This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 7.000000000000001%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
I'm running Server 2019 and do not see the option in GPO editor to push the option to stay on a specific version to the client machines.
I checked User and Computer Configuration > Policies > Admin Templates > Windows Components > Windows Update (and WU for Business) and don't see the option that's referenced on so many sites. How do I get it updated to enable an option to stop people from upgrading to Windows 11?
It doesn't make sense to login to 30 machines to manually change the registry. We have a domain with 3 DC's, 2 DFS servers, 2 RDP boxes, and multiple various other servers and workstations. What would I need to change?
Thank you for your help.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 24%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOK%3C/text%3E%3C/svg%3E)
Did you update the administrative templates .admx files on your domain controller? If they are old you won't get all new options, and they have to be updated manually according to attached instructions.
Hello,
Yes I've updated the admx templates to Windows 10 version 21H2 and do not see this option. I was able to use the RSAT GPO tool on my Windows 11 machine (after editing a registry key) to change things up.
Thank you for your assistance.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 92%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
I'm having the same issue, but on Server 2016. I've updated the ADMX files with Administrative Templates for Windows 10 November 2021 Update and copied the files into the SYSVOL. We don't use Windows Updates for Business or WSUS. This is the only option showing under Windows Updates:
Any other options?
Yes, use the RSAT tool on a Win11 box to edit GPO. I put a guide in one of these comments. Let me know how it works out
I don't have a Windows 11 box.
Hmm, alright. So you've followed the advice of? If you don't have a Win11 box to edit GPO with RSAT, I don't know how else to do it. :(
AJTek-Adam-J-Marshall answered • Feb 04 2022 at 8:20 AM | ChrisChew-7797 published • Feb 07 2022 at 8:22 PM Expert AnswerCommunity Expert
You don't need to do all of what Gabriel did. Simply load the Windows 11 GPO ADMX Templates into your central store and you'll have the options.
See the bottom section titled appropriately on:
Fixed it. I copied all the ADMX and ADML files from a Server 2019 and now have the options I was missing.
Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Windows Update\Manage updates offered from Windows Updates
Set to Enabled and add one of the following values (ex. 21H2)
--please don't forget to upvote and Accept as answer if the reply is helpful--
This option is NOT available in Windows Server 2019. Hence why I wrote what I wrote.
I figured it out!
So, edit the registry on your Windows 11 machine. Install the Windows RSAT tools for Group Policy Management. Launch regedit and create a new Key and then DWORD value: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy, EnableLocalStoreOverride = 1, reboot.
Launch Group Policy Management, edit the Default Domain policy or the one you've created just for this. Navigate to Computer Configuration > Policies > Admin Templates > Windows Components > Windows Update > Manage updates offered from Windows Update. Double click "Select the target Feature Update version", set to enabled, put "Windows 10" in the first box and "21H2" in the second.
Note, later in the year you might need to change from 21H2 to the newer Windows 10 release when those updates are being rolled out.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 35%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Hi Gabriel,
This explanation is a bit confusing. Are you creating the registry key on your local windows machine? How are you getting the option on your DCs? I am running into the same issue that even updating the ADMX files on the DC, it is not giving me the option in the default domain policy to select feature update and version.
Thanks for the help in advance.
You don't need to do all of what Gabriel did. Simply load the Windows 11 GPO ADMX Templates into your central store and you'll have the options.
See the bottom section titled appropriately on:
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 28.999999999999996%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi AJTeck-Adam
I have loaded the latest template, but i still do not see the option
Administrative Templates (.admx) for Windows 10 November 2021 Update (21H2)
He said to try the Windows 11 template to load.
Otherwise, try my way. Whichever way works should be fine. More than one way to skin a cat. :)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 21%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECC%3C/text%3E%3C/svg%3E)
Are you sure you copied the Win 10 admx templates to the correct location ? I downloaded the exact one you got and chucked it into the Central store. The option appears for me :D
Where are you looking?
--please don't forget to upvote and Accept as answer if the reply is helpful--
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--
Hello,
I had to change GPO with an RSAT tool from my Win11 machine to do it. The server 2019 didn't have the mentioned items in GPO.
Ok, well check the screenshots above Default domain controller policy (on a 2019 domain controller)
--please don't forget to upvote and Accept as answer if the reply is helpful--
Hi DSPatrick,
I am running server 2016 and do not see these options. Do you have any instructions for Server 2016?
Thank you
Do you have a Windows 11 machine? Here's what I ended up doing:
So, edit the registry on your Windows 11 machine. Install the Windows RSAT tools for Group Policy Management. Launch regedit and create a new Key and then DWORD value: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy, EnableLocalStoreOverride = 1, reboot.
Launch Group Policy Management, edit the Default Domain policy or the one you've created just for this. Navigate to Computer Configuration > Policies > Admin Templates > Windows Components > Windows Update > Manage updates offered from Windows Update. Double click "Select the target Feature Update version", set to enabled, put "Windows 10" in the first box and "21H2" in the second.
Note, later in the year you might need to change from 21H2 to the newer Windows 10 release when those updates are being rolled out.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 64%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Thank you for the described steps and screen shots above. But at first this still did not work for a DC in Windows Server 2019.
I downloaded the admx for both Win10 and Win11 to Windows Server 2019
I ran the MSI.
It extracted/placed the files into C:\Program Files (x86)\Microsoft Group Policy\ under a folder with the policy name
I copied those files and folders to a new folder in central store under \PolicyDefinitions-Win1021h1
(and also to a new folder \PolicyDefinitions-Win11-21h1 for that set)
I run gpupdate /force
I open Group Policy Manager
I edit the Default Domain Policy object.
I browse down to Computer Configuration > Policies > Admin Templates > Windows Components > Windows Update >Windows Update for Business
There was NO entry "Select the target feature update version" under that key.
The admx files have to be copied into the existing "PolicyDefinitions" folder, over-writing whatever previous ones you have in there (back them up first!). And do it by selecting the files, and copy/paste. Do not over-write the entire folder (such as en-us) because you could be wiping out files you need - not every admx update contains all the same files. It may have 212, but your en-us folder might have 221. Those other 10 extra files you have may still be very important to you, so don't destroy them by just overwriting the folder itself. Same thing for the base folder of PolicyDefinitions - copy/paste the files. You likely have other ones in there you do not want to lose.. so don't rename/delete the PolicyDefinitions folder itself.
Then run gpupdate and then open the GP editor and the setting should appear.
But this approach by Microsoft is still stupid. It should not be so broken, and should not require such extra manual processes. This should be delivered to servers as an automatic update that provides a one-click setting to push into GPO's to disable access for end users to run major version upgrades. Sys Admins need time to test, test, and test again before such major things can roll out. To just give it to all end users in corporate networks by default is outrageously dangerous.