Disabling Windows 10 Automatic Update until you are ready to update

Wow.  It’s been a year since my last post.  I really suck at this blogging thing, huh?Anyways.

I’ve seen many, many people tweeting about their frustrations with Windows 10 and its “Recommended” update process.  I found a way to circumvent the process, so I decided to make a post to share.  There may be a much better way to do this.  If there is, I’d love to hear about it – I don’t really like disabling the update process, but this is the only way I’ve found to prevent unwanted update sessions that greatly interfere with my day-to-day.

Disclaimer:  This will prevent Windows Update from working AT ALL.  The onus will be on you to reverse the process if you want to update, even though it is rather easy.  Going without updates for any extended length of time is a BAD idea.  Make sure you continue to update periodically.

Also, if at a business, check with your IT department before implementing this.  Speaking as someone in IT, it would make me extremely unhappy if one of my users did this.

Note that there is another update mechanism by which Windows updates its app store / built-in type apps – OneNote, Sticky Notes, MSN Money/News/Sports, etc.  These updates will still occur, but should not reboot your machine.

Prerequisites:  Windows 10 Professional or Ultimate.  This will not work on Windows 10 Home.  You will also need to make sure you have the required level of access to edit local Group Policy (generally you need to be an administrator) and that other Group Policy is not being applied to your machine by your IT department (which could overwrite these settings).

Overview: Windows has a built in mechanism to enable IT departments to control what updates are deployed to their client systems, called WSUS – Windows Server Update Services.  Ironically, a key feature of this functionality is to enable admins to dictate exactly when and how their clients should update.  Why Microsoft decided it was a good idea to go the complete opposite direction for end user OS updates and literally force you to update with only minor configurability, I’ll never understand.  To prevent Windows Update from functioning, we essentially tell your computer that it needs to report to a WSUS server, and then point it at a hostname that doesn’t exist.

To do this, we need to edit local group policy:

  1. From Windows start menu (or wherever), run gpedit.msc
  2. Browse to Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update
  3. Open “Configure Automatic Updates”
    1. Set it to Enabled
    2. Change the “Configure automatic updating” drop down menu to “2 – Notify for download and notify for install”
    3. Leave “Install during automatic maintenance” disabled  – probably doesn’t matter, but I have it disabled.
    4. Scheduled install day/time don’t really matter, because there won’t be anything to install!
    5. Leave”Install updates for other Microsoft products” disabled – probably doesn’t matter, but I have it disabled.
    6. Accept the changes
  4. Open “Specify intranet Microsoft update service location”
    1. Set it to Enabled
    2. Fill both boxes in with a URL that does not exist.  I used “http://gobbledygook” for both of mine.
    3. Accept the changes
  5. Reboot your computer
  6. Launch “Check for Updates”
    1. It should error out and say “We couldn’t connect to the update service.”

To reverse the changes, just go back into the two policies and set them to “Not Configured” and then reboot.

Leave a Reply

Your email address will not be published. Required fields are marked *