Windows updates keep changing settings

Question

Hello,

When Windows 11 updates are performed, it's reverting changes I made in the local group policy editor. I have a network share that doesn't require a user/pass to connect to it. I changed the option in Computer Configuration -> Administrative Templates -> Network -> Lanman Workstation -> Enable insecure guest logons to enabled. This setting allows me to connect to the network share. When updates are performed, this setting is reverted back to disabled. This breaks applications that require access to this share. How can I get Windows updates to stop reverting changes?

*** Moved from Windows / Windows 11 / Windows update ***

Answer 1

Hello,

Thank you for reaching out,This issue arises because Windows updates can override local group policy settings, especially when the changes are applied at a higher policy level, such as via Windows Update or Group Policy updates pushed by the domain (if you're in an enterprise environment).

Here are a few potential solutions to prevent Windows updates from reverting your changes:

1. Use Group Policy Editor (GPE) with an Administrative Template

You can make your changes permanent by enforcing them through Group Policy. Even though local Group Policy can be reset, applying it via an administrative template that syncs through the domain or computer configuration should ensure it's not reset.

Open gpedit.msc (Local Group Policy Editor).

Go to:
Computer Configuration > Administrative Templates > Network > Lanman Workstation
Enable the Enable insecure guest logons setting.

This change can still be overridden by Windows updates, so follow the next steps for additional protection.

2. Prevent Automatic Group Policy Updates

Sometimes updates to group policies (especially those tied to the registry or security updates) can overwrite changes. To ensure your settings stick:

1. Press Win + R, type regedit, and press Enter.
2. Navigate to:
   HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections
3. Right-click and create a new DWORD (32-bit) value:
   Name it NC_AllowInsecureGuestAuth and set its value to 1.

This registry entry should persist even after an update. Ensure you back up the registry first in case you need to restore it.

3. Create a Scheduled Task to Reapply the Settings Post-Update

In some cases, updates may reset certain configurations, but you can reapply them automatically using a scheduled task.

1. Open Task Scheduler (press Win + R and type taskschd.msc).
2. Create a New Task that runs a script (like a batch file or PowerShell script) after each update.
   The script should re-enable the insecure guest logons setting.

For example, your PowerShell script might look like this:

Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Network Connections" -Name "NC_AllowInsecureGuestAuth" -Value 1

Set the task to trigger after every update, or based on a specific trigger related to the system restart after an update.

4. Disable the Update That Resets the Policy

If you identify a specific update that is causing the settings to reset, you could hide or block that update using the Show or Hide Updates tool. This tool allows you to prevent certain updates from reinstalling automatically.

1. Download and run the Show or Hide Updates tool.
2. Use it to hide the update responsible for reverting the policy changes.

5. Registry Tweaks to Disable Updates for Certain Settings

If none of the above methods work, as a last resort, you could set up registry keys to block automatic configuration or overriding of certain settings through the update process. However, this should be done cautiously and after thorough testing.