In Windows 10 1607 (Anniversary Update), the Windows Update setting no longer offers a drop down menu to disable updates. However, you can still turn off Automatic Updates with Group Policy. New is a feature that allows you to configure Active hours and Restart options.
Profile gravatar of Michael Pietroforte

Michael Pietroforte

Michael Pietroforte is the founder and editor of 4sysops. He is a Microsoft Most Valuable Professional (MVP) with more than 30 years of experience in IT management and system administration.
Profile gravatar of Michael Pietroforte

In Windows 10 1511 (November Update), you could set Windows Update to "Automatic" or to "Notify to schedule restart" under the Advanced options of the Windows Update settings.

Advanced options in Windows 10 1511

Advanced options in Windows 10 1511

Although I could not find an official statement, it appears that these options have disappeared in Windows 10 1607. The Advanced options no longer offer a drop down menu for changing the Automatic Updates setting:

Advanced options in Windows 10 1607

Advanced options in Windows 10 1607

The reason probably is the new Active hours feature (see below). However, the missing drop down menu can cause confusion when you configure Windows Update via Group Policy.

Disable Automatic Updates ^

The Group Policy Configure Automatic Updates (Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update) has all the options of previous Windows versions: Notify for download and notify for install, Auto download and notify for install, and Auto download and schedule the install. The option, Never check for updates (not recommended), of previous Windows versions, can be configured by disabling the policy.

Note: You can also configure these Windows Update settings with a little PowerShell script that I wrote.

Configure Automatic Updates policy

Configure Automatic Updates policy

If you configured one of the policies in Windows 10 1511, the Windows Update settings would inform the end user that "some settings are managed by your organization."

"Some settings are managed by your organization" in Windows 10 1511

"Some settings are managed by your organization" in Windows 10 1511

In the Advanced options of the Windows Update settings, the user could then see what settings the administrator has configured via Group Policy, but would then be unable to change the configuration.

End user cant change Windows Update settings in Windows 10 1511

End user cant change Windows Update settings in Windows 10 1511

If you apply any of the policies to Windows 10 1607, the Windows Updates settings don't show any information about the configuration. However, based on my tests, the Anniversary Update still supports these policies.

When I gave my test machine access to the internet, without enabling any update policy , Windows Update always began by downloading new updates after a couple of minutes. The Windows Update settings usually displays the updates that are currently downloaded.

However, when I disabled the Automatic Updates via Group Policy, no downloads were shown. With the help of the networking monitoring tool, I could see that Windows downloaded a couple of megabytes from Windows Update, but then stopped. Even after several hours, no new updates appeared in the Update History.

I also tried the setting Notify for download and notify for install in Windows 10 1607, and it worked as expected. When new updates are available, the user will receive a systray message.

Systray message "You need some updates"

Systray message "You need some updates"

And if the user missed the message, the Action Center keeps a record.

"You need some updates" in the Action Center

"You need some updates" in the Action Center

A click on the message, will bring the user to the Windows Update settings where the updates can then be downloaded.

"Updates are available" in Windows Update settings

"Updates are available" in Windows Update settings

I didn't try the other Group Policy settings for Automatic Updates, but my guess is that they still work, even though the Update settings no longer show how admins have configured the computer.

Active hours ^

Although it is no longer possible to configure the behavior of Automatic Updates within the Windows 10 settings of the Anniversary Update, two new links are now visible: Change active hours and Restart options.

Change active hours and Restart options Windows 10 1607

Change active hours and Restart options Windows 10 1607

The Active hours option allows you to configure for the times when Windows won't restart because an update is due to be installed.

Active hours

Active hours

You can configure Active hours through Group Policy. Note that you can only see the new policy after you update the ADMX templates with the latest version for Windows 10 in the PolicyDefinitions folder on your Windows Server or in the Central Store.

Group Policy "Turn off auto restart for updates during active hours"

Group Policy "Turn off auto restart for updates during active hours"

If you apply this policy to a Windows 10 1607 machine, the corresponding configuration in the local settings app won't change. However, according to my tests, restarts will then be scheduled corresponding to the Group Policy, and the Active hours configuration in the Windows 10 settings will be ignored.

Restart options ^

The Restart options can only be configured when a restart is scheduled. In this case, the user will receive a corresponding systray message and the restart time can then be rescheduled.

Restart options and Restart required message

Restart options and Restart required message

Once a restart is scheduled, the Active hours link in the Windows settings will then disappear.

Active hours link disappears when a restart is scheduled

Active hours link disappears when a restart is scheduled

Wrap-up ^

The fact that the Group Policy configuration for Automatic Updates is no longer displayed in the Windows 10 1607 settings is confusing. However, the ability to centrally and locally configure Active hours, as a way of preventing unwanted restarts, is advantageous. I also appreciate being able to configure another restart time once the updates are downloaded.

Unwanted restarts were certainly the major annoyance of Windows Update. However, if bandwidth consumption is your concern, then you might consider working with metered connections. With the help of a little PowerShell script, you can switch an Ethernet connection between metered and not metered. I will cover this option in my next post.

Win the monthly 4sysops member prize for IT pros

Share
1+

Users who have LIKED this post:

  • avatar

Related Posts

65 Comments
  1. avatar
    Byron 11 months ago

    According to information from various sources, these group policy settings only work on the Enterprise and Education versions of the Anniversary Update. Windows 10 Pro now ignores them altogether and automatically download and install updates. You can only set the active hours to postpone the restart. The metered connection does still work though.

    1+

    • Profile gravatar of Michael Pietroforte Author
      Michael Pietroforte 11 months ago

      Can you please point to those source you are talking about? Because I tested mainly with Windows 10 Pro and the polices worked fine. I also tested an Enterprise edition and the Windows Update settings look just the same as in the Pro edition.

      0

    • avatar
      Jay777 7 months ago

      I have windows 10 pro and I can not keep it from downloading updates via a wireless connection. I have metered connection set and it does nothing.

      0

  2. avatar
    Appu 11 months ago

    Hi,

    I have some 1511 and some 1607 versions.
    The GPO options  "Configure auto update" (Auto Download and schedule the installation) & "No auto-restart with logged on users ...." are not working.

    When an update is available, the computer install them and reboot directly!!!!!

    Any ideo about this ?

    0

    • Profile gravatar of Michael Pietroforte Author
      Michael Pietroforte 11 months ago

      I tried your configuration "Auto Download and schedule the install" now on Windows 10 Pro 1607 and it more or less worked properly. The updates were downloaded, but not installed. The Action Center now shows a message that a restart is required. However, for some reason the restart didn't occur at the scheduled time even though I didn't touch the VM for some time.

      0

  3. avatar
    Oleg G. 11 months ago

    On my system, after the 1607 upgrade, the "Notify for download, notify for install" group policy setting appears to be working similarly to the previous version, preventing automatic installation and displaying the message "You have some updates" when new updates are available. I can only see two differences vis-à-vis the 1511 version: 1) no indication in the Settings window that a group policy configuration is active, and 2) when I click the "Check for Updates" button, it goes right ahead with downloading and installing the updates, instead of just displaying the list and waiting for the user to OK the installation.

    0

  4. avatar
    MrNycticorax 11 months ago

    Couldn't you simply disable the Windows Update service? Should work regardless of the Windows 10 version...

    1+

    • Profile gravatar of Michael Pietroforte Author
      Michael Pietroforte 11 months ago

      Yes, I sometimes also disable the Windows Update service. In virtual machines (regardless of the virtualization solution) the Windows Update services sometimes consumes all available CPU resources if you cut it off the internet at the wrong moment. If you have several Windows 10 VMs running, this can be quite annoying.

      However, the problem with disabling the Windows Update service is that breaks a few things. For instance, you will no longer be able to launch Windows apps. Sometimes the error message gives no hint that the disabled Windows Update service is the culprit. Thus, I now only disable the Windows Update service if it goes wild.

      0

  5. avatar
    Sandy 11 months ago

    Active hours and forced reboots are a terrible and insulting idea. Even though I had previously enabled the no auto-restart option in Windows 10 Pro, my system just installed a feature enhancement update and caused me to lose many hours of work (I was working in a VM which wasn't allowed to shutdown properly). Additionally, the update uninstalled/broke several of my programs, including ClassicShell. This update might force me to uninstall Windows 10 if this is the level of respect Microsoft is now showing towards it's users.

    5+

  6. avatar
    DB1 11 months ago

    What windows apps are you talking about being not being able to launch if update service is disabled?  The service shows that there are no dependencies.  I launched a couple windows apps with no problems . . . yet.

    Also a lot that I have read says that MS did this on purpose unless you have the enterprise or educational version of Win 10.

    Thanks!

    0

    • Profile gravatar of Michael Pietroforte Author
      Michael Pietroforte 11 months ago

      That's interesting. I tried it again now and I can also launch Windows apps with disabled Windows Update service. I definitely had this problem on all my Windows 10 VMs (6 different installations, Pro, Home, Enterprise, etc.). However, these were old builds. I thought it is a feature, but it seems it was a bug that Microsoft fixed now.

      But I was running regularly in other problems which I don't remember. Whenever something didn't work as expected, I enabled the Windows Update service and it worked. After a while I gave up and enabled the service again on all my VMs. I disabled the service now. Let's see if I run into trouble again.

      0

  7. avatar
    Milan 11 months ago

    We are having Windows 10 for over 9 months now in an global company.

    During this period of time we realized that Windows 10 is not fully manageable enterprise OS. Unfortunately, MS changes the effect of the settings configured by GPOs with almost every update. This is not a behaviour of a mature and reliable OS.

    I would not recommend Windows 10 to any company that needs to have a managed environment. Simply put - this OS is not for the enterprise, MS knows it and it seems that they do not care.

    Maybe this is the reason why IBM switched to Mac, and they say it is cheaper to manage Macs. After experiences with Windows 10 updates - I believe that is not far from truth.

    4+

    • Profile gravatar of Michael Pietroforte Author
      Michael Pietroforte 11 months ago

      The GPOs didn't really change that much. The changes mostly affect consumer PCs. And if you worry about these changes why not deploy Windows 10 Enterprise LTSB?

      1+

  8. avatar
    Carole 11 months ago

    I've just updated to 1607 and see the 'Defer Updates' option, which I've checked.  I live out in the sticks and have a JetPack with a data limit for my internet connection.  It is a 'metered connection' as charges do apply, buy MS has been downloading updates in the previous version of Win10 regardless.  I've had to pay overage charges and am not happy.  I'd like to decide when to download updates, i.e. when I have data available toward the end of my cycle, AND would like to know how big the download will be.

    Will the Defer Update option take care of that?  This is a home desktop PC.  I'm the only user.  Thanks for your help.

    0

    • Profile gravatar of Michael Pietroforte Author
      Michael Pietroforte 11 months ago

      "Defer updates" doesn't solve your problem because this only postpones updates that introduce new features. All other updates will be installed anyway. Easiest way for you is to set your connection to metered and then set it to not metered when you are ready to install updates. You can then click "Check for updates" in the Windows Update settings. Another option is to disable the Windows Update service. But you have to be careful with this. It might cause problems.

      0

  9. avatar
    Gilbert 11 months ago

    It's cold comfort to find that I'm not the only one to be steamrollered by MS's Anniversary Update - with no warning, and no user discretion about when to install.  I had a MS Word document open at the time the juggernaut rolled through and lost an hour or two of updates.  I thought I had been doing saves.  And no, the so called "recovery files" had nothing.  Now to add insult to injury, it appears that in the future we will have little, or no, choice about receiving updates.

    0

    • Profile gravatar of Michael Pietroforte Author
      Michael Pietroforte 11 months ago

      Of course, you have no choice because if you don't update Windows you put others at risk (for, instance if your computer is infected by a botnet). You also need to "update" your car for the same reasons (for instance, if your breaks have a problem). I always wonder why we don't have a law that forces users to update their computers.

      However, I do think that Microsoft should distinguish better between feature updates and security updates. And as explained in the article, you still can disable Windows Update.

      I also think that Windows needs a feature that prevents data losses as in your case. Funny thing, my Mac just crashed and after it restarted all my apps where in the same condition as before the crash. I also had an unsaved Word document and the text was still there.

      0

      • avatar
        Done 11 months ago

        I'm not my brother's keeper and it isn't my responsibility to ensure that you are safe or that your computer or data is safe. That Microsoft believes it owns my computing experience is indicative of the group think that permeates society; a flawed logic model that guarantees enslavement and does nothing to preserve individual freedom. I don't keep my brakes to spec for your safety, I do it for MINE. I could care less about yours.

        5+

  10. avatar
    Milan 11 months ago

    To answer your question Michael, some enterprises are still using WSUS or SCCM to manage which updates are going to be deployed, so LTSB does not have any influence on that.

    For enterprises the problem is that we are being forced to use Windows 10 (new hardware from vendors like Dell do not support older OSs), and Windows 10 is what they call OS as a service, which means updates for a new version of the OS will be provided several times per year.

    But the tools to manage these updates were not developed to match the speed of new build deployments. We are talking about GPOs (that enforce registry settings) that loose their effect after an update is deployed. I have several examples for this behavior.

    Each update is in fact a new OS, so in order to really be able to manage this new type of OS deployments you would need to have :

    - apps as a service

    - management tools as a service

    - acceptance testing as a service

    - new skills and knowledge as a service

    etc.

    Windows client OS updates have just gone wild with Windows 10, and supporting such lifecycle with real-life applications and management tools is a nightmare.

    0

    • Profile gravatar of Michael Pietroforte Author
      Michael Pietroforte 11 months ago

      LTSB sure does have influence on your update strategy. All the concerns you mentioned are solved by deploying LTSB. Patch management solutions only allow you to prevent feature updates for a certain time. With LTSB you only install security updates and bug fixes but no new features. Thus, LTSB is exactly what you need.

      0

  11. avatar
    Milan 11 months ago

    For IT departments that have the power to deny all demands for new Windows 10 features, yes LTSB could be a good idea.

    Otherwise, if you must provide new Windows 10 features because of business requirements then you are going to face the problem I am trying to describe. Only the client OS is a "service", everything else that is involved in using and managing the client is not, and it will not be in the near future.

    0

    • Profile gravatar of Michael Pietroforte Author
      Michael Pietroforte 11 months ago

      I dont't think that IT departments are under pressure to deploy new Windows features. It is usually just the other way around. Most end users prefer to "stick with what they know." This is the reason why Microsoft is pushing so hard to get their feature updates deployed.

      As to Windows as a service, in my view this term doesn't really make sense. If Windows was service, admins wouldn't be involved in the update process. In fact, they wouldn't even be involved in the deployment of Windows. The only thing that really changed with Windows 10 is the speed at which new updates become available.

      I think Microsoft still tries to figure out how to deal with the new update pace. The problem you mentioned with the changing GPOs and related issues such as incompatibilities with third-party apps will increase with every Windows 10 upgrade. We will see if customer complains will reach a level where Microsoft has to revise its update strategy.

      0

    • avatar
      Steffen Hornung 8 months ago

      @Milan: Which Windows feature might your company really need?

      I doubt your statement, Milan.

      You can install feature updates through your patch solution (you have one -right?) anytime you want. It is just an update, eh?

      If you REALLY have the need for new features rightaway you could deploy this set of computers with current branch for business and leave the others (i.e. finance + sales ...) on LTSB.

      This means 2 master images, but it is doable.

      @Michael

      Disabling WU does indeed have the effect that you are unable to install/update apps from the windows store. It just mentions "error while downloading". The current behave of MS is not consistent otherwise they would just ignore the service setting and reenable it - for "better user experience" of course.

       

      0

  12. avatar
    Industrial PC 11 months ago

    Great article, I just have a quick question. Would you be able to just disable the Windows Update service? 

    0

  13. avatar
    Ray 11 months ago

    Disable Windows update and Defer Updates only support Current branch for business (CBB)

    https://technet.microsoft.com/en-us/itpro/windows/manage/waas-servicing-branches-windows-10-updates

    Just edit Group Policy and reboot PC not take effect this setting , need click Check for updates button "one time" , this Group Policy will take effect immediately, next month you will not receive any  update.

    Not suggest disable windows update services, if disable this services may be cases many diff. issues.

    0

  14. avatar
    roberto 10 months ago

    I have used the GPO setting,  Configure Automatic Updates. Set it to disabled.

    Restarted the computer, but no red text appears in the windows update screen. I read that it only appears when hitting search for updates, did that, and it searched and download and installed a windows defender update. but still no red text, restarted but still the same.

    I'm wondering if it works or not, I quess not.

    W10 Pro, not on a domain (just workgroup)

    1+

    • Profile gravatar of Michael Pietroforte Author
      Michael Pietroforte 10 months ago

      What kind of red text do you expect? If you disable automatic updates, the Windows 10 settings don't display any hint in 1607. This is the difference to 1511. However, according to my tests the setting still works.

      1+

      • avatar
        Robert 10 months ago

        Well, that it says "some settings are managed by system administrator"

        I tried now a fresh installation and did the powershell script, option 2 (notify and not auto download) After that, I connected by cable to the internet, rebooted twice, windows update did nothing.

        I opened windows update and clicked search for updates, and I founded some updates but also installing automatically. While downloading I rebooted the computer, after that I opened again windows update and it was downloading and installing again without hitting anything. Is that correct?

        I would like to use the option 2 of the script, so users can decide if they wanted to install the updates or not. But I have to be sure that it works.

        1+

        • Profile gravatar of Michael Pietroforte Author
          Michael Pietroforte 10 months ago

          As mentioned in the article, in 1607 this "some settings are managed by your organization" message is not displayed anymore in the Windows settings when you configured automatic updates via Group Policy.

          If you manually check for updates, Windows 10 will download and install updates no matter what you configured for the automatic updates GPO. I guess Windows Update was not finished with installing the updates that you manually downloaded when you rebooted. So I'd say everything worked as expected.

          0

  15. avatar
    Robert Neuschul 10 months ago

    "Of course, you have no choice because if you don’t update Windows you put others at risk (for, instance if your computer is infected by a botnet). You also need to “update” your car for the same reasons (for instance, if your breaks have a problem). I always wonder why we don’t have a law that forces users to update their computers."

    1] for the first part of that statement to be true one needs to make various unsupported assumptions about how people do and don't configure deploy and use their wider systems, particularly their edge securities.

    2] for the last part of that statement; it's not MS's job to legislate for the stupidity of others, let alone to enforce their view of what is or is not correct operational practice.

    By all means provide the tools to do what's needful, but enforcing their use with MS's vision of the "correct" settings on everyone is both irresponsible and counter-productive.

    Systems theory tells us very clearly that the more complex any system gets the more fragile it gets and the higher the risk associated with that system. By enforcing common configurations and settings on most SoHo users and by linking all of those users into a single wider internet-linked eco-system MS have *increased* the risk and fragility of the internet.

    2+

    • Profile gravatar of Michael Pietroforte Author
      Michael Pietroforte 10 months ago

      What unsupported assumptions would that be? Are you seriously claiming that you can run Windows without updating it regularly?

      What makes you think that Microsoft is "legislating" Windows updates? You can still disable automatic updates. So what exactly is your point?

      1+

  16. avatar
    Nick 10 months ago

    I agree in principal that we need security patches to be applied auto-magically, however I do not agree that the machine restarts should also happen automatically. Microsoft should minimize restart requirements to elements that truly require a restart. Similar to Linux where most software and packages can be updated/upgraded without restarting the system. Even with device drivers there is a limited few that cannot be restarted  without reloading the whole kernel. However Microsoft feels that almost any registry change requires a restart. NOT TRUE. The notification WM_SETTINGSCHANGE takes care of triggering top windows to reload the registry. I know I've implemented it for an app I wanted to auto-push in an enterprise environment without royally pissing off my customers (I was a lot closer to them than Redmond -- words like tar and feathers were bandied around)  ...

    Microsoft should make a concerted effort to minimize machine restarts -- this will go a long way to removing the complaints that a lot of users have with it.  That being said ... I have a dell laptop that got completely FUBARed by 1607 (the update ran while the Dell was in a docking station using only the remote display) -- I'm seriously contemplating Ubuntu + VMware  (for windows apps). Windows 10 just has severe stability issues (mostly due to updates).

    Just a weird note on the use of the Policy: Windows 10 Pro 1607 -- it works, but the warning about policy managed options is gone ...

    Thanks for the solution

    Nick

    0

    • Profile gravatar of Michael Pietroforte Author
      Michael Pietroforte 10 months ago

      Microsoft's "concerted effort" to minimize restarts is an ongoing project since Windows 1.0. I think this Active hours feature is a nice idea. I believe it will reduce the number of annoyed Windows users.

      However, I doubt that it is much better with Linux. I manage Ubuntu servers and I have to restart them all the time. The only difference is that you can install Linux with a smaller footprint which reduces the number of required restarts. Perhaps Nano Server will improve the situation here.

      Nevertheless, I find it quite amazing that some IT companies (including Microsoft) believe that they can build AI considering that they are not even able to build an OS that does not require any restart. I am patching my brain all the time and so far it runs without any restart since the first boot. 😉

      1+

      • Profile gravatar of Michael Pietroforte Author
        Michael Pietroforte 10 months ago

        For the record, I have to reboot 4sysops which runs on Ubuntu right now even though I already restarted the server this week... So you have to wait a moment with your reply, 😉

        0

  17. avatar
    Milan 10 months ago

    Hey Michael,

    That is just wrong Linux you are using 🙂

    Check this out: https://www.youtube.com/watch?v=SYRlTISvjww

    0

    • Profile gravatar of Michael Pietroforte Author
      Michael Pietroforte 10 months ago

      The dancers in the video are great, but that doesn't really convince me. 😉 I've been working with SUSE for quite a while and I never really like it. They always try to do things in a different way and that gets you in all sorts of troubles. Ubuntu has somehow become the gold standard of Linux. This means that when it comes to troubleshooting, you find more resources on the web than for any other distribution.

      1+

      • avatar
        Padraig 10 months ago

        Michael,

        I run Debian at home and find that it very rare that updates require a restart. Having said that realistically (apart maybe for use as a file server) Windows is really the only practical option in business.

        0

        • Profile gravatar of Michael Pietroforte Author
          Michael Pietroforte 10 months ago

          Debian is known as a distribution that is slow with updates. It is kind of their philosophy. This explains the fewer restarts. Perhaps Ubuntu only exists because some Debian users didn't like this rather conservative stance. I think there are environments suited for both distributions.

          Microsoft, on the other hand, has adopted a very aggressive update policy which explains the perception that Windows needs more restarts. There were times when the Linux community has been criticizing Microsoft for their sluggish update behavior.

          0

  18. avatar
    Steve Marlor 10 months ago

    I hope that I am not repeating information previously contributed.

    I have Windows 10 Pro and I am on the Windows Insider program (fast stream). Since the Anniversary update, the Group Policy settings for configuring automatic updates e.g. "Notify for download and notify for install" do not work.

    Updates are downloaded and installed without user intervention.

    0

  19. avatar
    yo 10 months ago

    come on guys.. just disable windows update service then the updates are gone. that's it - simple!

    P.S.

    we are not talking about security here , just how to disable updates, right !?

    2+

  20. avatar
    MrNycticorax 10 months ago

    By the way setting up a metered connection is probably the best compromise as this point between disabling Windows Update and being force-fed all MS crapware. It's very easily done for wifi networks (properties > set as metered connection) and there is a simple hack for Ethernet here: http://www.windowscentral.com/how-set-ethernet-connection-metered-windows-10

    0

    • Profile gravatar of Michael Pietroforte Author
      Michael Pietroforte 10 months ago

      Yes, setting a network connection to metered is one way to prevent Windows 10 from updating. The easiest way is to do it with PowerShell which I covered in another article.

      0

  21. avatar
    Amir 10 months ago

    Hi Michael

    I read all of your word
    and i have windows 10 pro anniversary and i do Group Policy setting for windows update and i set this to 2 - Notify...
    but when i do check for update, windows find update and start download automatically without any notification

    i wana do update manually

    Michael what should i do?

    i use Ethernet and i set it to metered with reg edit but nothing changed and when i click to check for update windows find update and update automatically

    how can i found all thing work correctly?

    Plz Help Me if your advise dose not helped me then i can send you my team viewer id and you can come to my pc and help me too

    0

  22. avatar
    Steve Marlor 10 months ago

    Further to my previous comment, it seems that Microsoft may have resolved this issue.

    In the latest Insider edition of Windows 10 (14959), the Group Policy Configuration for updates ("Notify for Download and Notify for Install" is working again.

    I have had 3 notifications over the last 3 days advising that updates are available.

     

    0

  23. avatar
    Tara 9 months ago

    I am having the opposite issue.  For some reason the recommended Windows Anniversary SCM GPO Winodws 10 RS1 - Computer, is causing me to not be able to manually check for Windows Updates.  If I unlink this GPO and run gpupdate /force, then I can manually check for the updates.  I link the GPO and gpupdate /force and I get error code 0x8024002e updating windows 10.

    We want our technicians to be able to manually update the Windows 10 computers.  I separated out the Firewall settings to a separate GPO to see if that is the problem, but the updates were fine, so it is something else in the GPO itself and it has several policies configured.

    Any suggestions on which setting would cause this error?

    1+

    Users who have LIKED this comment:

    • avatar
  24. avatar
    Tara 9 months ago

    Hi, The recommended SCM 1607 - Windows 10 RS1 - Computer GPO.

    The download link is here: https://blogs.technet.microsoft.com/secguide/2016/10/17/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016/

    I have figured out it is the administrative settings that are causing the problem, but there are several settings configured in the GPO.

    I found it.  The MS recommendation is to set this administrative setting to enabled "Turn off access to all Windows Update features" That does not make sense to me that this is the recommended setting.  I could not manually apply updates.

    0

    • Profile gravatar of Michael Pietroforte Author
      Michael Pietroforte 9 months ago

      Hard to believe that Microsoft recommends to turn off all Windows Update features.

      0

  25. avatar
    Tara 9 months ago

    Hmm, I'm sorry, you are right.  This setting was changed in the GPO and is not set on the SCM original GPO for Microsoft Recommended settings.  I will bring this up with my team.  Guess that may help the users trying to fully disable all Windows update features though.

    0

  26. avatar
    Mark Heleniak 9 months ago

    Hi Michael et all;

    #1) I am glad I found you.    I have spent a full day reading up on "the problem" and yours is the only current and 100% no B.S. website I have found.   I breath a sigh of relief.

    DEF:  "no BS" .....   intelligent problem-solving discourse w/ ppl who understand the concept of testing, re-testing and learning to adapt to a moving target - which sadly is what Win 10 is.

    #2)  WOW, did I stumble into a hornets nest w/ Win 10  Pro ver. 1607 (current Build 14393.447) and auto reboot!!!
    Yes I can confirm that using the Local Group Policy Editor's 'Configure Auto Updates' setting still works despite (a) no immediate feedback in the Windows Update window and (b) despite the nebulous wording in the "Supported On" box which says

    "Windows XP Professional Service Pack 1 or At least Windows 2000 Service Pack 3"

    I am dyslexic so allow me to translate this bass-ackwards wording:   "This setting shouldn't work for anything after XP."
    But it does.  I rcv'd a request to allow DL a definitions update for Win Defender at 5:55am this morning.

    What did I do to make this work?  (besides editing Group Policy?)
    I did not reboot, but I did manually click on "check for updates" in the Windows Updates panel and also "Update Definitions" in Win Defender.  One or the other of both invoked the desired results.

    #3)  I am part of two-person shop which relies 100% on a variety of Windows OS'  to get its work done.  Because I've played "IT guy" w/ Windows machines since 3.1, I get to wear the IT hat once again.   This new cpu is needs to stay up and running 24/7 because it is hosting several iterations of Windows via VirtualBox in an environment that often runs in 24 hour stretches.

    At 6:05am this morning I made an 'executive decision' on the use of Windows 10 as  VM server ....  "no fricken way Jose"!

    Why?   Between last build and this build MS has narrowed the paths of resistance.  And we all know resistance is futile.  Therefore my VM server is going to become a Win 7 machine for at least the next four years.  I will put Win 10 into a VM with the anticipation of watching the Borg ... err Microsoft prove that resistance is indeed futile to Win 10 users of the Pro variety.

    -Mark

    0

  27. avatar
    Mark Heleniak 9 months ago

    I found the Microsoft page which spells out just what is going on w/ builds 1511 & 1607, Windows Update, Group Policies, and branches CB, CBB & LTSB.

    If you read it a couple times, it might make sense.

    https://technet.microsoft.com/en-us/itpro/windows/manage/waas-overview#servicing-tools

    From all this.....
    IMHO:  If you do IT of a small shop, if you don't need the latest & greatest features and you do need to be up 24/7, stick with Windows 7 for the foreseeable future.  MS has pledged to support Win7 until early 2020.  You have to believe that in the next 3+ years they will have sorted out the update/reboot mess created as they transition to "OS as a service".

    CONVERSELY:  If  you are big enough to be on a lease/upgrade plan and have the budget for Windows Enterprise - which still gives IT full control - you have the best of both worlds.

    -Mark

    0

  28. avatar
    salvina 7 months ago

    after searching a lot, i found this video quite helpful.

    https://www.youtube.com/watch?v=j6jLUYegyfQ

    1+

  29. avatar
    Mark Johnson 7 months ago

    I realizes this is an older post.  But we have a strange glitch.

    We have a groups of PCs that were on 1511 and we had added the registry entries to defer updates.  And now these PCs are getting the 1607 Upgrade.

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
    "DeferUpgrade"=dword:00000001
    "DeferUpgradePeriod"=dword:00000008
    "DeferOSUpgrade"=dword:00000001
    "PauseDeferrals"=dword:00000001

    IN 1507 the Defer Upgrade was checked and greyed out.  After the upgrade the Defer feature Updates is greyed out and we can't get it ungreyed.

    We removed the registry entries, we tried the new GP settings and still Defer feature updates stays greys out.

    These PCs are NOT part of a domain.

    Any way to remedy this issue?

    -Mark-

    0

    • Profile gravatar of Michael Pietroforte Author
      Michael Pietroforte 7 months ago

      I think I also had this problem. Did you try restarting the Windows Update service? One reason could be that Windows already started downloading and you currently can't defer updates. This is just a wild guess. You can also try running gpresult /v to see if any other Update policies are active.

      0

  30. avatar
    Alan McKnight 7 months ago

    I just need to stop windows update from Downloading  updates during normal working hours.

    Windows 10 seems to suck all the available network bandwidth and this is causing problems in our call center as it is effecting our IP  phones.  Surely there must be someway to prevent windows updates from downloading between the hours 9-5.  I don't care after hours.

    0

  31. avatar
    JDnHuntsvilleAL 6 months ago

    Microsoft STILL hasn't fixed a major update problem: IF YOU HAVE MORE THAN ONE HARD DRIVE installed on your PC or laptop, WINDOWS ANNIVERSARY won't install. You HAVE to PHYSICALLY DISCONNECT YOUR OTHER HARD DRIVES and THEN run the update.

    I did that, but I _HATED_ THE ANNIVERSARY EDITION. Fortunately, I had cloned my system to the second hard drive, so after re-installing the drive I cloned IT back to my original and have now TURNED OFF WINDOWS UPDATE ENTIRELY.

    IF anyone knows how to avoid installing the GD anniversary edition of windows (only -- still allow security updates) I'd appreciate you posting here.

    0

  32. avatar
    Ryry 6 months ago

    Thanks to some  comments above mentioning Windows Update serivce. I completely disabled Windows Update service!

    I have VirtualBox with lot of guest OSes running and Windows just kill them all and restart the whole PC, ANY TIME &WHENEVER IT LIKES!!!!! What a freakin Windows Update bs! Instead of killing VirtualBox, it should kill these nerds who invented this instead!

    0

  33. avatar
    Leslie 4 months ago

    We manage our updates  via SCCM and we have devices that are still getting rebooted because of the anniversary update.  We haven't EVEN deployed the anniversary update.  Any advice would be much appreciated, this is getting ridiculous.

    0

  34. avatar
    Leslie 4 months ago

    Forgive me for not understanding this correctly but if we are managing our updates via SCCM why would we need to configure the restart options for the anniversary update? We are wanting to release the update via SCCM and not have the devices get it directly from Microsoft. In the case I mentioned earlier, we made the anniversary update available in software center (not a push) and a couple of devices on 1511 wound up getting 1607 from Microsoft and rebooted the device. The devices are pointing to SCCM for updates so I don't understand how Microsoft delivered the update. In SCCM we have configured maintenance windows for devices so are you suggesting that even though we have SCCM configured we still need to add the restart options as a group policy? Thank you in advance.

    0

    • Profile gravatar of Michael Pietroforte Author
      Michael Pietroforte 4 months ago

      The restart options allow you to schedule reboots after updates have been installed. I think it doesn't really matter if the updates were deployed through SCCM or any other patch management solution. I never tried this option with SCCM. However it seems to be compatible with SCCM.

      My guess is that the devices that received the updates from Microsoft Update instead of SCCM were not configured properly. Perhaps you disabled the Specify intranet Microsoft update service location Group Policy? If so, it overrides the corresponding SCCM setting. Run gpresult on the corresponding machines to see what policies are configured.

      0

  35. avatar
    Mess 3 months ago

    There is no way to stop / disable Windows Updates Post Windows 10 Anniversary Edition.  The GPO changes no longer work.  Even manually disabling the service does not work.  Microsoft is going to shove these updates down our throats.

    0

    • Profile gravatar of Michael Pietroforte Author
      Michael Pietroforte 3 months ago

      What made you believe that disabling the Windows Update service does not prevent updates from being installed?

      0

Leave a reply

Your email address will not be published. Required fields are marked *

*

CONTACT US

Please ask IT administration questions in the forum. Any other messages are welcome.

Sending
© 4sysops 2006 - 2017

Log in with your credentials

or    

Forgot your details?

Create Account