Hi,
I have problem to configure properly OS Win10 or Win 11 for permanently block from updating OS version. I have few platforms where need to stay at Windows build version (with UBR) same when installed e.g. for Windows 11 22000.194. I already set some group policies on FirstLogonCommands like:
For Windows Update
- Set Configure Automatic Updates to "disabled"
- Set Remove access to use all Windows Update features to "enabled"
For Windows Store
- Set Turn off Automatic Download of updates on Win8 machines to "enabled"
- Set Turn off Automatic Download and Install of updates to "enabled"
- Set Turn off the offer to update to the latest version of Windows to "enabled"
and its working fine until... start updating applications using Microsoft Store. In my case i need to stay on installed OS version and update few applications in Windows but when start updating then randomly OS updating to newest security update (22000.556). I found and tried to block MS update DNS in hosts file using:
0.0.0.0 *.download.windowsupdate.com
0.0.0.0 *.microsoft.com
0.0.0.0 *.update.microsoft.com
0.0.0.0 *.windowsupdate.com
0.0.0.0 *.windowsupdate.microsoft.com
0.0.0.0 download.microsoft.com
0.0.0.0 download.windowsupdate.com
0.0.0.0 ntservicepack.microsoft.com
0.0.0.0 test.stats.update.microsoft.com
0.0.0.0 windowsupdate.microsoft.com
0.0.0.0 wustat.windows.com
Ofc i set Windows Security to exclude folder C:\Windows\System32\drivers\etc from scanning due when changing hosts file Defender instantly block operation.
but also does not blocking OS from updating :(
Is there any other option to permamently block OS from updates? I need to have on installed OS image equals version every time independent of app updates. If any app require newer OS version then i will prefer if application does not update instead updating Windows without my action.