="Fri Nov 01 19:55:06 2002"
"BuildCheckSum"="147d8"
"Location"="C:\\WINNT\\System32"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows
2000\SP4\Q329170\Filelist\3]
"FileName"="srvsvc.dll"
"Version"="5.0.2195.6110"
"BuildDate"="Fri Nov 01 19:55:06 2002"

The "registry" method seemed promising, but it didn't work. First I
tried the supplied file, but windowsupdate still wanted to install the
patch. Then, I went ahead and installed it, exported the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP4\Q329170
key (which had a few more entries then the one you supplied)-
de-installed Q329170, then rebooted and reloaded the keys- but
windowsupdate was not fooled.  What does windowsupdate check? Do I
have to "touch" the dlls it thinks the patch needs?

If you are adminstering a network, set up Microsoft's Software Update
Services on a server.  This centrally downloads all updates to the one
server.  You can then set up a Global Policy that switches off
WindowsUpdate and points each PC (win2k up only) to the server with
SUS installed.

You manage the SUS through a browser, <servername>/SUSAdmin, and you
approve which packages you will allow to be installed on your PCs.

My network automatically updates itself... so long as I approve the
patches once they are downloaded.  The frequency you check for updates
from Microsoft is adjustable... i just set ours to check every day.