Disable windows update in windows 10 pro x64 1909

pazzoide76 301

Hello,
I would like to know if it is possible to disable windows update on a windows 10 x64 1909.
I have to disable it as these machines go into a sandbox to identify any malware and don't need to be updated.
Is it enough to create the following gpo?

Open Start.
Search for gpedit.msc and click the top result to launch the Local Group Policy Editor.
Navigate to the following path:

Computer Configuration> Administrative Templates> Windows Components> Windows Update

Double-click the Configure Automatic Updates policy on the right side.

Windows Update group policy settings
Source: Windows Central

Check the Disabled option to turn off the policy and disable automatic updates permanently.

Group Policy disable Windows Update
Source: Windows Central

Click the Apply button.
Click the OK button.

Thank you

Greeting

Reza-Ameri 17,341 Reputation points Volunteer Moderator

2021-02-23T16:47:51.103+00:00

I am wondering why you want to disable it?
You could manage update and delay them.
However, turn off Windows Update would put your system at risk.
Jonathan 1 Reputation point

2022-06-15T17:05:42.03+00:00

"You could manage update and delay them"
This requires remembering yet another schedule and TODO item. The purpose of computers and software (that I pay thousands for) is to automate as many tasks as possible, allowing me to concentrate on more important tasks, not to give me a 5th job or 1000'th task to do, that I don't get paid for. Security is important you say? That's why I pay thousands for software developers (such as myself), to create and implement systems that run transparently with as little interruption or user attention as possible.

"turn off Windows Update would put your system at risk."
Forced reboots and killing running processes [1] that are required to perform necessary work/school assignments put my job, grade, and future at risk, not to mention hurting microsoft's reputation and profits.
From my perspective, a forced reboot to patch a security issue is equivalent to a system crash that destroys AT LEAST hours of work.
This is a DEAL BREAKER. There MUST be a CLEAR, EASY way to permanently disable forced reboots and stop this virus-like behavior.
Trust me, this will not last long, and there will be a court case (if there hasn't already) that forces Microsoft to change this idiotic policy.

[1] For example, https://www.lammps.org/ that must run uninterrupted for days if necessary.

Accepted answer

AliceYang-MSFT 2,106 Reputation points

2021-02-25T07:52:22.803+00:00

Hi,

I haven't noticed this before. I have disabled Windows Update service and will come back if it turns itself on.

By disabling the mentioned group policy, security updates and other important downloads won't be downloaded automatically. The definitions of windows defender is a special kind of Windows update. For more information, please see Description of the standard terminology that is used to describe Microsoft software updates.

Definition update
A widely released and frequent software update that contains additions to a product's definition database. Definition databases are often used to detect objects that have specific attributes, such as malicious code, phishing websites, or junk mail.

Maybe it's not included in "other important downloads" or is too important to be disabled.

Even in Windows Update for Business, we cannot disable Windows update permanently. There is a Maximum deferral period for updates.

----------

If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

6 additional answers

Brian Wengel 31 Reputation points

2022-02-05T10:57:53.177+00:00

Maybe changing the service-account will prevent it from auto-enable:
Time will tell :-/
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Brian Wengel 31 Reputation points

2022-02-07T06:52:38.547+00:00

Okay, next day it was enabled again :-(
I even changed the command-line for the service! It seems it's getting completely recreated.
For now I have managed to prevent updates by using the firewall-whitelistning-approach, i.e. block everything and only whitelist what your need.

Another way is to disable the service and then disable "UpdateOrchestrator" and "WindowsUpdate" schedule tasks (located in Microsoft/Windows/UpdateOrchestrator). I assume this is the one that restore the Windows update service. As I recall I had to disable the task directly on the filesystem and in registry, something like::

Give yourself access-permissions to the related files/folders:
takeown /f "C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator" /A
takeown /f "C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" /A

And then delte, rename or zip the folders

Related registry keys:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\Taskcache\Tasks
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{641AADC0-14E9-4280-9F18-ADB2461E1E1D}
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Schedule Scan
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Disable windows update in windows 10 pro x64 1909

6 additional answers

Your answer