Registry reverts itself so Windows Feature Update Not Installing

Matthew Anderson 0 Reputation points

Hello I use a PowerShell script to install the latest Windows 10 and 11 Feature Update. As a part of this, it sets various registry keys such as the TargetReleaseVersionInfo to be 22H2. It works a treat as it doesn't reboot and we have a separate script that will do the correct reboot if the end user leaves the machine on. However, out of the 5000+ machines it has run on to update, there are around 1000 where, for some reason, the reg keys revert back. I tried to include the keys to delete\change for deferral in various locations to no avail. I have run Process Monitor and it shows the Windows Update service appear to reset the registry keys back to how they were..! These machines all have a variety of AV installed, across different customers, no Group Policy in place for Updates anywhere, we use ConnectWise Automate to do the Windows Update patching and all 5000+ machines have the same policy in place so that was ruled out, I even adjusted backwards on a few test machines to be sure. Anyone know how\why registry keys are resetting themselves back to how they were as soon as the PowerShell script starts to run. The WU\BITS Services are started, I have tried starting the services prior to the registry change and after, and that has made no difference. Better yet, if we can download the installer and run it silently with no reboot that would be great but forums in the past say that is not possible, unless it's changed now? Thanks in advance, Matt.

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,792 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,391 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 43,996 Reputation points

    Hello there, To help prevent a value changing, in Regedit you can try the below steps and see if that helps. First, export the key, or better, back up the Registry. Change the value of LocalAccountTokenFilterPolicy to 1, as desired. Then, Right-click on the key containing the value. Click on Permissions. Click the Advanced button. Change Owner to yourself. Remove Full Control from other users than yourself, wherever possible. If this is not sufficient to "lock" the value after reboot, then repeat as above and finally change Owner to NT Service\TrustedInstaller. It is possible that some Windows process might still change the value, or might fail to work properly. In that case, there's a workaround: Right-click the key and Export it with the correct value for LocalAccountTokenFilterPolicy. After each reboot, run the script to restore the value Hope this resolves your Query !! --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments