- Poll: How reliable are ChatGPT and Bing Chat? - Tue, May 23 2023
- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
In Windows 10 1511 (November Update), you could set Windows Update to "Automatic" or to "Notify to schedule restart" under the Advanced options of the Windows Update settings.
Advanced options in Windows 10 1511
Although I could not find an official statement, it appears that these options have disappeared in Windows 10 1607. The Advanced options no longer offer a drop down menu for changing the Automatic Updates setting:
Advanced options in Windows 10 1607
The reason probably is the new Active hours feature (see below). However, the missing drop down menu can cause confusion when you configure Windows Update via Group Policy.
Disable Automatic Updates
The Group Policy Configure Automatic Updates (Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update) has all the options of previous Windows versions: Notify for download and notify for install, Auto download and notify for install, and Auto download and schedule the install. The option, Never check for updates (not recommended), of previous Windows versions, can be configured by disabling the policy.
Note: You can also configure these Windows Update settings with a little PowerShell script that I wrote.
Configure Automatic Updates policy
If you configured one of the policies in Windows 10 1511, the Windows Update settings would inform the end user that "some settings are managed by your organization."
"Some settings are managed by your organization" in Windows 10 1511
In the Advanced options of the Windows Update settings, the user could then see what settings the administrator has configured via Group Policy, but would then be unable to change the configuration.
End user cant change Windows Update settings in Windows 10 1511
If you apply any of the policies to Windows 10 1607, the Windows Updates settings don't show any information about the configuration. However, based on my tests, the Anniversary Update still supports these policies.
When I gave my test machine access to the internet, without enabling any update policy , Windows Update always began by downloading new updates after a couple of minutes. The Windows Update settings usually displays the updates that are currently downloaded.
However, when I disabled the Automatic Updates via Group Policy, no downloads were shown. With the help of the networking monitoring tool, I could see that Windows downloaded a couple of megabytes from Windows Update, but then stopped. Even after several hours, no new updates appeared in the Update History.
I also tried the setting Notify for download and notify for install in Windows 10 1607, and it worked as expected. When new updates are available, the user will receive a systray message.
Systray message "You need some updates"
And if the user missed the message, the Action Center keeps a record.
"You need some updates" in the Action Center
A click on the message, will bring the user to the Windows Update settings where the updates can then be downloaded.
"Updates are available" in Windows Update settings
I didn't try the other Group Policy settings for Automatic Updates, but my guess is that they still work, even though the Update settings no longer show how admins have configured the computer.
Active hours
Although it is no longer possible to configure the behavior of Automatic Updates within the Windows 10 settings of the Anniversary Update, two new links are now visible: Change active hours and Restart options.
Change active hours and Restart options Windows 10 1607
The Active hours option allows you to configure for the times when Windows won't restart because an update is due to be installed.
Active hours
You can configure Active hours through Group Policy. Note that you can only see the new policy after you update the ADMX templates with the latest version for Windows 10 in the PolicyDefinitions folder on your Windows Server or in the Central Store.
Group Policy "Turn off auto restart for updates during active hours"
If you apply this policy to a Windows 10 1607 machine, the corresponding configuration in the local settings app won't change. However, according to my tests, restarts will then be scheduled corresponding to the Group Policy, and the Active hours configuration in the Windows 10 settings will be ignored.
Restart options
The Restart options can only be configured when a restart is scheduled. In this case, the user will receive a corresponding systray message and the restart time can then be rescheduled.
Restart options and Restart required message
Once a restart is scheduled, the Active hours link in the Windows settings will then disappear.
Active hours link disappears when a restart is scheduled
Wrap-up
The fact that the Group Policy configuration for Automatic Updates is no longer displayed in the Windows 10 1607 settings is confusing. However, the ability to centrally and locally configure Active hours, as a way of preventing unwanted restarts, is advantageous. I also appreciate being able to configure another restart time once the updates are downloaded.
Subscribe to 4sysops newsletter!
Unwanted restarts were certainly the major annoyance of Windows Update. However, if bandwidth consumption is your concern, then you might consider working with metered connections. With the help of a little PowerShell script, you can switch an Ethernet connection between metered and not metered. I will cover this option in my next post.
Read the latest IT news and community updates!
Join our IT community and read articles without ads!
Do you want to write for 4sysops? We are looking for new authors.
Hi Michael et all;
#1) I am glad I found you. I have spent a full day reading up on “the problem” and yours is the only current and 100% no B.S. website I have found. I breath a sigh of relief.
DEF: “no BS” ….. intelligent problem-solving discourse w/ ppl who understand the concept of testing, re-testing and learning to adapt to a moving target – which sadly is what Win 10 is.
#2) WOW, did I stumble into a hornets nest w/ Win 10 Pro ver. 1607 (current Build 14393.447) and auto reboot!!!
Yes I can confirm that using the Local Group Policy Editor’s ‘Configure Auto Updates’ setting still works despite (a) no immediate feedback in the Windows Update window and (b) despite the nebulous wording in the “Supported On” box which says
“Windows XP Professional Service Pack 1 or At least Windows 2000 Service Pack 3”
I am dyslexic so allow me to translate this bass-ackwards wording: “This setting shouldn’t work for anything after XP.”
But it does. I rcv’d a request to allow DL a definitions update for Win Defender at 5:55am this morning.
What did I do to make this work? (besides editing Group Policy?)
I did not reboot, but I did manually click on “check for updates” in the Windows Updates panel and also “Update Definitions” in Win Defender. One or the other of both invoked the desired results.
#3) I am part of two-person shop which relies 100% on a variety of Windows OS’ to get its work done. Because I’ve played “IT guy” w/ Windows machines since 3.1, I get to wear the IT hat once again. This new cpu is needs to stay up and running 24/7 because it is hosting several iterations of Windows via VirtualBox in an environment that often runs in 24 hour stretches.
At 6:05am this morning I made an ‘executive decision’ on the use of Windows 10 as VM server …. “no fricken way Jose”!
Why? Between last build and this build MS has narrowed the paths of resistance. And we all know resistance is futile. Therefore my VM server is going to become a Win 7 machine for at least the next four years. I will put Win 10 into a VM with the anticipation of watching the Borg … err Microsoft prove that resistance is indeed futile to Win 10 users of the Pro variety.
-Mark
I found the Microsoft page which spells out just what is going on w/ builds 1511 & 1607, Windows Update, Group Policies, and branches CB, CBB & LTSB.
If you read it a couple times, it might make sense.
https://technet.microsoft.com/en-us/itpro/windows/manage/waas-overview#servicing-tools
From all this…..
IMHO: If you do IT of a small shop, if you don’t need the latest & greatest features and you do need to be up 24/7, stick with Windows 7 for the foreseeable future. MS has pledged to support Win7 until early 2020. You have to believe that in the next 3+ years they will have sorted out the update/reboot mess created as they transition to “OS as a service”.
CONVERSELY: If you are big enough to be on a lease/upgrade plan and have the budget for Windows Enterprise – which still gives IT full control – you have the best of both worlds.
-Mark
after searching a lot, i found this video quite helpful.
https://www.youtube.com/watch?v=j6jLUYegyfQ
I realizes this is an older post. But we have a strange glitch.
We have a groups of PCs that were on 1511 and we had added the registry entries to defer updates. And now these PCs are getting the 1607 Upgrade.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
“DeferUpgrade”=dword:00000001
“DeferUpgradePeriod”=dword:00000008
“DeferOSUpgrade”=dword:00000001
“PauseDeferrals”=dword:00000001
IN 1507 the Defer Upgrade was checked and greyed out. After the upgrade the Defer feature Updates is greyed out and we can’t get it ungreyed.
We removed the registry entries, we tried the new GP settings and still Defer feature updates stays greys out.
These PCs are NOT part of a domain.
Any way to remedy this issue?
-Mark-
I think I also had this problem. Did you try restarting the Windows Update service? One reason could be that Windows already started downloading and you currently can’t defer updates. This is just a wild guess. You can also try running gpresult /v to see if any other Update policies are active.
I just need to stop windows update from Downloading updates during normal working hours.
Windows 10 seems to suck all the available network bandwidth and this is causing problems in our call center as it is effecting our IP phones. Surely there must be someway to prevent windows updates from downloading between the hours 9-5. I don’t care after hours.
I think you can only schedule the installation of updates. You could set the network connection to metered with a scheduled task and a modified version of my PowerShell script.
Microsoft STILL hasn’t fixed a major update problem: IF YOU HAVE MORE THAN ONE HARD DRIVE installed on your PC or laptop, WINDOWS ANNIVERSARY won’t install. You HAVE to PHYSICALLY DISCONNECT YOUR OTHER HARD DRIVES and THEN run the update.
I did that, but I _HATED_ THE ANNIVERSARY EDITION. Fortunately, I had cloned my system to the second hard drive, so after re-installing the drive I cloned IT back to my original and have now TURNED OFF WINDOWS UPDATE ENTIRELY.
IF anyone knows how to avoid installing the GD anniversary edition of windows (only — still allow security updates) I’d appreciate you posting here.
Thanks to some comments above mentioning Windows Update serivce. I completely disabled Windows Update service!
I have VirtualBox with lot of guest OSes running and Windows just kill them all and restart the whole PC, ANY TIME &WHENEVER IT LIKES!!!!! What a freakin Windows Update bs! Instead of killing VirtualBox, it should kill these nerds who invented this instead!
We manage our updates via SCCM and we have devices that are still getting rebooted because of the anniversary update. We haven’t EVEN deployed the anniversary update. Any advice would be much appreciated, this is getting ridiculous.
Did you try configuring the restart options?
Forgive me for not understanding this correctly but if we are managing our updates via SCCM why would we need to configure the restart options for the anniversary update? We are wanting to release the update via SCCM and not have the devices get it directly from Microsoft. In the case I mentioned earlier, we made the anniversary update available in software center (not a push) and a couple of devices on 1511 wound up getting 1607 from Microsoft and rebooted the device. The devices are pointing to SCCM for updates so I don’t understand how Microsoft delivered the update. In SCCM we have configured maintenance windows for devices so are you suggesting that even though we have SCCM configured we still need to add the restart options as a group policy? Thank you in advance.
The restart options allow you to schedule reboots after updates have been installed. I think it doesn’t really matter if the updates were deployed through SCCM or any other patch management solution. I never tried this option with SCCM. However it seems to be compatible with SCCM.
My guess is that the devices that received the updates from Microsoft Update instead of SCCM were not configured properly. Perhaps you disabled the Specify intranet Microsoft update service location Group Policy? If so, it overrides the corresponding SCCM setting. Run gpresult on the corresponding machines to see what policies are configured.
There is no way to stop / disable Windows Updates Post Windows 10 Anniversary Edition. The GPO changes no longer work. Even manually disabling the service does not work. Microsoft is going to shove these updates down our throats.
What made you believe that disabling the Windows Update service does not prevent updates from being installed?
hello
how can I do via directives or .reg that the PCs never make a version upgrade in Windows 10, only Wsus critical updates KB.
regards.