*Updated for Windows 22H2
The simple answer: Windows Update Medic Service (WaaSMedicSvc)
You need to disable this two ways:
Its service. To do this, you need to do it through the registry (always back up all registry keys and put them somewhere before making changes).
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc]
"Start"=dword:00000004
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,00,00,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
This puts the service at disabled, and the failure action at "Take No Action".
You need to disable the scheduled task for it. You can do this either by downloading Execti.exe and running mmc.exe /s taskschd.msc inside it, then navigating to Task Scheduler Library > Windows > WaasMedic, and then disabling it. Or, do it via the registry here:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CEC0B91-4AE9-4E8A-ACB2-3B4C811F442C}]
"Hash"=hex:6f,ad,62,d5,2a,7b,61,a6,ea,0d,3e,20,80,1f,04,8f,b3,3e,4f,01,39,e6,85,f2,25,b9,a9,77,9f,64,be,2d
Your end numbers (0CEC0B91-4AE9-4E8A-ACB2-3B4C811F442C) may differ, so search the main key (\Tasks) by hitting F3, and search for: PerformRemediation
That's it. I suggest in order to disable it all, with no intention of removing anything permenantly, that you disable all the following services and tasks:
Services:
Background Intelligence Transfer (BITS)
Update Orchestrator Service (can also disable its tasks)
Windows Update
Windows Update Medic Service
If any of them for some reason do not allow you to disable them, you can do it in the registry by assigning their Start to 4 (1=autodelayed,2=auto,3=manual,4=disabled):
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsoSvc]
"Start"=dword:00000004
Here is a complete registry entry of mine to do it all in one go.
Windows Registry Editor Version 5.00
;; READ NOTE FIRST ABOUT EXECTI.EXE
;; system32\usoclient.exe may be renamed if needed (Orchestrator file)
;; UpdateOrchestrator\Schedule Scan
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{440D36C3-DA3F-4CD8-A99E-D698432D005A}]
"Hash"=hex:f6,1b,aa,e5,4a,a7,19,31,58,fa,96,7b,39,45,40,67,c1,2f,3c,ba,9f,9c,\
90,28,3c,8a,2d,80,7e,ba,11,fd
;; WaaSMedic\PerformRemediation (update medic)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CEC0B91-4AE9-4E8A-ACB2-3B4C811F442C}]
"Hash"=hex:6f,ad,62,d5,2a,7b,61,a6,ea,0d,3e,20,80,1f,04,8f,b3,3e,4f,01,39,e6,\
85,f2,25,b9,a9,77,9f,64,be,2d
;; use ExecTI.exe if possible to disable the Scheduled Task / triggers manually (it should change this anyhow), if not then use this.
;; THE CODE: 440D36C3-DA3F-4CD8-A99E-D698432D005A may be different. Search for "UpdateOrchestrator\Schedule Scan" in registry.
;; SERVICES
;; Windows Update Medic Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc]
"Start"=dword:00000004
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,00,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
;; Update Orchestrator Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsoSvc]
"Start"=dword:00000004
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,00,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
;; BITS
[Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
"Start"=dword:00000004
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,00,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
;; Update
[Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
"Start"=dword:00000004
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,00,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000001
"AUOptions"=dword:00000002
;; Disable Maintenance Wake Up
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Maintenance]
"WakeUp"=dword:00000000
;; Windows Modules Installer (TrustedInstaller)
;; needs key permissions as administrator
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrustedInstaller]
"Start"=dword:00000004
;; change to 3 to put it back to manual (default). These components re-enables windows update and BITS components periodically.
;; failure actions is the Recovery tab under the service properties specified to "take no action"
I recommend that you use SetACL if you want to make a batch file to automate all of this and stop components at the same time. SetACL will take permission of the necessary registry keys to modify TrustedInstaller and others to 4 (disabled).
Here is a batch example (disable_all.bat):
@echo off
SetACL.exe -on "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrustedInstaller" -ot reg -actn setowner -ownr n:Administrators
SetACL.exe -on "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrustedInstaller" -ot reg -actn ace -ace "n:Administrators;p:full"
regedit.exe /S disable_update_components.reg
TIMEOUT 1
sc config "WaaSMedicSvc" start= disabled
sc stop "WaaSMedicSvc"
TIMEOUT 1
sc config "UsoSvc" start= disabled
sc stop "UsoSvc"
TIMEOUT 1
net stop BITS
sc config "BITS" start= disabled
sc stop "BITS"
TIMEOUT 1
sc config "wuauserv" start= disabled
sc stop "wuauserv"
TIMEOUT 1
sc config "TrustedInstaller" start= disabled
sc stop "TrustedInstaller"
If all else fails, you can simply rename your system32\usoclient.exe, or try something like Wu10Man to see if it helps (though, that basically does everyting here.), and simply leave the tasks/components as is.
If you'd like to revert any of these changes, simply change "Start"=dword:00000004 to "Start"=dword:00000003
I have also completely disabled these services in Task Scheduler
.. ? Services don't run via the task scheduler. Services run via the service control manager and the kernel driver model (which technically aren't services but one can argue this point due to microsoft ambiguous verbage). This might be semantics to some, but the difference is more than semantics.