WOUTempAdmin - WSUS locked me out

Larry Sabo

Larry Sabo

Well-Known Member
Reaction score
3,390
Location
Ottawa, Canada
After spending a frustrating day wrestling with this problem, where WSUS locked me out of an Acer Vista x86 system I was updating with WSUS from factory default, I thought I'd post the cause and solution for future reference.

WSUS uses a temporary WOUTempAdmin account to install updates. If the screensaver comes on during the update, a randomized password is required to get back in; you're screwed because you can't know that password. I tried everything I could find on the problem without success, so decided to start over.

This time, after restoring the system to factory default again and during the update while WOUTempAdmin was the current user, I changed the screensaver settings to give 70 minutes before the screensaver kicks in. Update completed without drama, happy to say.

I didn't find anything searching in Technibble so thought I'd post this.
 
restart, login with your admin account, delete the WOUTempAdmin account. Restart the process and make sure UAC if off. This happens a lot of the time if you don't turn UAC off or forget to restart it after turning it off and before you begin WSUS offline.
 
Thanks for that. When I started over, I didn't disable UAC yet the update ran without a hitch. Never had the problem before yesterday.

Edit #1: Now that I think about it, I do recall that there was a notification that WSUS gave that UAC would be disabled, and I think it restarted after that, so I don't know what happened yesterday.

EDIT #2: Used WSUS yesterday to update a Win7 system and WSUS said it would disable UAC but launched right into the update without immediately rebooting. Fortunately, I set the screensaver to 70 minutes while in the WOUTempAdmin account and had no problems. On the VISTA system before that, I was unable to log into any user accounts because they all asked for a password, yet none had been assigned. I cleared passwords with Active@Password Changer, activated the Admin account, logged in and tried many other things I have since forgotten. I'll update WSUS to hopefully avoid the issue in the future.
 
Last edited:
I don't have one here (at home right now), but there is a folder in there called cmd, or similar. In that folder is a script you can run from your normal account to clean up and remove the woutemp account.

Found it:
Q: I enabled the "automatic reboot and recall" option, and now my PC automatically logs into the "WOUTempAdmin" account. How can I prevent that and revert to my previous account settings?
A: That issue rarely happens. Please help improve the software by submitting a detailed error report, including the preconditions and how to reproduce the error, to the development team.
To "clean up" your OS do the following:
- Cancel running update scripts using <Ctrl>+C;
- Execute the "CleanupRecall.cmd" script in the "cmd" directory, then reboot.
Click to expand...

Rick
 
Last edited:
Are you running the most current version of WSUS? IIRC, there was an update (1-2 years ago?) that resolved a problem similar to this. I've used WSUS for years and haven't run into this (yet :rolleyes:)
 
  • Like
Reactions: GTP
WSUSOffline issues

I'd been having "in-completed" updates using last weeks' downloads (Win 7-32/64 and Vista 32/64). But since the last software update (ran this am) no problems (knocking on wood).

Using the the "CleanupRecall.cmd" script in the "cmd" directory has saved me some headaches when the routine would dump out after the first reboot.

I don't have the luxury of having the freshly created .iso files located on the network. So I am currently temporarily installing an ISO mounting utility, copying the .iso file to the \user\download folder, then mounting the ISO file. Then I copy the folder to the desktop and run the update program from there. I'm fairly sure this fixed my in-completed update routine since the folder was no longer mounted after the reboot of the computer.

So far, so good! Once it's all done, uninstall the mounting proggy (sometimes) and delete the .ISO file and the computer is good to go. :)
 
Wouldn't it be easier just to set WSUSoffline update generator to save its folder to an external drive? That's all I did before I got a NAS. No ISOs to generate, none to mount.
 
  • Like
Reactions: GTP
Xander said:
Wouldn't it be easier just to set WSUSoffline update generator to save its folder to an external drive? That's all I did before I got a NAS. No ISOs to generate, none to mount.
Click to expand...


Yep. I haven't created an ISO for this.... Ever.
You can choose either to create an ISO, or save to a drive folder. Mine saves to a network folder which I use in the office.
Also, I just copy the entire folder to a USB drive when I'm out and aboot
 
bertie40 said:
Yep. I haven't created an ISO for this.... Ever.
You can choose either to create an ISO, or save to a drive folder. Mine saves to a network folder which I use in the office.
Also, I just copy the entire folder to a USB drive when I'm out and aboot
Click to expand...

(me) --- duh!!!! Guess I should look at the options more closely. :eek: :o :confused:
 
  • Like
Reactions: GTP
Xander said:
Wouldn't it be easier just to set WSUSoffline update generator to save its folder to an external drive? That's all I did before I got a NAS. No ISOs to generate, none to mount.
Click to expand...
I use the isos for the Zalman, because I don't like having it in hdd/dual mode when I'm working on potentially compromised systems.
 
Ahhh - personally, I wouldn't even consider doing updates until I'm well past the point of thinking it was still infected. If that's still a risk, I'm not done cleaning it yet.

And I don't do any disinfection onsite anymore anyway so I'd still not be using my Zalman for that. Come to think of it, I almost never use my Zalman for updates. If I'm onsite, I just start up a Windows Update and tell them to keep running it until it says there are no more.
 
So I am new to WSUSoffline

Do you guys typically create a master WSUS update containing EVERYTHING (Win 7, 8, 10) or do you split it and save it off as each OS version (x32 and x64) and Ms Office separately and so on....

How about the C++ and Net Framework?

and how about ISO vs saving it to a folder?
 
Last edited:
mlfixer said:
So I am new to WSUS.

Do you guys typically create a master WSUS update containing EVERYTHING (Win 7, 8, 10) or do you split it and save it off as each OS version (x32 and x64) and Ms Office separately and so on....

How about the C++ and Net Framework?

and how about ISO vs saving it to a folder?
Click to expand...

I do a master for everything. Wsus knows what os is updating.

.net etc is taken care of via ninite
 
Cybjun said:
restart, login with your admin account, delete the WOUTempAdmin account. Restart the process and make sure UAC if off. This happens a lot of the time if you don't turn UAC off or forget to restart it after turning it off and before you begin WSUS offline.
Click to expand...

I know WSUS turns off UAC when updating, but I never checked - it does turn it back on again, right?
 
You must log in or register to reply here.

Similar threads

thecomputerguy
Client locked out of MSN account in an interesting way.
Replies
7
Views
205
thecomputerguy
thecomputerguy
HCHTech
Odd MB failure
Replies
2
Views
653
HCHTech
HCHTech
britechguy
Win11 Repair Install with fresh ISO fails with code 0xC1900101-0x30017. Potential fixes, anyone?
Replies
9
Views
2K
britechguy
britechguy
britechguy
[Solved] Bizarre Issue
Replies
6
Views
988
GTP
GTP
YeOldeStonecat
Credential Manager broken in a handful of computers in recent W10 updates, 365 users frustrated
Replies
19
Views
3K
HCHTech
HCHTech
Back
Top