Maybe you’ve been bitten by this issue: There was a Windows 10 Update and now your PC is waking up constantly at the most inconvenient times. Like in the middle of the night, waking you up. Or one minutes after you’ve gone to bed and you find your PC has been running the whole night, doing nothing. Or maybe you put your laptop to sleep and packed it into bag. Then took a flight stuffing the bag into overhead bin. If you and the airplane survived, lucky you.
When you frantically scroll through Event Log to find the culprit to your hardship, you may come across name “UpdateOrchestrator” or “Update Orchestrator Reboot” as some call it. Earlier (before fall 2017) it was possible just to go to Task Scheduler with Administrator credentials and disable the little *** out. Sometime late 2017, Microsoft, in its wisdom, decided that updates were too precious to be left to the common user. So they disable the access to that task in Task Scheduler. If you try to change the Reboot task there, you are asked to supply password for user “S-1-5-18”. It is a system account which apparently has higher access rights than Adminstrator account:
Name: Local System
Description: A service account that is used by the operating system.
And you cannot disable the task. So, it seems that you don’t actually own your PC, which you paid for. Microsoft does. Understandably you might feel a bit *cheated*. Not to mention angry. I’d be happy to run updates with Update Orchestrator, provided that since it knows how to turn on my PC, it would also know how to turn it off. But in my case, it does not.
The procedure to disable the Update Orchestrator Reboot task is described next. Note that this works now, it is very probable that Microsoft will do its best to block asap. I bet there’s a company-wide initiative already.
How to disable Update Orchestrator Reboot task in Windows 10 Home edition.
Download pstools: https://docs.microsoft.com/en-us/sysinternals/downloads/pstools
Extract the tool package
cmd with admin rights
Start (from terminal above) either psexec (32 bit system) or psexec64 (64 bit system)
In the resulting new cmd window run
SCHTASKS /Change /TN "Microsoft\Windows\UpdateOrchestrator\Reboot" /DISABLE
This results in
INFO: Scheduled task "Microsoft\Windows\UpdateOrchestrator\Reboot" has already been disabled.
SUCCESS: The parameters of scheduled task "Microsoft\Windows\UpdateOrchestrator\Reboot" have been changed.
Also run this to disable access to above setting
icacls "%WINDIR%\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot" /inheritance:r /deny "Everyone:F" /deny "SYSTEM:F" /deny "Local Service:F" /deny "Administrators:F"
processed file: C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot
Successfully processed 1 files; Failed processing 0 files
You can check the Task Scheduler (with admin rights) for Reboot task; it is disabled and access is denied. Also check that the Schedule Scan and USO_Broker_Display tasks have “Wake the computer to run this task” unchecked in “Conditions” tab.
Done! And you again own your own computer.
Thanks to DebayanGupta for the above method.
How to send email notification when your PC resumes from sleep
Since I am paranoid I set up a task to notify me with email whenever my PC resumes from sleep. For this, you need sendEmail. Select the TLS enabled Windows package. Open Task Scheduler and Create Task. Next, fill the tabs General, Triggers, Actions, Conditions, Settings like described below
Add a new trigger like picture below. One minute delay allows time for the network to get connected. You can check the Kernel-Power Event ID from your Event Log to be sure.
Add a new action like below.
And arguments are
-f email@example.com -t firstname.lastname@example.org -u "PC Sleep Resume Change Detected" -m "PC Sleep Resume Change Detected" -s smtp.gmail.com:587 -xu email@example.com -xp yoursenderpass -l C:\Your\Path\To\sendEmail-v156\sendEmail.log
Naturally it is wise to create yoursender GMail account for security because yoursender password is there in cleartext.
Finally, OK the task. Task Scheduler asks for your password to create the task. That’s it, now enjoy your flood of notification emails for resume events.