Microsoft Forces Desktop Search On Windows Update

An anonymous reader writes "The Register is reporting that the blogosphere is alight with accusations of Microsoft forcing Windows Desktop Search on networks via the 'automatic install' feature of Windows Update — even if they had configured their systems not to use the program. Once installed, the search program began diligently indexing C drives and entire networks slowed to a crawl."

What's worse...

[RaigetheFury (1000827)]

Is it still isn't very good compared to Google desktop indexing.

Re:What's worse...

[arivanov (12034)]

Who cares. What is important is that it is there forcefully bundled regardless do you want it or not so Google Desktop search has to fight for its place in the Sun against an already installed product. As MSIE and WMP have shown this is a battle which third parties cannot win (at least in the consumer space).

Re:What's worse...

[plague3106 (71849)]

As MSIE and WMP have shown this is a battle which third parties cannot win (at least in the consumer space).

Ya you're right; that's why FF isn't gaining any ground, and third party video players don't come pre-installed on dells and others!

No, the real issue is that you shouldn't be forced to get an update you didn't consent to.

Who's being "forced" to do anything?!

[Anonymous Brave Guy (457657)]

No, the real issue is that you shouldn't be forced to get an update you didn't consent to.

And I have to wonder what problem everyone else is having, because my PC duly popped up an automatic update notification for this earlier today, and I told it to go away and not come back, with no trouble and no observable adverse consequences.

Why do I get the feeling that this story is caused by a lot of people who don't know how to configure automatic updates properly, and a lot of FUD because of the PR cock-up a few weeks ago? You can argue about how they classified the update, but certainly nothing has been "forced" onto my PC today as a result of the update going out.

Re:Who's being "forced" to do anything?!

[SomethingGeneric (860744)]

The way that you have setup Windows update is different than most large corporate environments. YOU have configured the update service to prompt you when updates are available and allow you to choose which to install. In most multi thousand PC Windows networks you do not want to give users that power, you configure the service to install patches for security issues and ONLY those applications already installed. The ONLY those applications currently installed part is the problem. MS is forcing the installation of a NEW program which WAS NOT already installed. They are ignoring the choice made by the sys admins and installing the search application whether they wanted it or not.

Re:Who's being "forced" to do anything?!

[crabpeople (720852)]

WRONG. mod parent down.

My wsus downloaded and marked them as INSTALL tuesday night, they were rolled out at 3am just as any update I would have approved. EXCEPT I DID NOT APPROVE IT. Why the fuck would I 1) approve a patch the same day it was released with NO testing and 2) EVER APPROVE WINDOWS DESKTOP SEARCH.

People like you piss me the fuck off. I run a tight ship. WSUS has NEVER done this before. EVER. It was 100% their fucking fault. Just because it didnt happen to you doesnt mean it didnt happen.

 

Re:What's worse...

[HouseOfMisterE (659953)]

If the update was mandatory, then it would be listed under "critical" updates instead of "optional" updates at the Microsoft Update site. It's not, because it isn't.

Re:What's worse...

[Dak RIT (556128)]

True, but any product competing against an existing popular product has an uphill battle. It's the way the market works.

Yes, I recall MSIE had an extremely difficult uphill battle against the heavily entrenched Netscape. Anytime you're dealing with something even remotely complex in the consumer space that requires a reasonable amount of knowledge/effort to change, the default is going to win by a large margin every time. I talked somebody through installing Firefox over instant messaging two days ago and wanted to stick a fork in my eye... and that was with somebody telling them exactly what to do.

Likewise, Silverlight is almost guaranteed to be a massively adopted technology simply because MS can stick it in a Windows Service Pack or update and in a month get nearly as much penetration as it has taken Flash near a decade to achieve. Should this be considered a hindrance to competition? Absolutely. This is essentially the same scenario as the browser wars... Microsoft used its dominance and influence with OEMs to prevent Netscape from being the default installed browser and usurped it with IE (which I think has done an excellent job at proving its harm to consumers).

Re:What's worse...

[Richard Steiner (1585)]

Name me *one* popular OS that doesn't include the ability to watch vids and listen to music, much less browse the net and *gasp* Search.

There is only ONE popular OS. Windows. That's the problem... All other OSes have less than 10% of the market, so they're niche players at best.

Re:Similarly as Beagle....

[Tekzel (593039)]

Gah, it will index my porn! I don't want it to do that, it will make it easier for my wife to find it. Please god, don't let it index my porn.

Note: This post was only partially tongue in cheek. I don't really care if my wife finds my porn.

If you have porn .. why do you need ...

[140Mandak262Jamuna (970587)]

I don't get it. I am sure millions of slashdotters are scratching their head too. If you have porn, why do you need a wife?

Re:If you have porn .. why do you need ...

[jagdish (981925)]

"An ounce of action is worth a ton of theory."
-Fredrich Engel

Re:Similarly as Beagle....

[nschubach (922175)]

Rename all your Porn to "How to build a deck." "How to fix an engine."

That will guarantee she doesn't look at it.

More ideas

[theantipop (803016)]

"How to fix the cable"
"How to clean a pool"
"How to deliver pizza"

Re:More ideas

[red_dragon (1761)]

"How to lay pipe."

Re:Similarly as Beagle....

[egomaniac (105476)]

I'm a Mac user, so our closest equivalent is Spotlight. I don't know how Spotlight compares to Windows' built-in search or to Beagle, but I do know one reason why it's great to have.

No matter how well-organized your file system is, and even if you know the exact path to a file already, Spotlight is still faster for accessing it. To open Photoshop Elements, I just type "ph" , and it's running. I know exactly where Photoshop is installed and I don't need to "search" for it, but typing four keystrokes to get it running is faster than any other means of accessing it (at least for stuff that I don't use frequently enough to keep on my Dock).

Same deal with bookmarks -- I can get to Wikipedia, even if my browser isn't running, just by typing "wik" . It's not always about searching in the literal sense; sometimes it's just a super-convenient shortcut to a known location.

(Disclaimer: This opinion is based on Spotlight in Leopard. On Tiger, I broke down and installed Quicksilver.)

Addition to TFA

[cerberusss (660701)]

This only happens on Windows XP, when you have either Office 2007 or Windows Live Photo gallery installed.

Not saying it's OK, just mentioning the facts.

Re:Addition to TFA

[El_Muerte_TDS (592157)]

I have neither Office 2007 nor Windows Live Photo gallery installed but Desktop Search was got installed anyway.

Re:Addition to TFA

[alexburke (119254)]

This only happens on Windows XP, when you have either Office 2007 or Windows Live Photo gallery installed.

I don't think this is the case. I watched it go on at least one machine yesterday with neither of those installed; it *might* have had Office 2000 SR-1 Professional, but probably not.

Conspiracy theory: MS is doing this to cause older or marginal boxes to become less responsive/snappy so as to further nudge the owners towards getting a new machine... and hence Vista.

WTF?

[east coast (590680)]

Critics cried foul on the principle that users should have absolute control over their machines.... The revelation that Microsoft is pushing yet more installations not explicitly agreed to by administrators is not likely to sit well with this same vocal contingent.

It makes me ask: What kind of administrator is using automatic updates on their machines anyway?

Let's face facts, while Microsoft should take much of the blame on this any admin should know at this point that automatic updates is opening yourself up to all types of undesirable installs.

This is nothing new and it's sad to see "professionals" in the field are still leaving security updates and other installs to go through without even sending a glance it's way first.

Re:WTF?

[makomk (752139)]

Unfortunately, this one apparently affects admins who were doing what they were supposed to and using WSUS. Commenters on the Register article were complaining that they'd set up WSUS to require them to approve patches, but it had taken it upon itself to auto-approve Windows Search to be installed on all systems anyway...

Re:WTF?

[EvilNight (11001)]

Companies that can't afford to send a fleet of tech monkeys running around to all of the desktops (in other words, most of them).

I manage the WSUS at my company. No updates are EVER to be passed through without my direct approval, even new revisions of previously approved updates. We've had far too many updates go through and break things to allow any kind of auto approval. So, imagine my surprise when I sit down to a cup of coffee and my morning log review, and the first thing I see when I log in is the Windows Update icon telling me to install Windows Desktop Search - something I never approved.

It went straight through, completely ignoring all of our security policies in the process. I was a little irritated at the Windows Update self-update passing through but I let that one slide since it was a MUCH needed bugfix and MS got a suitable backlash from it (silly me, thinking it was a one-time thing). Now we have the same behavior again months later. This is not acceptable. Luckily I'm in a bit earlier than most people so I was able to recall it with a few ninja edits to our group policy, and a company wide email apologizing for allowing it to be published, and warning people to avoid installing it if it somehow still got through to their systems.

I made a few changes. Our WSUS servers now no longer have internet access and are not scheduled to download. I must manually turn on their internet access in our firewall and activate the pull interactively. That way I will see the updates as they arrive, and not have to put up with this stealth update bullshit in the future. I clearly cannot trust them to just sit there and acquire updates on their own any longer.

I'm now developing a security policy for our corporate security software that will forcibly kill any applications on a blacklist I am creating. I will be adding Google Desktop, Windows Desktop Search, Plaxo, AIM, and any other programs I find that have a habit of sending data back home to outside companies. I'll happily find people alternatives that don't phone home - it's not the apps that bother me, it's the potential for leakage of our corporate data to third parties. I don't particularly care if the feature can be turned off, since I'm not the one installing it. If a program has potential to phone home, it's banned.

Re:WTF?

[EvilNight (11001)]

I'm not sure. If I had to guess, I'd guess that it has something to do with the age of our WSUS servers. We started on 1.0 early on, upgraded to 2.0, then to 3.0 recently along with SP2 for 2003. The server itself started life as a Windows 2000 system so that upgrade process was run as well. The server has also had a complete hardware change three times over the last seven years. Microsoft's products are never so buggy on a fresh build as they are when part of a lengthy upgrade tree where the potential to fall down a rabbit hole of untested codepaths is much greater. Unfortunately we can't afford to just scrub every Microsoft service when we move to a new version. I also have a script running once a week to run the recommended cleanup using wsusutil on the WSUS database (and yes I've fixed it to run with the latest version). ;)

Other than this strange auto-approval, we've had no problems whatsoever with WSUS 3.0. It's been great actually. The improved reporting and granularity is a welcome addition that we have yet to truly take advantage of. WDS3 was successfully retracted from the approved list after I revoked it, and I've backed out the GPO changes without any trouble. It's no longer showing up on the clients. Also, BDD2007 and our repository of published software (both in a DFS root) resides on the same WSUS server. I've also grafted Linux PXE and Solaris Jumpstart into RIS/BDD2007 so it's something of a custom build. I don't really think those apps should be interacting with WSUS3 in any way though. Totally different services and disk partitions. There are some user home directories there as well.

As to some of the other posters, I don't know that WDS phones home, yet. I haven't taken the time to do a thorough analysis, but I tend to err on the side of paranoia (after all, security is part of my job). I get very suspicious of any programs collecting data about a computer or user activities in the name of making the user experience better. I also don't see the use of an indexing system that kills the performance of one's operating system. I don't trust MS as far as I can shot-put the planet either.

Our GPO already disables all file indexing, NTFS short filename creation, system restore, unnecessary services like UPnP and messenger, and sets sane, non-annoying defaults for apps like MSN messenger, the language toolbar, media center, etc. It even restores the XP search to the better, more basic 2000 version (it's amazing what you can do with a .reg push in a GPO). Essentially I took my 10+ years of experience un-fucking windows default configurations and turned it into a GPO so I didn't have to keep doing it the hard way. I've got custom MSI files assigned to workstations to install apps like the entire sysinternals suite, VLC media player (beats having users install real/quicktime/divx), and so forth. It's a rather mature, customized environment aimed at getting Windows out of the user's way so they can get work done. (And play - we don't ban games.)

And yes, my users have local admin on their desktops. Windows isn't really designed to operate any other way (and I don't have a Fortune 500 budget to fix it like some others do). Our solution to the constant risk of IE was to recommend people use firefox whenever possible (with noscript, adblock, etc) and to get IE, firefox, and other internet-touching apps to run under an unprivileged, local user account that was created to share the exact same desktop/docs/favorites etc as the real user. We also took some time to educate them on safe surfing habits.

What worries me is the trend lately for, say, apps like Sun's Java to ask (default is yes) to install apps like Google Desktop during their normal upgrade cycle. Frankly most users have better things on their minds than wondering if the apps they are clicking upgrade for are about to trojan their boxes with 3rd party bundled software. That's why I'm eyeing an app-killing security policy for the more egregious offenders.

Re:WTF?

[east coast (590680)]

Automatic Updates is the quickest way of deploying patches to a computer, especially if an IT department has to maintain hundreds of those PCs.

You must not be an admin. [microsoft.com]

Fortunately, this just adds to the number of reasons to switch to Linux. :-)

Again, you must not be an admin. It's a job, not a hobby. When the powers that be tell you that they want certain software and that software isn't available on Linux that's the only reason you need not to switch. We serve the customers needs, not our own whims.

Annoying? Yes.

[walterwalter (777821)]

However to say that by default it was indexing the entire C: drive is erroneous. The default behavior is to index user files in "doc and settings" and then your outlook files after you open that program.

Re:Annoying? Yes.

[Anonymous Coward]

Facts are not welcome here. Please edit your post to include some anti-Microsoft comments.

little do they know...

[AndyST (910890)]

Welcome to Live Search, NSA Edition

[_______________] [search]

( ) the web
(o) all computers running Windows

[X] force update
[X] slow down computers
[ ] obey law / constitution
[X] forward trade secrets to us corps

Best described with song

[jollyreaper (513215)]

Windows Update, you're the whore
Who makes my computing such a chore
I can't take this shit anymore

Woo woo be doo

Windows Update, you make me sore,
When I disable you, you ignore!
Windows Update, you're the bane of my existence, it's true!

Doo doo doo doo, doo doo

Every day when I
Make my way to the workstation
I find a little fella who's
downloaded some new MS aberration

Chunk-a-lunk-a-bluescreen!

Windows Update, you're a cunt
And I'm not sure I could be more blunt
Windows Update, I'm awfully cross at you.

Every day when I
Make my way to the workstation
I find a little fella who's
downloaded some new MS aberration

Windows Update, you're a cunt
And I'm not sure I could be more blunt
Windows Update, I'm awfully sick of -
Windows Update, I'd like stick a brick in -
Windows Update, I'm gonna download Ubuntu!

Doo doo, be doo

Like I keep Saying

[vtcodger (957785)]

Automatic Updates do not seem to me to be a very good idea -- for users anyway. The big problem is that on bad days, they have the potential to shut down you or your organization with no warning. In fact, they can easily be more cataclysmic than a virus or rootkit. Malware may well try not crash your machine because killing the host is a bad strategy for a parasite. Bad updates do not have any such constraint.

QA of patches is very difficult. Lots of time pressure. Lots of things to check. Easy to overlook things. It's not like Windows and other modern Megasoftware have any coherent set of specifications that can be tested against. Or that test procedures would be perfect if there were specificiations. Or that a thorough test could be run in a realistic amount of time. This looks like yet another QA screwup.

Better to defer installing updates for a few days I think and let others Beta test the fixes. There's some risk to that also of course. But not as much. At least not in my estimation.

Article Incorrect

[Toreo asesino (951231)]

This applies to WSUS only, not the consumer Windows Update as everyone has mistaken it for. WSUS is the corporate, large-network version of managing and deploying product patches & upgrades to Windows machines (even if it's useful networks of any size really).

What I find bizarre is that this system, not Windows Update (which I stress again, is different) has been subjected to a patch that seems to auto-approve itself!
Under normal circumstances, each patch has to be approved (if set this way) by a network-admin before it will trickle out to workstations. This is the first time it would appear an update has approved itself.

I tell a lie....

[Toreo asesino (951231)]

The problem here is in fact that the search has come as an update for Windows, rather than a separate product. Looks like the people that are affected are auto-approving updates as they come, which more or less half the reason you'd use WSUS in the first place - to test patch deployments before releasing onto the network at large.

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=2315860&SiteID=1 [microsoft.com]

Re:Article Incorrect

[hb253 (764272)]

Wrong. I'm administaer WSUS 3.0 in my company and the desktop search app was not auto approved or autoinstalled. As I've said in other posts, if WSUS released the patch, it's the admins fault, pure and simple.

WSUS is your friend

[Verteiron (224042)]

I declined this for my network via WSUS. It never set itself to "auto-install" as some of the comments I'm reading say it did, at least not in my network environment.

Saw it in WSUS, declined it, end of issue.

You don't have to install it...

[Techogeek (1148745)]

If you have your PC set to notify before downloading updates, you can simply uncheck it when the yellow shield pops up. When you close the window a box will pop up asking if you want to install it later. Just uncheck the box again and it will never ask again.. Worked for me!

Re:No Conspiracy Theories

[mattpalmer1086 (707360)]

Since when did Microsoft care about pissing off its users? What realistic alternative do they have?

Re:No Conspiracy Theories

[mattpalmer1086 (707360)]

Fabulous - my first Troll mod :) I actually felt I was making a serious point, although I guess I put it rather briefly.

People don't have a realistic alternative to Windows yet. It's not just a technology issue either. Microsoft only improve products when they face competition, and ensuring they don't have to do that is one of their principal business strategies.

Since Microsoft is (a) in the game of making money, (b) has a monopoly position in the market place and (c) continues to shut out competitors, then I contend that Microsoft don't care whether they piss off their users or not, and never really did care, except in those areas in which they are yet to dominate.

Pleasing users is not Microsoft's game. That's what their competitors have to do.

Re:No Conspiracy Theories

[140Mandak262Jamuna (970587)]

Microsoft does not benefit by deliberately pissing off its users in this way.

No they are merely testing, how far they can push their flock. One has periodically test these things to know how much you can get away with. Without precise knowledge of how much the users will put up with, they might be a little conservative and lose money they would have otherwise made. Further this will also raise the pain threshold of the users, once they get used to this level of pain, they will not see anything wrong with Vista.

Re:No Conspiracy Theories

[jvkjvk (102057)]

Further this will also raise the pain threshold of the users, once they get used to this level of pain, they will not see anything wrong with Vista.

Now, there's some forward thinking. Keep pushing out updates to XP, slowly yet continually make the user experience worse and worse. After a year, it could be worse than Vista - if they work at it. They don't need to improve Vista, they just need to hobble XP!

Re:No Conspiracy Theories

[TheVelvetFlamebait (986083)]

Firstly, Vista isn't painful. I've tried it, I use it, it's fine. I even have UAC on, because it isn't as annoying as everyone makes it out to be. Although I must say as a disclaimer that I, like many people, haven't tried to set up a HD home cinema setup, so perhaps I'm not experiencing the worst of it.

Secondly, the thing that's really slowing Vista adoption is not the alleged pain, but the fact that most people don't trust Windows until at least one service pack. This is a critical time for Microsoft. If Microsoft really want to make money (and trust me, they do), they would be focussing on rushing out a service pack, and concentrate on lessening the waves of FUD that are circulating around the web.

In short, I think the GP is right, and the theory of a demonic Microsoft playing with its market like they were pawns in a chess game is absolutely absurd.

Re:No Conspiracy Theories

[Yer Mum (570034)]

But they benefit from deliberately installing stuff on the computers of users who don't get pissed off.

Don't want people to download Firefox or Opera? Push IE7 as a critical update.

Don't want people to download Google Desktop? Push Windows Desktop Search as a critical update.

Probably the balance between pissed-off users and non-pissed-off users makes it worthwhile in the end.

Re:No Conspiracy Theories

[myvirtualid (851756)]

This sounds like a dumb mistake

Assuming that this is just a dumb mistake, I don't know what's worse:

• Microsoft's complete and total lack of quality control, how many years after they claimed to have made security their number one priority? If your processes are so pathetic that mistakes like this make it out the door, you don't get security and likely never will. Change management is a paramount security control.
• Someone, anyone, offering them such a pathetic get out of jail card

Oh, but to err is human!, I hear you saying.

Bollocks. When it comes to the operating system that runs the vaaaaaaast majority of desktops worldwide, quality counts. Or should.

Re:No Conspiracy Theories

[nine-times (778537)]

I guess I would wonder how this was able to happen at all. The admins configured the service so that the update wouldn't happen, and it happened anyway. Why was the software built in such a way that an outside party could even have the option of pushing an update against the configured settings?

Re:Enough with the stealth auto-"updates" dammit!

[speaker of the truth (1112181)]

I think you'll find that the Desktop Search is completely inseparable from the desktop and that the latter would be rendered completely useless if it is uninstalled. Just like IE is.

Re:Enough with the stealth auto-"updates" dammit!

[mysticgoat (582871)]

Fuck the Storm botnet. We have bigger problems with a piece of malware called "Windows Update".

There is a fix for the "Windows Update" problem. If universally applied, it will also fix the Storm Worm.

You know what it is.

Re:Enough with the stealth auto-"updates" dammit!

[Penguinisto (415985)]

Oh please, if everyone used linux then the spyware/malware/virus gremlins would simply write all their software for linux. You know it, I know it, and virus authors know it. They wouldn't sit around continuing to write windows viruses wondering why no one was getting infected.

Perhaps, but it would damned sure thin the malware herd a bit. The script kiddies would quickly realize that it isn't so easy to build a botnet out of 48 different distros of Linux, each often reacting to a given flaw in different ways, and some simply ignoring the flaw altogether?

Sure, Linux (or more accurately, its apps) has a fair share of flaws that a stupid user could help the script kiddies exploit (*cough*PHP*cough*), but they're far harder to exploit overall, are anything but homogeneous, and thus the damage would be far more contained.

I mean, seriously - it would take a long time before the script kiddies could assemble botnets of, say, 1/2 the magnitude that they do now with Windows. It would at least give us good guys enough of a break to come up with something more effective in keeping such incidents perfectly rare.

/P

Re:Enough with the stealth auto-"updates" dammit!

[TheGratefulNet (143330)]

Microsoft is abusing it's position as the sole control point of Windows Update to push more of their crap into the market.

when I first started using windows, I never used windows update. I was suspicious of it and I'd rather just manage my own security even though I would lose out on bugfixes. over time, I grew to 'accept' that MS was trustable in their updates and I started using them. I would approve each one and check to make sure nothing was getting installed that didn't seem useful or needed. but I was 'into' the MS update thing each month and updated my PCs.

over the last year or two (give or take) I lost this trust. it also seems to be about the time that vista came into the scene. I don't run vista and I don't think I ever will, but if I was losing trust in MS's ability to force ONLY essential updates on me. it seems that if I can't even trust xp's update, why would I want to take things to the next level of non-control and give the full 'admin' switch to MS and just be at their update-stream mercy? its my understanding that vista boxes HAVE to be continually (not continuously, but mostly online) in order for them to stay (cough) 'current'. in all that that implies..

if you are a vista user, you MUST accept and trust the update stream. but I can't even trust it as an xp admin or user; how does MS expect me to give them full control over my box by installing and using vista?

I stopped taking the updates from the net and instead use the heisse security thing (the offline update cdrom method). I have a frozen image from when I think there were only 'good' things in that update and I guess that's pretty much the last of the updates I'm going to install (ever) on my xp boxes.

the bond of trust is broken and so I could never accept installing or running vista. I can't examine or really approve/disapprove each update in vista and so ALL my control is essentially gone. no thanks.. really, no thanks!

Read the blog links

[SmallFurryCreature (593017)]

Unless someone is doing a lost of posting, it seems real enough alright.

Also, lets face it. It smells true. MS ain't that smart, it truly seems like they would think it a good idea to install indexing software on every desktop in a network and have it index all the shares.

Because slashdot ain't what it used to be, I shall now explain why this is bad. It would be like EVERY computer, trying to be its own internet search engine and spidering the net for itself.

You don't do that. You index your own files, and use a central index for everything else.

However MS ain't that smart and thinks that you should index locally everything on the network. This is really a fundemental flaw in their design of this tool. It really shouldn't be allowed to index the network without explicit permission.

So why the forced update? It seems to have given itself extra permission so that it was installed without admins having thecapacity to block it. Well, remember who we are dealing with. This is MS. The company that knows best. Their may be an evil plot, or it may simply be that the Desktop Search constained a serious security hole that needed to be patched, so they even installed it on non-desktop machines.

Frankly trying to explain MS is like explaing the actions of a mad man.

We will never know why MS truly did this, stupid blunder, evil plot, insanity?

And no, it won't drive people to linux. This is just another anecdote in the long miserable live of a windows admin. I suppose, I don't do windows, and gladly take a lesser paycheck for that (although oddly enough I get payed more then all the windows admins I know, but hey, life ain't fair). Linux, for the money and the babes. Oh okay, not the babes, but the free beer is nice.

Re:Can someone confirm this?

[plague3106 (71849)]

Ya, I'm gonna go ahead and call bullshit. Our company has a WSUS server that I manage, and the update came in as Not Approved. So either he approved it, or set the server to auto-approve anything, which would be his doing as well. Or maybe he doesn't realize that its not an Installed % that it shows, its an Installed / NOT APPLICABLE % that the column indicates. In other words, I have 39% in that column, because the update doesn't apply at all to 39% of computers in our company. No computers to which the update applies have it installed.

Re:misleading

[MikeyVB (787338)]

Actually, TFA is not misleading at all.

I am one of the Systems Admin for a company with 2000+ users. We use WSUS for updating our clients, and our WSUS settings are set to not install any updates of any kind what so ever unless we explicitly approved of them.

Yesterday ALL of our users suddenly got the Windows Desktop Search app. We double checked our WSUS settings, confirmed that updates only install with approval, and also explicitly "Declined" the Windows Desktop Search. It still continued to roll out, even though we said we didn't want it!

We use Lotus Notes for our corperate e-mail, and so Outlook is not installed on any computers, and so of course since Windows Desktop Search indexes your Outlook e-mail, and since we didn't have it, everytime a user logs on now, they get two error messages about that it can't find Outlook and can't index your e-mail. Ridiculus!!!!!

Called Microsoft for support (we have an enterprise license) and said they would "look into it" and "get back to us". No matter that our users are calling like crazy and wondering what is going on...

I *hate* Microsoft now.

Re:misleading

[cwastell (1179517)]

It was released as an revision update. WSUS automatically approves those by default, even if you've got every other type of update set to manual approval. Its a separate tab (Advanced) in the Automatic Approvals dialog, so its basically a hidden setting unless you're looking for it.