does anyone know how we can block windows update in mikrotik router ? I heard that L7 protocol can be heavy for the router, besides I also use IPv6 on my network
so I can not see the same L7 option for IPv6 as I can for IPv4 .. I am really being tired of heavy updates from microsoft and the updates itself are not the only issue nor the reload is
but the mess up something almost each time so I am being really tired of this and this MUST stop right ahead on one or another way, so please help !
I can locate URL´s used perhaps but than blocking it via L7 for IPv4 does not solve my problem because I also use IPv6 on my network…
I am using MAC usually but for some application I need to use windows as they are not supported on mac otherwise win would be a history long time ago.
PS: I tried to block in hosts file but is seems that win somehow bypass this file when it comes to the updates.. I also tried to disable win update services but after several reloads this service
is enabled and running, so in short microsoft does not allow us to prevent this so the firewall must be used to handle this stubborn solution from microsoft.
Simply configure your PC’s NOT to check at Microsoft for updates ?? Possible with Win7 , Win10 etc.
Some problems should not be fixed at the network layer.
Offcourse, I don’t think it is always smart NOT to install updates … some updates you really WANT to install.
I can tell win to not check the update in one week than it’s auto-on again, I disable update services and win enables them after some period of time etc.. So I got enough here.
No i have not tried WSUS server but since this came from win I am sure I can not get rid of the updates anyway using it.
Yes I am aware that I should install updates but I got enough of troubleshoting the pc. This pc is used for astro photography and I have couple of software and many drivers running on it and almost each time I run win update something is not working properly wether with the software or the drivers… Then I need to troubleshot it, looking for the infos on microsoft pages the only answer you get is: clean this clean that, reload etc.. simply empty talk leads only to frustrations which I am tired of.
So it seems that best solution will be totally block the internet access from this pc then allow couple of ip addresses that installed software need to reach.. and period…
I don’t know about the state of the DNS-services on Mikrotik RouterOS (don’t use them) but IF you can add some static records like these ones you also accomplish the same (point them to 127.0.0.1), but then also for safety DROP outgoing DNS-traffic too (except sourced from the Mikrotik)
If you only need a way the cache windows updates for an entire network, ware you don’t have active directory or even a windows server, you can try lancache. Check out the FAQ page.
thanks jvanhambelgium, will have a look on that yes and see if that works.
almdandi, installing AD is to much hassle for just one single pc on my network that I need to disable win update, so the blocking win update should be as easy as possible and as well as effective as possible so windows can not bypass it so in my case it will either be a trick using DNS as jvanhambelgium mentioned or I will simply put this pc on a separate vlan and block everything from the PC to internet and from the pc to other vlans on my network and only allow certain ip addresses out on the internet to be accessible for this pc as some applications on this pc needs to be able to communicate with their servers …
otherwise win would be a history long time ago.