0

I need to disable windows updates for the machines, but I still need to be able to control them.

We use a system called BatchPatch and it allows us to manage the windows updates, just can't seem to find a way to disable the auto updates on the machines without doing below:

Turn off access to all Windows Update features in Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings

Which is not what we need as this stops BatchPatch from being able to see what updates are available for each machine.

Hope this makes sense (not my best question)

Machines are W10 Pro

will try to update/reword when I can.

Improve this question
1
  • You cannot disable security and feature updates on Windows 10 Professional even if you configure them for manual install if you go past the deferment date they will be installed. You want to use WSUS to get around that issue
    – Ramhound
    Commented Nov 9, 2017 at 12:10

1 Answer 1

Reset to default
3

You just need to set the Windows Update GPO to manual install.

In the Group Policy Editor, go to: Computer Configuration -> Administrative Templates -> Windows Components -> Windows Updates -> Configure Automatic Updates.

Set this to Disabled. This will disable the automatic install of Windows updates, but does not prevent people from manually configuring them through the Windows Update applet.

Improve this answer
2
  • Hey @LPChip chance you know how to disable the manual control for users in W10 can't see a way, MS keeps saying it's by design but there must be a GPO that we can send right!? Thanks for the answer will mark as accepted regardless. Just seeing if I can get the cherry on top :)
    – Lelantos
    Commented Nov 9, 2017 at 11:17
  • You can only set it to automated installs, or manual installs. When you set it to automated installs (you enable the above mentioned policy) the users can no longer change the setting. But if you disable the windows update service, the only thing BatchPatch has to do, is activate the service prior to using it and then disable the service again. If you do that, a user can attempt to install an update themselves, but get a failure message. BatchPatch seems to have support for remote start and stop of services.
    – LPChip
    Commented Nov 9, 2017 at 11:47

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .