Windows, since 7 (maybe Vista), has automatically defragmented hard drives. Windows since 8 (I think) also automatically optimizes solid state drives.
Windows 7 SP1 could trim/optimize SSD's at the logon screen iirc. But it is still recommended to check and ensure TRIM is enabled and to enable it if it isn't already, which it usually was by default when an SSD was detected. Pre-SP1...that's a different story. But post-SP1 I recall being pretty SSD friendly.
https://lifehacker.com/5640971/check-if-trim-is-enabled-for-your-solid-state-drive-in-windows-7
Put 7 back on it and enjoy it for the remaining 1.5 years. Make sure to read the 7 KBB descriptions as you patch it up.
That is an option, or toss the latest Ubuntu on there. Going back to Gnome GUI has been pretty solid and far smoother performance-wise on low-end gear, I've had my mom able to easily use a spare system I had with it while I get hers back up to snuff (Win10 system). We are talking an old dual core/4GB RAM/HDD system and it's nice and snappy right now with Bionic Beaver. The latest Ubuntu has been a pleasure to use and deploy for users, and I would venture to say one of the best iterations of the OS yet to be released.
I have no clue how to solve this nonsense long term and MS's support was next to useless. I spent 1 hour explaining things to the person on the other end and then they've just done what I've already done myself, removed the update manually. That's not much of a fix when you want to keep OS updated because MS itself is pressuring you to do so on all ends.
Unfortunately 2018 has been pretty busy with a LOT of "oops" patches from MS. There's still one they keep pushing out monthly that has the potential to cause NIC ports to stop working but still be present. This has been a huge pain in the ass, because this has been happening monthly since April (or March) because there is a security element that MS keeps pushing out, then another element that kills NIC activity, but they can't seem to separate them.
I work for an MSP and we utilize Continuum ITSupport RMM, which we also use to whitelist/blacklist Windows updates, we've been mostly staying ahead of the curve since April except for the time MS 0-dayed one of the security patches that also contained the "NIC killing bug". That was an all hands on deck situation going on-site to repair/reinstall NIC drivers where we could on systems that didn't have WiFi adapters available (A LOT of them didn't, but now have at least a spare on-site that is usable thanks to this).
The most current KB that has been blacklisted through our RMM service, and also one we're blocking on WSUS is KB4338818.
Here's a quick statement provided by Continuum:
[Action Required] Microsoft July 2018 Security Updates KB4338818 Blacklisted for All Partners
Date: 7/11/2018
We have blacklisted the July Monthly Security Update for Windows 7 and Server 2008 R2 SP1 (KB4338818) for all partners. After testing, the team found that the same major issue that causes the NIC to stop working is still present.
We are following the same
guidance and process that we shared previously, and as a reminder there is a script available to help you find which resources have the missing OEM .INF file so that you can replace the network drivers on those resources before applying the Security Update. For a step-by-step guide visit the
Zero-Day Patch Update Doc Center page.
To ensure that you get this Security Update and future Security Updates follow and complete the steps outlined in the Zero-Day Patch Update page as our team
will not whitelist this update or future updates with this major issue present.
You can also choose to deploy the update using the “Manual Deployment” capability within the ITSupport portal to schedule an on-demand job that will deploy the update to any resource(s) or site(s) you wish.
Please know that we are committed to your success and are continuing to evaluate additional ways to provide you with the more control and options. Any updates made will be communicated with you.
The frustrating part, and I feel your pain
@RejZoR is that we really shouldn't have to be manually filtering or controlling patches. There are many situations where that doesn't happen, but it seems the situations to pay more attention to Windows updates and having to remove or blacklist them has definitely increased in frequency as Windows 10 has matured. Which seems pretty backwards to me as well. But in the age of seems like almost daily vulnerabilities being reported, maybe it shouldn't be so surprising.
Either way, maybe going W10 LTSB as
@eidairaman1 suggested earlier in the thread would be the appropriate way to go. Use Win Defender + whatever you prefer, use DNS filtering service(s), etc...you probably already do all of that for her though. Sure you won't have the latest and greatest security patching, but with the latest and greatest security patching causing issues, that might not always be such a bad thing.