aaacctually.

....i'm still on the laptop, and i think i may have hit a bit of a breakthrough with those update files. i think i actually managed to completely get rid of them. finally....

i decided that if i was going to reimage a little later anyways then i'd might as well finish updating the group policy settings. so, i spent some time finalizing a lockdown that i had put on hold the other day when i got the lock screen on the reboot halfway through.

i decided to try a reboot, and it actually came up. surprisingly...

to recall - what was happening was that something was being pushed down from somewhere, leaving a trail in the firefox temp directories, and then leading to a windows update process trying to install a list of packages that i strangely had sitting in several directories and couldn't figure out how to get rid of, which updated the cryptographic files in the catroot directory and left some errors in the dberr.txt file. there were random reboots. it seemed to be trying to install an unsigned driver, which brought up a lock screen on a known issue - because i have that disabled. if i were to disable it, it would install a bunch of sketchy looking servers...

something else is happening, now. instead of a failed install and a lock screen on an unsigned driver, the status of the catroot files is suggesting to me that these packages are actually uninstalled. the log files have updated, but they've updated to tell me that the files are gone.

to be clear: it still looks like this process was triggered remotely. but, deleting the files out of the winsxs directory seems to have been what i needed to do to get the subsystem to fuck off. they might keep trying to deploy, but i might have succeeded in getting rid of the packages they're trying to deploy, and the files might just error out.

the group policy is that much stricter now, too.

as stated previously, i'm resigned to needing to reimage regularly. but, i'm going to hold off for now and see where this goes....