Stopped working on Windows 10 Pro 20H2

[johnpbloch]

I'm really not sure why it's not working any more. I don't see anything in Event Viewer that tells me why Windows is ignoring my active hours or to indicate that the active hours are not set correctly by this script.

For what it's worth, (for anybody who finds this with the same problem) I ended up finding another solution to Microsoft's stupid update features using the group policy editor: https://www.askvg.com/how-to-change-windows-update-settings-when-managed-or-disabled-by-system-administrator/

I'll follow up with a comment if it ends up not working either.

[OnixGH]

Interestingly, according to this article, the script might have been triggering a bug in the Windows Credentials Manager, causing the loss of stored secrets (e.g. passwords, SMB passwords, client certificate keys).

Specifically:

Ormandy found out during his analysis that a certain scheduled task can interrupt the CryptUnprotectData(). Execute the following command in an administrative PowerShell console:

Get-ScheduledTask | foreach { If ($_.Principal.LogonType -eq `S4U') { $_ } }

and tasks appear there, there is a problem. Once the tasks are executed, DPAPI will not work until a re-authentication is performed. This is caused by scheduled tasks created with the S4U (Services For User) option of the Task Scheduler.

This is caused by a bug in the RPC UBPM (Unified Background Process Manager) which causes stored credentials in the Local Security Authority Subsystem Service (LSASS) to be removed. As a result, applications either lose logon status or users log off their accounts. In the Event Viewer, the Eventid 8198 or NTE_BAD_KEY_STATE should then be entered as an event.

[xerces8]

On this subject, a section in the README would be nice to list Windows versions where the script is known to work.

[nickolay]

FWIW, the script still works fine here on Win10 Enterprise 20H2.