Windows 7: End of Support Notifications, Extended Security Updates Program

On January 14, 2020, extended support for the Windows 7 SP1 and Windows Server 2008 R2 will end. Accordingly, after this date Microsoft won’t release new security updates and patches for these OSs. In this regard, Microsoft has released several updates that will notify Microsoft Update CatalogWindows 7 users of the need to upgrade to  Windows 10.

If you use the free Microsoft Security Essentials (MSE) antivirus on your Windows 7, , it won’t update the virus definitions since the beginning of 2020 also.

End of Support Notifications for Windows 7 Users

Starting from April 2019, Windows 7 Home edition (Home Premium) users began to receive nag notification of upcoming Windows 7 End-of-Support. The Windows 7 EOS notification looked like this:

You can hide this notification by checking the box “Do not remind me again”. If you click on the “Learn more” button, a page opens that describes the process of upgrading to Windows 10 (there are still options for a free in-place upgrade to Windows 10).

This notification began to appear after installing the KB4493132 update. This is a small update, distributed through the Windows Update and classified as “Optional” (Recommended):

2019-03 Update for Windows 7 for x64-based systems (KB4493132).

The update extracts the file C:\Windows\System32\sipnotify.exeand runs it daily through a scheduled task (run the taskschd.msc and check the Notify1 and Notify2 tasks in the branch Microsoft\Windows\End of Support).

Starting from October 15, a similar end of support notification began to appear on computers running the Windows 7 Professional edition. The notification begins to appear after installing update KB4524752.

Update KB4524752 doesn’t display EoS notification on computers running Professional and Enterprise version of Windows 7 that are joined to the Active Directory domain, on Windows Server, on kiosk devices, on computers that have previously disabled free Windows 10 upgrade notification through the registry (set the parameter DisableOSUpgrade = 1).

You can hide the End of Support notification on Windows 7 by checking the corresponding box or hide the update (via the Control Panel or through the PSWindowsUpdate PowerShell module).

If you select the “Do not remind me again” check box, the DontRemindMe registry parameter in the reg key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SipNotify will be set to 0.

If the KB4524752 update is already installed, you can disable the notification on users’ computers through the registry with the following commands:

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\GWX" /v "DisableGWX" /t reg_dword /d 1 /f – hide End of Support notification in Windows 7 SP1.

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "DisableOSUpgrade" /t reg_dword /d 1 /f – disable Windows 10 upgrade notification.

In December 2019, Microsoft released another update to notify Windows 7 users of the upcoming end of support – KB4530734 (Monthly Rollup). The update replaces %windir%\system32\EOSNotify.exe file. The notification has become more visible – now it is a splash-screen popup. This notification will be displayed starting from the Windows 7 end of support data (from January 15, 2020).

The notification window indicates the risks to continue using Windows 7 after January 14, 2020.

This notification window appears at user logon, and then every other day at 12:00 PM. The notification is displayed by tasks EOSNotify and EOSNotify2 in the Task Scheduler (check the Microsoft\Windows\Setup\ section).

You can disable these tasks using the commands:

schtasks.exe /change /TN “Microsoft\Windows\Setup\EOSNotify” /Disable
schtasks.exe /change /TN “Microsoft\Windows\Setup\EOSNotify2” /Disable

Also, you can set the value of DiscontinueEOS parameter to 1 in the registry key HKCU\Software\Microsoft\Windows\CurrentVersion\EOSNotify. This registry value is also set if you clicked on the “Don’t remind me again” button in the notification screen. You can create and apply such a disableEOS.reg file:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\EOSNotify]
"DiscontinueEOS"=dword:00000001

When you click on the “Remind me later” button, a notification will appear again after 3 days.

FAQ: Extended Security Updates Program for Windows 7

Updates for Windows 7 and Windows Server 2008 R2 through Extended Security Updates (ESU) are available to companies participating in the Volume Licensing, as well as through the Cloud Solution Partner (CSP) program. The cost of an annual subscription to get the security updates under the ESU program:

• First year (January 2020 – January 2021) – $25 for a single Windows 7 Pro device and $50 for an Enterprise;
• Second year (2021-2022) — 50$ for a Windows 7 Pro, 100$ for a Windows 7 Enterprise;
• Third year (2022-2023) — 100$ for a Windows 7 Pro, 200$ for a Windows 7 Enterprise.

After purchasing a subscription to the Extended Security Updates program for Windows 7, you should receive a MAK key for Windows 7 under your account on the Microsoft Volume Licensing Site (VLSC): Licenses -> Relationship Summary -> Licensing ID -> Product Keys.

The number of activations of the MAK ESU key depends on the number of Windows 7 devices for which you paid for support.

You should install your ESU Windows 7 MAK key on the client devices:

slmgr /ipk <ESU_Win7_MAK_Key>

Check the Windows activation status:

slmgr /dlv

Please note that the license type has changed to the Windows (R) 7, Client-ESU-Year1 add-on for Enterprise, Professional.

Activate your ESU subscription by an Activation ID value:

slmgr /ato <ESU_Activation_ID>

The following activation IDs are used:

 Windows 7 SP1:

• 1 year — 77db037b-95c3-48d7-a3ab-a9c6d41093e0
• 2 year — 0e00c25d-8795-4fb7-9572-3803d91b6880
• 3 year — 4220f546-f522-46df-8202-4d07afd26454

Windows Server 2008 R2

• 1 year — 553673ed-6ddf-419c-a153-b760283472fd
• 2 year — 04fa0286-fa74-401e-bbe9-fbfbb158010d
• 3 year — 16c08c85-0c8b-4009-9b2b-f1f7319e45f9

It is convenient to use the Volume Activation Management Tool (VAMT) to manage ESU keys on Windows 7 clients.

In order to make sure that your Windows 7 computers can receive updates through the Extended Security Updates program, you need to download and install the special update KB4528069 from the Microsoft Update Catalog (http://www.catalog.update.microsoft.com/Search.aspx?q=KB4528069). You can try installing this test update in your environment to verify that you are ready to receive Windows 7 updates through ESU after the end of support date.

After activating the ESU subscription on the client, you can use the previously used update installation strategy – Windows Update, WSUS, SCCM or any other update distribution tool.

How to Bypass Extended Security Updates Checks in Windows 7?

You can already search in a web and find instructions that describe how to bypass ESU protection and receive free security updates for Windows 7 after January 2020 (https://forums.mydigitallife.net/threads/bypass-windows-7-extended-security-updates-eligibility.80606/).

According to the author, this batch file made it possible to automatically download and install a test ESU update (whether this method will work after January 2020 is not clear).

You can check this ESU workaround scenario on Windows 7 device:

1. Check or install updates to support WU SHA2 hash algorithms: KB4490628 and KB4474419;
2. Install the latest servicing stack update: KB4531786;
3. Install BypassESU.bat;
4. Install ESU Test Update:  KB4528069.