Recently, I audited my work laptop. I set lots of the services disabled so that I control to some extent what runs and when. All pretty obvious stuff for a security professional. An interesting point was noted when I next tried to run Windows Update though.
Not surprisingly, Windows update has some dependancies which must be satisfied for update to work. They are BITS, Automatic updates and Event Log.
I can understand that. Windows update kindly reported to me that some of Automatic Update, Event Log and BITS were not running and asked me to go start them.
I did and interestingly, Windows Update still did not work. It transpires that it is not good enough to start the services: You must set them to Automatic in order for windows update to work.
This is a bit of an arse. I can see that MS want this stuff running, but it's a bit naughty to insist that the services are set automatic rather than that they are running. It means that to apply updates, I need to jump through a whole lot of hoops: changing service settings every time. I'm certainly not happy to just leavee this stuff running the whole time.
Unfortunately, it seems that MS still don't get it..