WSUS GPO - Disable WU Internet Locations also disable Windows Store App Installs

Bruno Ramos de Matos 21 Reputation points
2021-06-29T11:28:08.147+00:00

Hi Everyone,

Many thanks in advance!

In the company I work for, we have a GPO for WSUS where I have configured the preference setting "Do not connect to any Windows Update Internet locations" in order to avoid users from accidentally clicking the button to check for updates from internet. However, we can see this preference is also interfering with Windows Store App installs/Updates.

I am wondering if anyone has come across this before, and would be able to provide some guidance on how to proceed in order to block Windows Updates connection to Internet Locations while still allowing the Windows Store to continue to operate normally for app installs and updates.

Is there anyway that we can block updates from internet for enforcing WSUS while still keeping the Windows Store fully functional (Online App Install & Updates)?
110282-image-3.png
Kind Regs,
Bruno

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
8,765 questions
Accepted answer
  1. Rita Hu -MSFT 9,426 Reputation points
    2021-06-30T01:23:19.293+00:00

    @Bruno Ramos de Matos
    Thanks for your posting on Q&A.

    Please consider enabling the below policy to prevent the clients from checking for updates from the Internet:
    110471-6.png

    Hope the above will be helpful.

    Regards,
    Rita

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Adam J. Marshall 5,836 Reputation points MVP
    2021-06-29T12:14:23.163+00:00

    Set the policy " Do not connect to any Windows Update Internet locations " back to Not Configured

    If you're trying to prevent users from possibly clicking the "Check for Updates" link, hide the Settings panel for Windows Update instead.

    https://learn.microsoft.com/en-us/troubleshoot/windows-client/group-policy/use-settings-app-group-policy

    windowsupdate-action or windowsupdate (depending on what you want to hide)

    https://www.howtogeek.com/308489/how-to-hide-pages-from-windows-10s-settings-app/

  2. Bruno Ramos de Matos 21 Reputation points
    2021-06-30T09:26:09.247+00:00

    @Adam J. Marshall , @Rita Hu -MSFT ,

    ​We still want to allow for the ​option to "Check for Updates" to be visible. However, we want to block/hide the other button that says "Check online for updates from Microsoft Update".

    An option to block Windows Update from accessing Internet locations is acceptable, but only where it does not remove the Windows Store Online functions, such as Install/Update Apps, etc.

    For reference, you can see the button we need to get rid off highlighted in the screenshot, below:
    110536-image4.png

    P.S.: We do have a patch orchestration system in house and our WSUS GPO has the following settings configured at the moment to allow for any approved patches to be automatically downloaded to the computers, then the patch orchestration system would get to install those at specified maintenance windows. Please, see our current WSUS GPO settings, below:
    110593-image5.jpg