Jump to content

How to block automatic updates in the next version of Windows 10


Karlston

Recommended Posts

Pro and Enterprise versions of Windows 10 Creators Update will finally get built-in tools to stall forced updates

How to block automatic updates in the next version of Windows 10 Credit: Reuters/Tim Wimborne

 

Forced updating has rated as the No. 1 complaint about Windows 10 for almost two years. Now we’re going to see some significant improvements. Windows 10 Creators Update, due next month, will include the ability to temporarily block forced updates—but only for a subset of Win10 customers.

 

We don’t know exactly what the interface will look like, but answers released yesterday by Microsoft show in broad strokes what update blocking options will be available and how they’ll work. The functions will be coming next month, in version 1703 of Windows 10.

 

Let’s start with the basics.

 

Windows 10 computers attached to a managed network get their updates through the network. If your Win10 PC is on a network that runs WSUS, SCCM, or another update server, the network admin gets to decide which updates get applied and when.

 

Windows 10 Home computers, by design, will not be able to control updates using these new settings. That’s intentional–Microsoft uses the Win10 Home installed base to test new versions before they’re deemed ready for businesses.

 

The settings discussed here apply only to Windows 10 Pro, Enterprise, and Education systems that aren’t attached to managed networks.

 

Microsoft releases three different kinds of Windows 10 updates:

 

1. Version changes. Microsoft is turning out new updates roughly every eight months. To date, we’ve seen three versions of Win10: 1507, the original RTM version; 1511, the Fall Update; and 1607, the Anniversary Update. It looks like we’ll be getting a fourth version—1703, the Creators Update—late this month or early next month. 

 

2. Cumulative updates. Each version gets its own cumulative updates. The pace slows down as the version gets older, starting with about one cumulative update every week and gradually slowing to once a month. Some months, like last month, don’t get any cumulative updates at all.

 

3. Miscellaneous patches. It’s hard to predict when these will appear and what they’ll cover. For example, in January, we had two hotfix patches, 14393.577 and 14393.729, that were issued and documented but not rolled out automatically. Various Win10 customers get driver updates automatically, particularly firmware and driver updates for Surface Books and Surface Pros. Last month we saw an ad-hoc patch for IE11 and Edge. There are .Net patches almost every month, and the obligatory monthly version of the Malicious Software Removal Tool (MSRT). Windows Defender (antivirus signature) updates appear once or twice a day. It’s a very mixed bag.

 

Your mission, should you choose to accept it, is to apply those updates to your system(s) at your own pace, instead of in lockstep with Microsoft’s agenda.

 

Starting with version 1703, the Creators Update, Win10 Pro, Enterprise, and Education users will have two new group policies.

 

The Feature Update policy that appears in the latest beta test version of 1703, build 15046 (screenshot), can be found by typing gpedit in the Cortana Search box, pressing Enter, navigating to Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates, and clicking on the entry Select when Feature Updates are received.

 

feature update policyInfoWorld

 

Similarly, the Quality Updates policy available in the latest beta build 15046 (screenshot) can be found by typing gpedit in the Cortana Search box, pressing Enter, navigating to Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates, and clicking on the entry Select when Quality Updates are received.

 

quality update policyInfoWorld

 

If you’re confused by the “Feature” vs “Quality” terminology, and can’t make heads or tails of the descriptions, hold your horses: I’ll get to those.

 

There’s another interface (which I talked about earlier this week) that appears if you monkey around with the build 15046 Settings app. We don’t know if this hidden Settings panel will appear in the final, shipping version of version 1703 Creators Update, but if it does, the group policy mumbo-jumbo will be much more accessible.

 

windows update delay expandedInfoWorld

 

Even if that hidden Settings panel doesn’t show up in the final version of Win10 Creators Update, Win10 Pro and Enterprise users will be able to make more or less the same choices, albeit in a much less friendly way, using the group policies.

 

Here’s what you need to know about the terminology in the group policies and in the hidden Settings panel:

  • A feature update is Microsoft’s way of saying a version change.
  • Quality Updates aren’t so straightforward. They certainly include cumulative updates, driver updates, “bug fixes, etc.” (per Microsoft’s statement), but may or may not include hotfixes, Flash updates (like we just saw with IE and Edge), .Net patches, new versions of MSRT, and heaven-only-knows what may appear in the future. My guess is that Microsoft’s being intentionally vague; at this point, we don’t know exactly what will fall into the Quality Update bucket.

With that understanding, here’s what we know about the roles of the various settings:

  • Pause updates takes precedence over all other settings. If you have Pause turned on (either for Feature updates or Quality updates, in the policies, or overall in the hidden Settings panel), Windows stops all updates but Windows Defender updates.

When you set the slider in the hidden Settings panel to “On,” Windows Update adds 35 days to the current date and pauses all updates (Feature and Quality) until that date is reached. The individual group policy entries behave differently, with Feature updates limited in the group policy box to 60 days and Quality updates limited to 35 days.

Microsoft is very careful to mention that you can’t reset the Pause Update setting. If you try to turn it off and turn it back on again, “this device will need to get the latest updates before it can be paused again.” There’s no analogous warning in the group policy boxes, but it’s safe to assume the same rules apply as in the hidden Settings panel.

  • When a new Win10 version is released every eight months or so, Windows Update looks at the branch-readiness box to see if you’re set for Current Branch. If Current Branch is selected, and updates haven’t been paused, Windows Update looks at the deferral countdown box (which goes up to 365), and waits the specified number of days before installing the new version.
  • When a Win10 version is declared as the “Current Branch for Business” (typically four or so months after it’s initial release), Windows Update looks at the branch-readiness box to see if Current Branch for Business is selected. If so, and updates haven’t been paused, Windows Update looks at the deferral countdown box and waits the specified number of days before installing the new version.
  • When a cumulative update appears, Windows Update looks to see if updates have been paused. If so, the cumulative update isn’t applied until the expiration date (up to 35 days) has been passed. If updates haven’t been paused, Windows Update looks at the deferral countdown box, which maxes out at 30. When the deferral countdown hits zero, the cumulative update is applied.
  • When other patches appear, it’s hard to predict what will happen. Microsoft says that “security updates, driver updates, bug fixes, etc” will be treated the same way as cumulative updates—check whether updates have been paused, then look at the deferral countdown box. Windows Defender updates always go straight through, but as for the others—hotfixes, unexpected Flash updates, maybe Servicing stack updates—I guess we’ll have to wait and see.

Microsoft has added an additional safety net to the update routines, to make it easier to say “Now wait just a gosh durn minute” before updates take over your system for a few minutes—or a few hours. With the Creators Update, Microsoft says it will implement a new dialog that’ll kick in just before an update is applied (screenshot).

 

weve got an update for youInfoWorld

 

If you click Snooze, the “update process is paused completely for three days.” As best I can tell, this safety net operates independently of the other update delays mentioned in this article.

 

That’s how things work—or at least how they’re supposed to work—in version 1703, the Creators Update. Of course, version 1703 is still in beta, so the final product may include any or all of these settings. Most importantly, Microsoft hasn’t told us if it’ll unfurl the hidden Settings panel.

 

There are lots of niggling questions that likely won’t get answered until we have the shipping product. For example:

  • If you have Pause Update checked, is the deferral countdown box decremented while the pause is in effect?
  • Which patches are “Quality updates”?
  • Why the 35-day limit on Pause Quality updates? In general, cumulative updates appear every month on Patch Tuesday. If you Pause Quality updates, and a second cumulative update drops before the Pause expires, will you get the previous month’s Quality updates or the current month’s?
  • What happens if you change one of the settings mid-stream, e.g., if you switch off Pause Updates, but still have the Quality update deferral countdown going?

But the basic method now seems to be in place.

 

Many Windows 10 users don’t want to bother with all of this stuff. It’s easy to ignore, and fortunately, we haven’t yet seen widespread damage from a bad Win10 cumulative update. (You can judge for yourself if version changes are disruptive or not.) If Microsoft continues to distribute high quality cumulative updates, we’ll all be able to breathe easier. But the cynics in the crowd – I’ll raise my hand here – should feel good that they’re going to get some Microsoft-supplied ammo to fend off bad updates.

 

Meanwhile, if you’re running Win10 Home, you’re still out of luck.

 

I want to thank the folks at Microsoft and their PR agency, WE (formerly Wag-Ed) for detailed answers to some pretty pointed questions. I’ve been dealing with Wag-Ed for almost 30 years, and the response for this issue has been among the best.

 

Discussion continues on the AskWoody Lounge.

 

Source: How to block automatic updates in the next version of Windows 10 (InfoWorld - Woody Leonhard)

Link to comment
Share on other sites


  • Replies 5
  • Views 1.1k
  • Created
  • Last Reply

Microsoft are bad for removing stuff in the pro version..  if we learned anything  from the past to try too push enterprise on business  any thing that can be locked down in enterprise can be locked down in home version with 3rd party apps i have a few  apps i can use for this or through a simple registry hack that many devs release 3rd party tools with a gui .

 

Ive had windows updates turned off for ages now in Redstone 1  with my firewall  so forced updates on any version of windows 10 is a noob problem . Just like forced updates on Windows 8, 7 , Vista and XP was a noob problem 10 times over they was easy to turn off and if you look back in the archives  here people were complaining about forced updates that no one knew what was in Win XP  and Vista  before windows 7 was released even.

 

Now days people worry about  Microsoft may send you a botched update or some spyware in a update in the old days this site was mostly just pirates and everyone was worried about Microsoft was going send you a update that was a exploit to kill windows activation.  :)

Link to comment
Share on other sites


50 minutes ago, steven36 said:

Now days people worry about  Microsoft may send you a botched update or some spyware in a update

The one of the major reasons for slow adoption of 10 is this !!

Link to comment
Share on other sites


27 minutes ago, IronY-Man said:

The one of the major reasons for slow adoption of 10 is this !!

It started happening back before Windows 10  was released I had to remove updates from Windows 7 PCs and Windows 8.1 PCs bad updates in 2014 ..Windows 8.1 never had hardly no adoption ever ! Even Windows 7 had slower adoption than windows 10 is having so were do you get this? If it were not for privacy issues  and windows 10 not being a free upgrade for business Windows 10 would of been killing Windows 7 by now lol. Microsoft really dont have nothing to  lose as long as they have 1.5 billion of you stuck on windows.. It's not windows 10 is having slow adoption its  just not moving fast enough for Microsoft  but  compared to other Windows OS it had the fastest  adoption ever .

Link to comment
Share on other sites


In order to use either of these policies you have to allow telemetry.  The last item in both boxes states if 'allow telemetry is set to 0, this policy will have no effect'.  Microsoft is laughing its butt off at all the idiots who think they are getting away with something and they aren't because Microsoft wins either way.  Face it, if you run Windows 10, Microsoft owns you.

Link to comment
Share on other sites


36 minutes ago, straycat19 said:

In order to use either of these policies you have to allow telemetry.  The last item in both boxes states if 'allow telemetry is set to 0, this policy will have no effect'.  Microsoft is laughing its butt off at all the idiots who think they are getting away with something and they aren't because Microsoft wins either way.  Face it, if you run Windows 10, Microsoft owns you.

LOL that's why ill just keep blocked with my Firewall  Microsoft may laugh at sysadmins like you who depend on group policy but Ive never deepened on it for nothing  because to set pcs up in peoples homes you have too learn how to work with what they have.  Learn to think outside of Microsoft's tool box for a change

 

. They got sysadmins hooked on a set of tools  i dont blame them for taking advantage of people who use it. its nothing Google dont do.. Millions use Google everyday and there sucking up everyone's data. When Cloudflare had that breach Google ended up with most of that data. .Data = big money if you're not  smart enough to get around it try to talk you're company into to switching to Linux in 2020 when Windows 7 runs out of updates .

 

The clock is ticking away  and just like when windows xp ran out of updates and no one bought vista  most of you  will wait to the last minute .

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...