Clean installing 24H2 without getting all cumlative updates slowing you down.


cereberus

Well-known member
Guru
VIP
Local time
5:22 PM
Posts
6,875
Visit site
OS
Windows 11 Pro + Win11 Canary VM.
Due to an annoying change in oobe, Windows now automatically downloads all cumulative updates during installation at the oobe phase regardless if using an MS or local account. This can take easily take tens of minutes.

The easiest way to avoid that is to create a local account (by your favourite method) with the internet switched off.

If installing in Hyper-V, you just turn off the network adaptor before installation.

This is much faster, avoids all those tedious oobe screens and does not hold you up installing all the cumulative updates - you can do that later once it is installed.

Once installed, turn on the internet (or turn on network adaptor in Hyper-V), then optionally search for updates.

I assume you can turn off the network in other VM Tools as well if using them instead of Hyper-V.
 

My Computer

System One

  • OS
    Windows 11 Pro + Win11 Canary VM.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Zenbook 14
    CPU
    I9 13th gen i9-13900H 2.60 GHZ
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB soldered
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    laptop OLED screen
    Screen Resolution
    2880x1800 touchscreen
    Hard Drives
    1 TB NVME SSD (only weakness is only one slot)
    PSU
    Internal + 65W thunderbolt USB4 charger
    Case
    Yep, got one
    Cooling
    Stella Artois (UK pint cans - 568 ml) - extra cost.
    Keyboard
    Built in UK keybd
    Mouse
    Bluetooth , wireless dongled, wired
    Internet Speed
    900 mbs (ethernet), wifi 6 typical 350-450 mb/s both up and down
    Browser
    Edge
    Antivirus
    Defender
    Other Info
    TPM 2.0, 2xUSB4 thunderbolt, 1xUsb3 (usb a), 1xUsb-c, hdmi out, 3.5 mm audio out/in combo, ASUS backlit trackpad (inc. switchable number pad)

    Macrium Reflect Home V8
    Office 365 Family (6 users each 1TB onedrive space)
    Hyper-V (a vm runs almost as fast as my older laptop)
i linked this post to another post as a possible answer, i hope you dont mind.

best of luck, Steve ..
 

My Computers

System One System Two

  • OS
    Win 11 Home 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP 24" AiO
    CPU
    Ryzen 7 5825u
    Motherboard
    HP
    Memory
    64GB DDR4 3200
    Graphics Card(s)
    Ryzen 7 5825u
    Sound Card
    RealTek
    Monitor(s) Displays
    24" HP
    Hard Drives
    1TB WD Blue SN580 M2 SSD Partitioned.
    250GB C:/Windows .. 750GB D:/Home.
    2x 1TB USB HDD External Backup/Storage.
    Internet Speed
    900MB full fibre
    Browser
    Vivaldi .. Browser, Calendar, eMail.
    Antivirus
    AVG Internet Security
    Other Info
    Mainly Open Source Software
  • Operating System
    Windows 11 Home 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP 24" AiO
    CPU
    Ryzen 5 5500u
    Motherboard
    HP
    Memory
    32GB DDR4 3200
    Graphics card(s)
    AMD Radeon GPU
    Sound Card
    RealTek
    Monitor(s) Displays
    HP
    Hard Drives
    1TB WD blue SN580 M2 SSD Partitioned.
    250GB C:/Windows .. 750GB D:/Home.
    2x 1TB HDD External Backup/Storage.
    Internet Speed
    900MB Full Fibre
    Browser
    Microsoft Edge
    Antivirus
    AVG Internet Security
    Other Info
    Mainly Windows Software
    'The Wife's Computer'
If one could block access to sdx.microsoft.com early in the OOBE process, e.g. by adding an entry to the hosts file pointing to 127.0.0.1, this update process would fail gracefully. I don't mess with unattends very much. Maybe @hsehestedt?

Edit: Actually, not so gracefully. OOBE complained that I had no network connection a few times. I just kept telling it to retry, and it went through.
 
Last edited:

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Intel NUC12WSHi7
    CPU
    12th Gen Intel Core i7-1260P, 2100 MHz
    Motherboard
    NUC12WSBi7
    Memory
    64 GB
    Graphics Card(s)
    Intel Iris Xe
    Sound Card
    built-in Realtek HD audio
    Monitor(s) Displays
    Dell U3219Q
    Screen Resolution
    3840x2160 @ 60Hz
    Hard Drives
    Samsung SSD 990 PRO 1TB
    Keyboard
    CODE 104-Key Mechanical with Cherry MX Clears
    Antivirus
    Microsoft Defender
  • Operating System
    Linux Mint 21.2 (Cinnamon)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Intel NUC8i5BEH
    CPU
    Intel Core i5-8259U CPU @ 2.30GHz
    Memory
    32 GB
    Graphics card(s)
    Iris Plus 655
    Keyboard
    CODE 104-Key Mechanical with Cherry MX Clears
If one could block access to sdx.microsoft.com early in the OOBE process, e.g. by adding an entry to the hosts file pointing to 127.0.0.1, this update process would fail gracefully. I don't mess with unattends very much. Maybe @hsehestedt?

I’d like to see that added to Rufus. MAKE IT HAPPEN SEMOUR! FEED ME!!!
 

My Computers

System One System Two

  • OS
    Windows Pro 23H2 Build 22631.4249
    Computer type
    PC/Desktop
    Manufacturer/Model
    Sin-built
    CPU
    Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz (4th Gen?)
    Motherboard
    ASUS ROG Maximus VI Formula
    Memory
    32.0 GB of I forget and the box is in storage.
    Graphics Card(s)
    Gigabyte nVidia GeForce GTX 1660 Super OC 6GB
    Sound Card
    Onboard
    Monitor(s) Displays
    4 x LG 23MP75 - 2 x 24MK430H-B - 1 x Wacom Pro 22" Tablet
    Screen Resolution
    All over the place
    Hard Drives
    Too many to list.
    OS on Samsung 1TB 870 QVO SATA
    PSU
    Silverstone 1500
    Case
    NZXT Phantom 820 Full-Tower Case
    Cooling
    Noctua NH-D15 Elite Class Dual Tower CPU Cooler / 6 x EziDIY 120mm / 2 x Corsair 140mm somethings / 1 x 140mm Thermaltake something / 2 x 200mm Corsair.
    Keyboard
    Corsair K95 / Logitech diNovo Edge Wireless
    Mouse
    Logitech G402 / G502 / Mx Masters / MX Air Cordless
    Internet Speed
    100/40Mbps
    Browser
    All sorts
    Antivirus
    Kaspersky Premium
    Other Info
    I’m on a horse.
  • Operating System
    Windows 11 Pro 23H2 Build: 22631.4249
    Computer type
    Laptop
    Manufacturer/Model
    LENOVO Yoga 7i EVO OLED 14" Touchscreen i5 12 Core 16GB/512GB
    CPU
    Intel Core 12th Gen i5-1240P Processor (1.7 - 4.4GHz)
    Memory
    16GB LPDDR5 RAM
    Graphics card(s)
    Intel Iris Xe Graphics Processor
    Sound Card
    Optimized with Dolby Atmos®
    Screen Resolution
    QHD 2880 x 1800 OLED
    Hard Drives
    M.2 512GB
    Other Info
    …still on a horse.
I'll need to experiment with this because this is news to me, but I have some initial thoughts:

First, I typically do unattended installs and because I also always inject the latest updates into my images, when I install, I already have all the cumulative and incremental updates in my image so I never see this. That's why this is completely new to me.

Here is what I will try: First, I'm going to try an unattended install of an older build to see if that gets around it downloading updates during installation.

Second, I'm curious about exactly where it tries to get the updates. If it is sometime AFTER the first initial static screen following the reboot(s) during setup, I wonder if you couldn't simply press SHIFT + F10 to open a command prompt and do an "ipconfig /release" to make sure you have no network connection.

Let me start testing and I will report back.

If anyone has additional ideas I should test, let me know.
 

My Computers

System One System Two

  • OS
    Win11 Pro 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Kamrui Mini PC, Model CK10
    CPU
    Intel i5-12450H
    Memory
    32GB
    Graphics Card(s)
    No GPU - Built-in Intel Graphics
    Sound Card
    Integrated
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 2TB NVMe SSD
    1 x 4TB NVMe SSD
    1 x 4TB 2.5" SSD
    PSU
    120W "Brick"
    Keyboard
    Corsair K70 Mechanical Keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Mouse
    Buttonless Glass Precision Touchpad
    Keyboard
    Backlit, spill resistant keyboard
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
Okay, testing done.

For an unattended installation it does indeed look for updates, so that alone does not work around the issue.

For a standard manual installation, it only looks for the updates several screens into the OOBE so you can simply do an "ipconfig /release". If you want to create a local account you can do this:

At the first static screen during OOBE (Is this the right country or region?), do your usual SHIFT + F10, oobe\bypassnro. The system reboots. When you get to that same screen again, do a SHIFT + F10 again and issue the "ipconfig / release".

Question: What exactly is it downloading here? When I see it checking for updates it is extremely fast, just a few seconds. Is it only grabbing some sort of critical updates for setup only? Are the long updates only happening in insider builds?

My test scenario:

I was testing with build 26100.1742. That already includes the Checkpoint update, but not any incremental update, so if it was indeed downloading an incremental update, it would take longer. Also, when setup is done, I am on build 1742, not anything newer, so clearly it is not installing the incremental.

Help me understand :-)

EDIT: I'll research more to see what can be done to work around this. If I can disable network with a registry entry, in the same manner as the entries to bypass system requirements, then we would be in business. Starting research now :-)
 

My Computers

System One System Two

  • OS
    Win11 Pro 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Kamrui Mini PC, Model CK10
    CPU
    Intel i5-12450H
    Memory
    32GB
    Graphics Card(s)
    No GPU - Built-in Intel Graphics
    Sound Card
    Integrated
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 2TB NVMe SSD
    1 x 4TB NVMe SSD
    1 x 4TB 2.5" SSD
    PSU
    120W "Brick"
    Keyboard
    Corsair K70 Mechanical Keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Mouse
    Buttonless Glass Precision Touchpad
    Keyboard
    Backlit, spill resistant keyboard
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
Okay, if my research is correct, this should be easy and Pete could incorporate this in Rufus super easily.

Apparently, when you run "oobe\bypassnro" that IS already disabling the network (NRO = Network Readiness Operations). So, if you do that, then there is no need to do the ipconfig /release after the reboot.

This can also be added to the registry during setup so that it would be just one more entry in addition to those that bypass requirements.

This is all what the web tells me - I have to actually test it.

As they say, "please standby".
 

My Computers

System One System Two

  • OS
    Win11 Pro 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Kamrui Mini PC, Model CK10
    CPU
    Intel i5-12450H
    Memory
    32GB
    Graphics Card(s)
    No GPU - Built-in Intel Graphics
    Sound Card
    Integrated
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 2TB NVMe SSD
    1 x 4TB NVMe SSD
    1 x 4TB 2.5" SSD
    PSU
    120W "Brick"
    Keyboard
    Corsair K70 Mechanical Keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Mouse
    Buttonless Glass Precision Touchpad
    Keyboard
    Backlit, spill resistant keyboard
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
Wow, the registry entry I found made it worse. It actually triggered the installation of updates that you described.

It first showed me this screen from which I selected to setup for personal use:

Image1.jpg

Then I get this:

Image2.jpg

This is the first time that I have ever seen this.

More research. I have a feeling that this time I won't be so quick - this one will probably take a while of research and testing.
 

My Computers

System One System Two

  • OS
    Win11 Pro 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Kamrui Mini PC, Model CK10
    CPU
    Intel i5-12450H
    Memory
    32GB
    Graphics Card(s)
    No GPU - Built-in Intel Graphics
    Sound Card
    Integrated
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 2TB NVMe SSD
    1 x 4TB NVMe SSD
    1 x 4TB 2.5" SSD
    PSU
    120W "Brick"
    Keyboard
    Corsair K70 Mechanical Keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Mouse
    Buttonless Glass Precision Touchpad
    Keyboard
    Backlit, spill resistant keyboard
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
BypassNRO does nothing to disable the network, it only works on MSA enrollment.

"ENROLL" -> "N" -"RO"
If you're fluent in English, read that word out loud to make sense of the inside joke.

Prior to 24H2, W11 OOBE always had Zero-Day Patching (ZDP) but it was always limited to minor fixes like OOBE updates. In 24H2, OOBE is forcing a WU update to the latest CU if your install is behind. You're more likely to see this if you didn't integrate the Setup Dynamic Update into the install image.
 

My Computer

System One

  • OS
    Windows 7
BypassNRO does nothing to disable the network, it only works on MSA enrollment.

"ENROLL" -> "N" -"RO"
If you're fluent in English, read that word out loud to make sense of the inside joke.

Prior to 24H2, W11 OOBE always had Zero-Day Patching (ZDP) but it was always limited to minor fixes like OOBE updates. In 24H2, OOBE is forcing a WU update to the latest CU if your install is behind. You're more likely to see this if you didn't integrate the Setup Dynamic Update into the install image.
Thanks, Garlin. Yeah, I discovered in my testing that the bypassnro does not bypass networking.

I guess that the reason I never saw this was that I was always using a minimum build of 26100.1742 which already has the cumulative update. What you say makes sense - since it only updates to the latest cumulative and not incremental, this is why I was not seeing it triggered.

I really appreciate your insight - that helps me understand a lot.

Ironically, I found a registry setting that I added to phase 1 (WindowsPE) that basically is the equivalent of running bypassnro and that in turn caused me to see that update screen for the first time ever (as I showed in my earlier screenshot), so that was a negative on success.

For now, the only real workarounds I see are:

1) During a manual setup, use the ipconfig /release.
2) Inject the latest updates into your image so that Windows has nothing to update :-)

I already do #2, so this is pretty much a non issue for me, but I will continue the research.
 

My Computers

System One System Two

  • OS
    Win11 Pro 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Kamrui Mini PC, Model CK10
    CPU
    Intel i5-12450H
    Memory
    32GB
    Graphics Card(s)
    No GPU - Built-in Intel Graphics
    Sound Card
    Integrated
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 2TB NVMe SSD
    1 x 4TB NVMe SSD
    1 x 4TB 2.5" SSD
    PSU
    120W "Brick"
    Keyboard
    Corsair K70 Mechanical Keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Mouse
    Buttonless Glass Precision Touchpad
    Keyboard
    Backlit, spill resistant keyboard
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor

Latest Support Threads

Back
Top