Disable UpdateOrchestrator Reboot task

About a week ago my Windows 10 Pro started waking up in a middle of the night. I've had similar problems about half a year ago, but managed to configure the cause - unruly UpdateOrchestration task and disable it - using this answer. Disabling the "Wake the computer..." option in Reboot task helped.

However, about a week ago the computer started waking in the middle of the night again and I am unable to convince the Reboot to stay down this time. When I uncheck "Wake the computer..." option a window appears that asks me to provide login credentials for some mysterious S-1-5-18 user that I have never heard about (see the picture below, I use the Polish Windows version).

I have no idea what the password for S-1-5-18 should be. This window's dropdown allows me to choose other users though, besides the mysterious S-1-5-18 - in fact there seems to be about 5 accounts with names similar to my Windows username (why there is a multitude of them? I have no idea, Control Panel shows me as the only user of this computer); when I select one of them in the dropdown and enter my password I get the following message (translated from Polish to English):

The supplied variant structure contains invalid data

Do you have any idea how to disable the computer from rebooting at night?

EDIT: To clarify the multiple username thing: there is a single S-1-5-18 user in the dropdown. The multiple user thing I said pertains to my original Windows username. The following picture shows the content of the users dropdown. I have edited out the names that show my original email address, my real name or the names of my computers..

EDIT2: I tried disabling the "Wake to run" option on the task using PowerShell, with the following script and it also did not work. No error is given but the WakeToRun stays true.

 ?{ $_.Settings.WakeToRun -eq $true -and $_.State -ne 'Disabled' } |
%{
    write-host $_
    $_.Settings.WakeToRun = $false;
    Set-ScheduledTask $_
 }

lukeg

Posted 2017-11-16T00:42:38.700

Reputation: 501

If you have multiple S-1-5-18 which of course is the Local System account you have a problem. Could offer other links but I am way to lazy for that effort tonight. I would red to know, exactly how similar the other usernames are to one another, won’t do any research till that information is known (and contained within the question) not a comment

– Ramhound – 2017-11-16T01:16:34.387

@Ramhound I have updated the question. Please note, that I have never said I have multiple S-1-5-18. I have multiple users similar to my own Windows username. – lukeg – 2017-11-16T09:29:37.003

The S-1-5-18 SID belongs to a well known account. Microsoft has a list of those. Your dropdown doesn't necessarily show current users but also users you have used in the past. To see the actual accounts that are setup on your machine open the run dialog and type in lusrmgr.msc. That will get you a console which would help you. Well known IDs/System accounts aren't going to be visible. But it should help you to figure out whenever multiple lukeg accounts exist on your system.

– Seth – 2017-11-16T11:11:25.217

@Seth Thanks. Using lusrmgr.msc confirmed that there is in fact a single lukeg account. However, I am still not sure what credentials to enter when changing UpdateOrchestrator Reboot task. Do I have to use S-1-5-18 username or my existing lukeg account? When I use the latter I enter my online MS account password - however that ends with aforementioned "The supplied variant structure contains invalid data" message. – lukeg – 2017-11-16T12:28:07.383

I never said you had multiple Local System accounts just if you had multiple that would be a problem (what you said was long winded and could be taken multiple ways) – Ramhound – 2017-11-16T12:49:20.843

Answers

I was eventually able to disable the Reboot task. Firstly, I tried the following line in cmd:

SCHTASKS /Change /TN "Microsoft\Windows\UpdateOrchestrator\Reboot" /DISABLE

It did not work, and the error message said I do not have sufficient privileges to modify the task (even though I work on a Windows admin account). However, thanks to this message, I was able to find information about NSudo program. Per the already linked hint, I used it in a TrustedInstaller mode to start cmd and - lo and behold - SCHTASKS now worked perfectly, allowing me to disable the Reboot task. Windows is user friendly, they said.

EDIT: To make things clearer, NSudo gives you privilages over Reboot task and you do not have to use exactly the cmd listed above to disable Reboot task. Alternatively you may, for example, use it to run taskschd.msc and edit the Reboot task to your liking in the window that opens (for example by unchecking the "Wake up..." checkbox).

I have found that the changes don't always stick. The aforementioned message states that on has to issue the following command using cmd from NSudo (note you may have to translate the account names to language your Windows uses):

icacls "%WINDIR%\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot" /inheritance:r /deny "Everyone:F" /deny "SYSTEM:F" /deny "Local Service:F" /deny "Administrators:F"

lukeg

Posted 2017-11-16T00:42:38.700

Reputation: 501

1thanks for this, I had the exact same problem on Polish version of Windows :) – Adassko – 2018-01-07T21:57:19.940

NSudo - the hell? How does it work? I mean, it works, thank you, but, WHY? – Locane – 2018-03-15T18:05:18.377

Man I hate Windows. – jcollum – 2018-03-21T02:42:52.053

link for NSudo http://www.majorgeeks.com/files/details/nsudo.html -- the repo doesn't really give you any idea of where to get it

– jcollum – 2018-03-23T04:21:46.093

Can do this too with PsExec (https://docs.microsoft.com/en-us/sysinternals/downloads/pstools), developed by Microsoft, which to me was more comfortable than the slightly iffy download locations of NSudo (majorgeeks.com doesn't evoke my trust :) With PsExec, open command prompt as admin, run: c:\some-path-to\PsExec64.exe /S CMD.EXE and then the SCHTASKS command mentioned in this answer.

– Jan Żankowski – 2018-06-15T19:51:44.580

1Mmm that sounds wonderful... But even with nsudo, running taskschd.msc to edit the reboot task, on pressing OK windows asks for the password to the S-1-5-18 account. – zx81 – 2018-07-14T17:58:38.787

@zx81 That's strange. Worked for me this week when the damn thing reenabled itself again. – lukeg – 2018-07-14T18:00:39.300

Let me see if I got the right workflow... Run NSudo as Admin. As Trusted Installer, run taskschd.msc. Edit UpdateOrchestrator/reboot , e.g. change the date to 2049, and that works for you without a password? – zx81 – 2018-07-15T18:51:11.630

@zx81 Generally, that's the workflow. Strangely, it has asked me about a password this time I tried it. Definitely worked a week ago though. I think it might be because I have issued the icacls ... command to stop reenabling it. – lukeg – 2018-07-19T11:41:00.693

Solution for new Microsoft 17134 something

jest run regedit.exe and paste this to path bar then delete subfolders

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator

its working like some russian malware that you can't remove, service "Update Orchestrator Service" will be try to renable windows update or recreate task and you can't disable manual. try this one, or run Windows update service "Log on" as some user that should block auto run

takeown /f "%WINDIR%\System32\UsoClient.exe" /a
icacls "%WINDIR%\System32\UsoClient.exe" /remove "Administrators" "Authenticated Users" "Users" "System"

icacls "%WINDIR%\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot" /inheritance:r /deny "Everyone:F" /deny "SYSTEM:F" /deny "Local Service:F" /deny "Administrators:F"

takeown /f "%WINDIR%\System32\UsoClient.exe" /a
icacls "%WINDIR%\System32\UsoClient.exe" /inheritance:r /remove "Administrators" "Authenticated Users" "Users" "System"

I know windows update is important but windows 10 is still in Alpha, Bill please come back ?

user956584

Posted 2017-11-16T00:42:38.700

Reputation: 295

S-1-5-18 is a local SYSTEM account. It has no password and only services can run under it.

But there is a tool psexec that can allow a user app to run under SYSTEM account. You can use it like this:

psexec.exe -i -s schtasks ...

However, even disabling wakeup for the Reboot task won't stop the reboots entirely.

The following alternative solution worked for me:

Go into "Power Options" -> "Change When Computer Goes to Sleep" -> "Advanced Options".

Under "Sleep" you'll see "Allow wake timers". Set both "on battery" and "plugged in" of to "Disable".

That should take care if it.

You'll have to check again after updates as Microsoft sometimes resets that and enables the wake up timers when plugged in.

rustyx

Posted 2017-11-16T00:42:38.700

Reputation: 461