Neowin.net

What IT department in their right minds has WSUS set to install updates automatically anyway? At our company all updates are tested on a small group of machines before being rolled out company wide.

YO umissed the point, even if you didn't approve this update it got installed. hell i never approved it on my WSUS, and i have not got it set to install updates automatically, actually as soon as i heard it was in there i went in and disabled it

Same here. Must know I'm not an IT dept.!!

Which is good as I didn't want it and wouldn't want it. Immediately set my prefs at the update site to not show me that again.

This story isn't about Windows Update, it's about Windows Server Update Services.

Re-read your EULA. Microsoft reserves the right to install what they deem necessary, without your permission. I don't think they have used this much (only thing that comes to mind is the update to the updater, which makes sense to me).

Yep, most people fail to realize this and the fact that they DON'T OWN WINDOWS. I think the specific language that was in the XP EULA is not in Vista's though. Maybe they cleverly hid it.

@Celtic: why not use WSUS?

Because, it is WSUS that is giving IT Depts. the problem, re-read the article and all the blog posts about it.

WSUS only does things like this when IT departments have their WSUS Servers set to automatically approve updates as they come in. No IT department in their right minds should be doing it that way, they should be testing updates on a small subset of machines before rolling them out company wide.

yeah but this is the only time i have seen it happen, so why not use WSUS previously, i never had any probs until this crap

Balls to that. My computer, my licence, my money, my time. The updating updater is something that might get allowed but apart from that any clause that enables a third party (and a supplier is a third party when it comes to my stuff) to arbitrarily bugger up my machine is not enforceable thanks to my overriding right to tell them to sod off. Don't like it? Don't care. Try enforcing it. An inequable contract (that is not signed, a click-through cannot be interpreted the same) is illeagl under contract law.

Example: an update (that can be installed without your approval, knowledge, etc., according to the almighty EULA) cripples your internet connectivity because you happen to have a competing product installed. Under the "terms" they can do this with no recourse at any time.

(Hypothetical, I know that doing such a thing would cause a massive backlash. Doesn't alter the fact that they can)

On their software. But I have the right to set up a firewall and strand that software from the internet as severely as I choose. Just because Microsoft's software is on my hardware doesn't mean that they then now own my hardware too.

Like I said, we're on a whitelist filter at work and I'm very tempted to do the same at home, at least for Windows systems. My girlfriend has been very curious about Ubuntu since her friend at MIT told her about it; if she makes the switch, then I'll just cut off all Windows systems on my network from the Internet and require Mac OS or Linux for connectivity. Put that in your crack pipe and smoke it, Redmond. I'd like to see your "value-added features" get through my ProSafe box when it's told to drop anything and everything from your IP range bound for your targets on my network.

I must say vice versa

Yeah, who wants a fast index providing a powerful interface to instantly finding your data? It's useless bloat!

It is useless to those that can't run it without it interfering with their other daily habits. It interfered with my Web browsing, not to mention that it kept reverting to the indexing defaults instead of keeping my indexing settings. After about 3 weeks (it reset itself after 1 week every time), I found that last bit rather annoying. If the application doesn't do what it is supposed to in the first place, I see no reason to keep it. By the way, that was on XP, and after seeing what Vista Home Premium did to my dad's just-bought laptop, I don't dare install even Vista Home Basic on mine. It is "Windows Vista™ Capable" (read "able to run Vista Home Basic only", but I have enough troubles and don't need to deal with a slow OS when I need to get things done. I only had trouble with Fedora 6 once when I ran it, and that was my own stupid fault (third-party software repository is not always of the best quality...)

MS just can't seem to do anything right anymore... Great for new users, but once those new users get ****ed off, things'll turn a different direction. I'm no gamer, but for the sake of those who adore the Xbox platforms, I hope nothing gets screwed up there.

He who does not lose his data in the first place, and knows where to look for it.

And the laptop also likely came with McAfee, Google Desktop Search, WildTangent, and who knows what else crapware.

So back to filing cabinets, then? This is just an even quicker way to access your data. I can type something into Vista's start menu search and find it a lot faster than most people can go into Documents, and find the folder they saved it in, the subfolder inside that one, and open the document.

Don't be ridiculous with the paper and filing cabinets argument.

Good organization is a must. Having a search utility is no excuse to going back to a flat file system with no subdirectories and structure. In other words, just throwing files 'wherever' without care and expecting search to be the primary file finder is a bad idea.

from the testing my company has done internally, itis actually rather unreliable, to the point we removed support for it from our software

it has nothign to do with automatic approval, as i said i don't have auto approval set in WSUSand it got installed on all my machines

This whole article is BECAUSE Microsoft pushed out an "updated" release of WDS 3.01, and since BY DEFAULT WSUS automatically approves revisions, this was pushed out automagically.

It does look like the installer is bugged, rather than upgrading existing installs, it's installing on all PCs.

you rerally didn't read the article did you

Well, they were -- and still are having problems -- because they are slow...you said it yourself!

6) Smack yourself in the head when you discover that WDS doesn't index the folder dxdiag is in. (Go ahead, I'll wait.)

Why would you need it to? You just ran it without having to search for it.

LoL I was just about to say the same thing Grey. By default, WDS only indexes My Documents and Shared Documents folders. You have to add more folders if you want it to search beyond that. I'm just glad they found a way to get WLPG to work without it's dependence on WDS.

Yes, but it can't find it even if you tell it to index all local drives. Sorry, I forgot to mention that.

Yes it can. I have a test machine I use with the whole disk indexed, and i just tried it.

Won't do it with mine. That's Strange.

pebkac?

Yup I'd say it's either PEBKAC or ID 10-T errors

BTW, saying ID 10-T works out better than writing it.
When you say it they have no clue what you mean. When you spell it out they do

I actually agree with you, it is rather unrelaible, and yes my compnay has done extensvie testing.

More likely than not, you just don't know how to use it.

Did you include System files with your search?

NO that is plain not true, well it is supposed to be true, but in this case i never approved it, yet it somehow showed up as approved

Last edited by whocares78 on 26 Oct 2007 - 07:39

Yes whole POINT of the article is that WSUS BYPASSED this flag and FORCED itself to install...ahem.

Between this, the whole Automagic Windows Updating itself issues (mentioned above, not really a big deal IMHO), and the worldwide WGA authentication server failure (which is a HUGE deal IHMO), a lot of people are getting to say...

I TOLD YOU SO!

That's completely untrue. WDS only indexes files that change, when they change. It's resource footprint is considerably less than GDS.

All I know is that thing ran constantly and not just for the initial index building. GDS would run the initial indexing and then quietly update and things were added. The MS Search ran all of the time I ended up killing it most of the time just so I could work. As my friend's dad said: "There is not a piece of hardware that Gates cannot slow down with his software."

Technically your friend's dad (really yourself most likely trying to hide your sarcasm rather poorly) is correct about any software from any vendor.

The fastest hardware is the hardware with the least running on it.


Also if your hard drive ran constantly it could be a few things.

A: Indexing caused your HD to discover physical faults and it was auto-recovering data to non-affected sectors.
B: You constantly are installing/uninstalling and/or moving around data all the time and it's defragging your hard drive.
C: You have a really old machine that couldn't handle any modern software.

The last one is fairly likely if a simple desktop search program made your machine almost unusable.

Or...


D) Windows Desktop Index Search has a failure, corrupting the original database. Instead of being able to repair it gracefully, I've seen it have to rebuild itself from scratch. For those of us with hundreds of thousands of files, this is VERY annoying. I've seen this happen on more than one system under XP, but not under Vista yet.

Thanks for the update, Brandon, but it's kind of a moot point, as far as I can see. The update KB917013 doesn't support uninstall from via WSUS.

TOOO late the damage has been done, and i have ben condemed to removing desktop search for the rest of the day, and a friday too

This couldn't happen on a home PC. The only people affected by this are IT departments using WSUS who had approved a WDS "update" last february (which apparently is no longer functioning as an "update" but as a full install, probably due to an error).

SearchIndexer.exe should never be consuming that much memory. At most, 60-70MB for normal configurations. If you are experiencing more than that and it is actually impacting system performance, you are likely hitting a compatibility problem (old version of eTrust, old version of Adobe Reader, etc). Since the indexer on XP totally stops when you move the mouse or press a key (and won't resume until you're idle for a while) you should never notice a performance intrusion.

The first time SearchIndexer.exe runs after any reboot, etc., it performs maintenance on the database file. If you have hundreds of thousands of files, like most people, it can EASILY consume 500mb of RAM during this phase. Once it is done, it will cache it out again, but I have to disable SearchIndexer every time I want to play any games, because it pages to the drives, doing go into a full idle/pause, etc. The program is REMARKABLY stupid when it comes to being something that is so at the core of Vista.

I mean, honestly, not to automatically go into FULL PAUSE when a fullscreen application (or really any application starts taking more than 25% CPU) is just absurdly bad software engineering/design. Little desktop widgets and wallpaper programs can do this, for crying out loud...

Even if it is true!

STAY OUT OF MY APPLE, STEVE JOBS!

One?

Oh, so I guess the at least two recent occasions where updates were installed without permission, changing user's settings without permission, or the forcing of people's computers to restart don't count (and my computer was one that was forcibly restarted one night a while back).

Last edited by Skyfrog on 26 Oct 2007 - 02:24

Rather than getting angry over what you think MS are trying to do, read the previous posts.

i don't think they are doing anything ro trying to do anythign, I KNOW they probablyh stufed up adn forced desktop search, as i am still getting complaints about it. i have read the previous posts and BrandonLive said MS are workign on it, however how is that in any way helpful, the mdamage is done. unless MS comes with an update that removes it in the next few hours, it won't help me at all, but i hope they can work out what went wrong so this sort of thing never happens again

Here is my understanding of what happened. No one on the WDS product team knew about this until this morning (I was the first to know, because of an extremely impolite e-mail sent to my personal e-mail account).

• It was a screw-up, and everyone involved is deeply sorry about the trouble this has caused
• It ONLY affects WSUS systems where admins had approved an earlier WDS Update package
• The previous packages only updated existing WDS installations, and wouldn't install it on new systems
• It was intentional to offer a package that would install WDS on machines without it
• It was NOT intentional for the approval of the previous update to be "inherited" by this package. This was a mistake in the publishing of this package to WSUS.

The WSUS blog has a couple of posts on the subject, the most recent of which is here:
http://blogs.technet.com/wsus/archive/2007...-follow-up.aspx

They have suspended deployment of the WDS package via WSUS while they fix the problem, and provided instructions for how admins can most easily disable and remove the WDS software.

Believe me, Microsoft and the WDS team did not intend for this behavior. There was never any secret plan to force WDS onto unsuspecting machines. It was simply an error in the WSUS publishing process, which everyone deeply regrets. As someone who used to work in IT, I feel the pain of these admins. This is also pretty embarassing for our team even though it could have happened to any group at Microsoft, as the WSUS publishing process is completely out of our control. That said, please don't think that anyone here is taking this mistake lightly. Even though our official responses may have appeared slow throughout the day, you can be sure that today was a non-stop fire drill for all involved. Once we identified and understood the problem, it took time to coordinate an official response and go through all the necessary approval processes. Unfortunate as that is, it's the reality of a business this size, and our guys did their best to push through it and get this handled as best as we could after figuring out what happened.

thanks for the explanation, nice to see. i got it off all my machines now so i'm right. i still don't ever remember approving any WDS updates before but hell i may have when i rebuilt the server, there were a lot of updates to approve, but i woudl have expected all the machiens to have had it installed from then if i had previously approved it. wierd.

at least you guys are on top of it, and whoever sent you that email should be shot or at least have sent it to your work email i assume if they have your personal email they know you, in which case go slap them in real life

and yeah i believe this wasn't deliberate, i never though it was, it did freak me out when i got abused this morning for approving it. seeing i havent approved any updates for a couple of weeks, hopefully someone ass got kicked over there at MS

one question is is this sort of thing likely to happen again?

and on top of that OPtus international link gong out to lunch this morning adn all the route flopping going on casuing the whole australian web to slow to a crawl oh yeah and a mate agrreing to fix someone computer for them having no idea what he's doing and expecting me to do the work for him while i bet he gets all the $$$ , been an alround crap day (it will at least be good when i tell him to F^&k off as i finsihed at 5) sorry i won't go off topic again

Last edited by whocares78 on 26 Oct 2007 - 08:00