Disabling Windows Updates: All or just video drivers?

S

SteveN1

Young grasshopper
Jun 16, 2019
41
5
Singapore
The general recommendation when installing Blue Iris seems to be to disable both Windows 10 and Blue Iris automatic updates, and only update when you need a feature. Generally, good advice.

The wiki recommends disabling driver updates, not all updates. Is this still the recommended configuration? I can see how you would not want video drivers to be updated, and I have also found programs that stopped working, like VMWare, when windows tried it's last mega-update, so a case could be made for disabling all of them, especially for a machine that has no Internet access except through a VPN.

Thoughts here? What are most people disabling, all updates or just the video drivers?
 
  • Like
Reactions: TL1096r
I let Windows 10 update automatically and I have never had an issue. If its connected to the network it stays up to date.
 
I also have mine set to install updates but not automatically restart.

Isn’t disabling windows updates in W10 something that’s quite difficult to do ?
 
It used to be difficult, but with one of the recent updates it is easier to disable. I've heard from more than one source that disabling updates is good practice for a Blue Iris machine, and I've had updates break other software over the years too.
 
SteveN1 said:
Thoughts here? What are most people disabling, all updates or just the video drivers?
Click to expand...

I wouldn't be comfortable disabling Windows updates on any system connected to the internet. Most are security related.

Blue Iris and video card drivers are a finicky mix. I erase and install Windows from scratch, update BIOS, etc., than manually update drivers as needed after that. I do not install the manufacturer update software. I disable Windows automatic driver updates: How to Disable Automatic Driver Downloads on Windows 10

Best advice for a reliable Blue Iris system is to dedicate the computer to only running Blue Iris. Don't use it for web browsing, or as your QuickBooks server. Just Blue Iris.

I've seen faaaar more problems caused by 3rd party stuff like printer drivers, antivirus software, and "utilities" than Windows Updates. Of course it does happen, but most of the time it's either a minor problem or only happens with a rare mix of equipment and/or software. The #1 source of problems with Windows is the users.
 
  • Like
Reactions: looney2ns and TL1096r
SteveN1 said:
especially for a machine that has no Internet access except through a VPN.
Click to expand...

I am just curious how do you set it up to have no internet access except through a VPN? Right now dual NIC I have the second NIC hooked up to internet to connect through app (through VPN in router) but still has general internet access.
 
You can block all requests from the BI IP address in your router firewall.

For example, this is what's allowed for my IP cameras on my network (no rule -> no access, default is to block).
upload_2019-9-16_11-7-11.png
 
  • Like
Reactions: TL1096r
JNDATHP said:
If I block BI computer from Internet how do push messages get sent? I do use a VPN on our phones.
Click to expand...

yes this was my question. It would be great to block all internet connections and only have BI allow for push notifications.

Port 123 NTP - is that for nettime @Mikk36 - I am not really sure what your pfsense firewall setting means?
 
TL1096r said:
Port 123 NTP - is that for nettime @Mikk36 - I am not really sure what your pfsense firewall setting means?
Click to expand...
Network Time Protocol
My router hosts that service so that my cameras will always have the correct timestamp and they're synced.
upload_2019-9-18_8-56-24.png
If yours can't do NTP, you can always set the cameras to use an NTP service from the internet and only allow access to that specific service, for example. One option is to pick a server (specific IP) from ntppool.org. Or set up an NTP service on the Blue Iris machine.
 
Mikk36 said:
Network Time Protocol
My router hosts that service so that my cameras will always have the correct timestamp and they're synced.
View attachment 47476
If yours can't do NTP, you can always set the cameras to use an NTP service from the internet and only allow access to that specific service, for example. One option is to pick a server (specific IP) from ntppool.org. Or set up an NTP service on the Blue Iris machine.
Click to expand...

I did this:
Setting up NetTime Time Sync Tool on Windows 10

but had to enable this on windows firewall and wanted to see if it was safe?
Go to Inbound -> New Rule -> Port -> Select UDP -> Port 123 -> Allow the connection -> for Rule applies you can check Domain, Private and Public
 
Yes, NTP uses UDP port 123 for listening to connections and there's no way around it (well, yes, you can usually make it listen on another port instead of 123, but you still need to open that port up in the firewall inbound rule).
 
  • Like
Reactions: TL1096r
I use a combination of policies and settings.
GUI Settings
- Receive updates for other products when you receive updates for windows. (mainly so defender gets updates).
- Delivery Optimization off

Policies
- Auto download and Install updates every Saturday at 9 PM
- Do not include drivers with windows updates. (Driver updates usually create more issues for me then they solve)
- Do not adjust option to Install updates and shut down in start menu
- Semi Annual Channel, Defer Upgrade for 128 days. (Gives plenty of time for the bugs to be worked out in feature updates)
- Defer quality updates for 4 days (4 days is about the general time window it takes for MS to yank a problematic update).
 
You must log in or register to reply here.
Top Bottom