@echo off
title Bloqueio definitivo do Windows Update
chcp 65001 >nul
color 0A

echo =====================================================
echo  BLOQUEIO DO WINDOWS UPDATE - WINDOWS 10 / WINDOWS 11
echo =====================================================
echo.

:: Verifica se está como Administrador
net session >nul 2>&1
if %errorlevel% neq 0 (
    color 0C
    echo ERRO: Execute este arquivo como ADMINISTRADOR.
    echo.
    pause
    exit /b 1
)

set "BASE=%ProgramData%\WUBlock"
set "SCRIPT=%BASE%\bloqueia_wu.cmd"

echo Criando pasta de controle...
mkdir "%BASE%" 2>nul

echo Criando script interno de bloqueio...

(
echo @echo off
echo sc stop wuauserv ^>nul 2^>^&1
echo net stop wuauserv /y ^>nul 2^>^&1
echo sc stop UsoSvc ^>nul 2^>^&1
echo net stop UsoSvc /y ^>nul 2^>^&1
echo sc stop bits ^>nul 2^>^&1
echo net stop bits /y ^>nul 2^>^&1
echo sc stop dosvc ^>nul 2^>^&1
echo net stop dosvc /y ^>nul 2^>^&1
echo.
echo sc config wuauserv start^= disabled ^>nul 2^>^&1
echo sc config UsoSvc start^= disabled ^>nul 2^>^&1
echo sc config bits start^= disabled ^>nul 2^>^&1
echo sc config dosvc start^= disabled ^>nul 2^>^&1
echo.
echo reg add "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /v Start /t REG_DWORD /d 4 /f ^>nul 2^>^&1
echo reg add "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /v Start /t REG_DWORD /d 4 /f ^>nul 2^>^&1
echo reg add "HKLM\SYSTEM\CurrentControlSet\Services\bits" /v Start /t REG_DWORD /d 4 /f ^>nul 2^>^&1
echo reg add "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /v Start /t REG_DWORD /d 4 /f ^>nul 2^>^&1
echo reg add "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /v Start /t REG_DWORD /d 4 /f ^>nul 2^>^&1
echo.
echo reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v DisableWindowsUpdateAccess /t REG_DWORD /d 1 /f ^>nul 2^>^&1
echo reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v SetDisableUXWUAccess /t REG_DWORD /d 1 /f ^>nul 2^>^&1
echo reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v DoNotConnectToWindowsUpdateInternetLocations /t REG_DWORD /d 1 /f ^>nul 2^>^&1
echo reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v WUServer /t REG_SZ /d "http://127.0.0.1" /f ^>nul 2^>^&1
echo reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v WUStatusServer /t REG_SZ /d "http://127.0.0.1" /f ^>nul 2^>^&1
echo reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoUpdate /t REG_DWORD /d 1 /f ^>nul 2^>^&1
echo reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v UseWUServer /t REG_DWORD /d 1 /f ^>nul 2^>^&1
echo reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v AUOptions /t REG_DWORD /d 2 /f ^>nul 2^>^&1
) > "%SCRIPT%"

echo Aplicando bloqueio inicial...
call "%SCRIPT%"

echo.
echo Criando tarefas de reforco...

schtasks /Delete /TN "\Bloqueio Windows Update" /F >nul 2>&1
schtasks /Delete /TN "\Bloqueio Windows Update Watchdog" /F >nul 2>&1

schtasks /Create /TN "\Bloqueio Windows Update" /SC ONSTART /RU SYSTEM /RL HIGHEST /TR "cmd.exe /c \"%SCRIPT%\"" /F >nul 2>&1

schtasks /Create /TN "\Bloqueio Windows Update Watchdog" /SC MINUTE /MO 1 /RU SYSTEM /RL HIGHEST /TR "cmd.exe /c \"%SCRIPT%\"" /F >nul 2>&1

echo Executando watchdog agora...
schtasks /Run /TN "\Bloqueio Windows Update Watchdog" >nul 2>&1

timeout /t 5 /nobreak >nul

echo.
echo =====================================================
echo  VERIFICANDO STATUS
echo =====================================================
echo.

set "OK=1"

sc query wuauserv | find /i "STOPPED" >nul
if %errorlevel% neq 0 set "OK=0"

sc qc wuauserv | find /i "DISABLED" >nul
if %errorlevel% neq 0 set "OK=0"

reg query "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /v Start | find /i "0x4" >nul
if %errorlevel% neq 0 set "OK=0"

reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoUpdate | find /i "0x1" >nul
if %errorlevel% neq 0 set "OK=0"

reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v UseWUServer | find /i "0x1" >nul
if %errorlevel% neq 0 set "OK=0"

schtasks /Query /TN "\Bloqueio Windows Update" >nul 2>&1
if %errorlevel% neq 0 set "OK=0"

schtasks /Query /TN "\Bloqueio Windows Update Watchdog" >nul 2>&1
if %errorlevel% neq 0 set "OK=0"

echo Servico Windows Update:
sc query wuauserv | findstr /i "ESTADO STATE"

echo.
echo Tipo de inicio:
sc qc wuauserv | findstr /i "INICIO START DISABLED"

echo.
echo Registro do servico:
reg query "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /v Start

echo.
echo Politicas do Windows Update:
reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU"

echo.
echo Tarefas criadas:
schtasks /Query /TN "\Bloqueio Windows Update"
schtasks /Query /TN "\Bloqueio Windows Update Watchdog"

echo.
echo =====================================================

if "%OK%"=="1" (
    color 0A
    echo STATUS FINAL: OK - WINDOWS UPDATE BLOQUEADO.
    echo.
    echo Reinicie o computador e execute este arquivo novamente
    echo apenas para confirmar se continua OK.
) else (
    color 0C
    echo STATUS FINAL: VERIFICAR - ALGUM ITEM NAO FICOU COMO ESPERADO.
    echo.
    echo O ideal e aparecer:
    echo ESTADO: STOPPED
    echo TIPO_DE_INICIO: DISABLED
    echo Start: 0x4
    echo NoAutoUpdate: 0x1
    echo UseWUServer: 0x1
)

echo =====================================================
echo.
pause