This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 7.000000000000001%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
I'm running Server 2019 and do not see the option in GPO editor to push the option to stay on a specific version to the client machines.
I checked User and Computer Configuration > Policies > Admin Templates > Windows Components > Windows Update (and WU for Business) and don't see the option that's referenced on so many sites. How do I get it updated to enable an option to stop people from upgrading to Windows 11?
It doesn't make sense to login to 30 machines to manually change the registry. We have a domain with 3 DC's, 2 DFS servers, 2 RDP boxes, and multiple various other servers and workstations. What would I need to change?
Thank you for your help.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 24%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOK%3C/text%3E%3C/svg%3E)
Did you update the administrative templates .admx files on your domain controller? If they are old you won't get all new options, and they have to be updated manually according to attached instructions.
Hello,
Yes I've updated the admx templates to Windows 10 version 21H2 and do not see this option. I was able to use the RSAT GPO tool on my Windows 11 machine (after editing a registry key) to change things up.
Thank you for your assistance.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 92%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
I'm having the same issue, but on Server 2016. I've updated the ADMX files with Administrative Templates for Windows 10 November 2021 Update and copied the files into the SYSVOL. We don't use Windows Updates for Business or WSUS. This is the only option showing under Windows Updates:
Any other options?
Yes, use the RSAT tool on a Win11 box to edit GPO. I put a guide in one of these comments. Let me know how it works out
I don't have a Windows 11 box.
Hmm, alright. So you've followed the advice of? If you don't have a Win11 box to edit GPO with RSAT, I don't know how else to do it. :(
AJTek-Adam-J-Marshall answered • Feb 04 2022 at 8:20 AM | ChrisChew-7797 published • Feb 07 2022 at 8:22 PM Expert AnswerCommunity Expert
You don't need to do all of what Gabriel did. Simply load the Windows 11 GPO ADMX Templates into your central store and you'll have the options.
See the bottom section titled appropriately on:
Fixed it. I copied all the ADMX and ADML files from a Server 2019 and now have the options I was missing.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Windows Update\Manage updates offered from Windows Updates
Set to Enabled and add one of the following values (ex. 21H2)
--please don't forget to upvote and Accept as answer if the reply is helpful--
This option is NOT available in Windows Server 2019. Hence why I wrote what I wrote.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 63%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Edit: I did figure it out by searching elsewhere, but it still didn't work. I got all kinds of errors trying to copy files into the c:\windows\policy definitions folder, so I'm sure some of the files weren't copied over. I totally agree with you. This is a MAJOR cluster and I can't believe this is so complicated. The rest of my clients have Windows 2019 server, and the option is just there in the GPO. That it isn't included in 2016 is beyond me.
What does you mean by the admx have to be copied to the existing Policy Definitions folder? What policy definitions folder? Where is that located?
I have a Windows 2016 server that is doing the same thing. I followed your instructions but am stuck at this point.
Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 1%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJH%3C/text%3E%3C/svg%3E)
Were you able to figure this out?
This is the path:
C:\Windows\SYSVOL\sysvol\YOURDOMAIN.LOCAL\Policies\PolicyDefinitions
You need to download the latest ADMX template files from Microsoft and install them on your domain controller. You should also have set up a central store so that the policy definitions folder is replicated to all DCs.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 44%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMH%3C/text%3E%3C/svg%3E)
But the real question is:
Why is (per default) a simple Domain User able to install a new OS when he does not even have the rights to modify a simple .txt File in ProgramFiles Folder?