- Poll: How reliable are ChatGPT and Bing Chat? - Tue, May 23 2023
- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
It appears blogging about Windows Update in Windows 10 has become my new passion. This is my fourth post about the topic, and I am sure it won’t be the last.
With Group Policy
A previous post explained how you can disable Windows Update with the Group Policy Editor (Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update).
After I published the article, I learned that disabling the policy is equivalent to option 1 (Never check for updates [not recommended]) in previous Windows versions.
Disable Automatic Updates in the Group Policy Editor
This inspired me to look for the corresponding Registry keys. For some reason, Microsoft keeps moving the location of the settings with every new Windows release.
In the Registry
In Windows 10 (final release), the Registry settings for automatic updates can be found here: HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\. However, the WindowsUpdate key will only be created after you change the settings with the Group Policy Editor, and Windows will delete the key if you set the policy to “Not Configured.”
If you take a closer look at the Registry key, you will notice that it is in a Policies folder. Because Windows 10 Home doesn’t support Group Policy, these settings can’t be used for this Windows edition. Thus, you can use the procedures described here only with Windows 10 Pro and Windows 10 Enterprise.
If you really need to turn off automatic updates in Windows 10 Home, you can disable the Windows Update service as I described in my previous post. If I learn about the Registry settings for Windows 10 Home, I will post them here.
To disable Windows Update in the other Windows 10 editions, you have to set NoAutoUpdate to 1 in
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU.
If the corresponding keys don’t exist, you have to create them.
You can also copy the contents of the code below to a file with the extension .reg and then double-click it.
Disclaimer: I take no responsibility for what my guide will do to your computer. These changes are not documented, and you follow my instructions at your own risk!
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU] "NoAutoUpdate"=dword:00000001
Note that new settings become active in the Windows Update app only after you check for new updates. Even rebooting the computer does not activate the settings.
The “Never check for automatic updates” setting in Windows 10
As you can see in the screenshot above, you will no longer be able to change the automatic update settings in the Windows Update app. If you want to enable automatic updates again, you simply have to delete the WindowsUpdate key with its sub keys. This is what the REG file below will do when you double-click it.
Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
With PowerShell
Group Policy offers more options than the Windows Update app offers in Windows 10. If you want to quickly switch between the different settings without navigating to the corresponding folder in the Group Policy Editor, you can run the little PowerShell script below. Make sure that you have admin rights and that you configured the PowerShell execution policy accordingly.
I didn’t implement all settings that the policy offers. For instance, I didn’t include the fifth option (Allow local admin to choose setting) because it has no effect on standalone machines.
I added the options for the scheduled time to configure when Windows will reboot after installing the updates, but you have to edit the values in the script if you want to use this feature. Note that these settings only have meaning if you use option 4 (Auto download and schedule the install). You can find out what the values mean if you in the Group Policy Editor. Also note that the scheduled time only affects updates that have not yet been downloaded and installed.
The script essentially mimics the actions of the Group Policy Editor when you choose between the different options or when you disable the policy. I added the values ScheduledInstallDay and ScheduledInstallTime to options 2 (Notify for download and notify for install) and 3 (Auto download and notify for install) because the Group Policy Editor does the same when you select these settings. But I guess it is not required.
Note that the script always deletes all previous automatic update settings including those that you configured with the Group Policy Editor.
As always, use at your own risk!
Clear-Host
Write-Host "0 -> Change setting in Windows Update app (default)"
Write-Host "1 -> Never check for updates (not recommended)"
Write-Host "2 -> Notify for download and notify for install"
Write-Host "3 -> Auto download and notify for install"
Write-Host "4 -> Auto download and schedule the install"
Write-Host "Enter any character to exit"
Write-Host
switch(Read-Host "Choose Window Update Settings"){
0 {$UpdateValue = 0}
1 {$UpdateValue = 1}
2 {$UpdateValue = 2}
3 {$UpdateValue = 3}
4 {$UpdateValue = 4}
Default{Exit}
}
$WindowsUpdatePath = "HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\"
$AutoUpdatePath = "HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU"
If(Test-Path -Path $WindowsUpdatePath) {
Remove-Item -Path $WindowsUpdatePath -Recurse
}
If ($UpdateValue -gt 0) {
New-Item -Path $WindowsUpdatePath
New-Item -Path $AutoUpdatePath
}
If ($UpdateValue -eq 1) {
Set-ItemProperty -Path $AutoUpdatePath -Name NoAutoUpdate -Value 1
}
If ($UpdateValue -eq 2) {
Set-ItemProperty -Path $AutoUpdatePath -Name NoAutoUpdate -Value 0
Set-ItemProperty -Path $AutoUpdatePath -Name AUOptions -Value 2
Set-ItemProperty -Path $AutoUpdatePath -Name ScheduledInstallDay -Value 0
Set-ItemProperty -Path $AutoUpdatePath -Name ScheduledInstallTime -Value 3
}
If ($UpdateValue -eq 3) {
Set-ItemProperty -Path $AutoUpdatePath -Name NoAutoUpdate -Value 0
Set-ItemProperty -Path $AutoUpdatePath -Name AUOptions -Value 3
Set-ItemProperty -Path $AutoUpdatePath -Name ScheduledInstallDay -Value 0
Set-ItemProperty -Path $AutoUpdatePath -Name ScheduledInstallTime -Value 3
}
If ($UpdateValue -eq 4) {
Set-ItemProperty -Path $AutoUpdatePath -Name NoAutoUpdate -Value 0
Set-ItemProperty -Path $AutoUpdatePath -Name AUOptions -Value 4
Set-ItemProperty -Path $AutoUpdatePath -Name ScheduledInstallDay -Value 0
Set-ItemProperty -Path $AutoUpdatePath -Name ScheduledInstallTime -Value 3
}
Thanks for all this! Working great for me! Question: After doing a “Check for Updates”, is there an option to chose WHICH updates one wants to install? I’m currently up to date with all my updates so I have nothing to choose at this time anyway. Just wondering if I’ll get that option when there is something?
Jack, you can’t really choose which updates to install on a standalone machine. However, if you have Windows 10 Pro or Windows 10 Enterprise you can defer upgrades, that is, updates that bring new features. You can also prevent that particular updates are installed (such as faulty drivers) with Microsoft’s show-or-hide update tool. If the machine is part of a corporate network, you have more options as I explained here.
Thanks, Michael!
Yeah, I don’t like the deferral option very much. It’s only temporary and the updates WILL get installed eventually. As for the MS tool, I have that as well. Unfortunately it only works AFTER an update has been installed for the first time. Can be a little inconvenient as well.
I suppose minor points, but IMO are the worst things about Windows 10. I have it on three stand alone machines and am enjoying it so far (after a couple work-arounds like this one and fixing title bar colors :>))
Great article! Is there a reg key or PS script for Windows 10 update to set “how updates are delivered” so that you can pick the ‘PCs on my local network’ option. I’ve also been looking to find if there is a GPO I can set to do this?
It doesn’t work for me on powershell or registry.
Thanks.
hi there Michael, i tried many ways already and still cant manage to disable the windows update. i am using windows 10 currently. So is it rewally impossible to disable the automatic update function like in previous win 7, XP and etc ?? If i disable and stop the windows update in the “sevices” will it stop downloading the update for my win 10 ? And will it also stop updating my other program like flash player those things ? Cause i actually just want to stop updating my win 10 only and not other program …. Hope to hear from you asap ya , thanks bro ..
Tony, disabling automatic updates in Windows 10 only affects Windows and not the software of third party vendors.
Michael,
Do you paste the whole line in PowerShell?
Write-Host “0 -> Change setting in Windows Update app (default)”
Bob, you shouldn’t paste the script line by line into a PowerShell console. You have to save the script as file with a .ps1 extension and then execute the entire script from a PowerShell console.
Since I installed win 10 on 3 system, i’ve been going over my limited cap of 400GB a month.
Win 10 maybe fast and small but the continuously dl daily, sucks the big one…
Win 10 Failed!!! and I disable all the wincrap updates. Something is hidden and wrong with it 🙁
not happy. maybe i should go back to win 7, if not drop windows.
Check out some of the options to cache updates, they maybe prove quite useful 🙂
How do you disable/re-enable changing defer upgrades option in windows 10 pro? I’m only looking to gray this option out via registry vs group policy.
How do I change this back to enable updates?
Just run the script again and select “0.”
Thanks for this article !
The Group Policy option works perfectly.
Now i have the “Never check for automatic updates” setting, but manual update still works !
What can i do to prevent manual updates ?
(Disabling the Windows Update is not a good solution because it’s used to install “.msu” packages…)
Thanks
Disabling the Windows Update Service *
Maintaining a WSUS server
Thank you very much Michael. I am using a limited plan and was fed up with the automatic update of Windows. Now I know how to resolve the issue. Thanks again.
Happy Sunday !
Thank you very much. Worked for us on Windows 10 Enterprise x64 1607 very well! Looking forward to test the script on Win10 1703 or later!
Best wishes!
Thank you! Your method used to work but not anymore. I think recent Windows updates have “disabled” the NoAutoUpdate registry key. NoAutoUpdate is still there but it does not do anything.
After setting it to “1”, there is no red wordings “Some settings are managed by your organization”.
Instead, now there is a Update Settings in Settings and it still says “Available updates will be downloaded and installed automatically, except over metered connections (where charges may apply)”.
We tried on Windows 10 Professional. I think NoAutoUpdate stopped working a few weeks ago.
I can confirm Schubert’s findings, unfortunately.
After 1703, it seem practically impossible to block automatic WU from running, without killing the service entirely.
Which is a problem for me, as I need all OS updates disabled, except for automatic driver installations.
Help would be greatly appreciated.
Is it possible to also enable “Do not include drivers with Windows Updates” in Group Policy using PowerShell?
I suppose it is possible if you know the corresponding registry key. However, the main problem is that Microsoft is changing the update settings with every Windows upgrade. Thus, what works today, will most likely not work tomorrow. Even if you find the correct registry key now, you don’t know if your script will work longer than a couple of weeks.
I haven’t tried it yet, but if you feel adventurous and want to completely disable updates in Windows 7-10 Professional Editions (not recommended whatsoever, but perhaps temporarily useful for people who occasionally find themselves on metered networks) you can try configuring your computer to get updates from a WSUS server that doesn’t exist via the registry, or Group Policy. A quick Google will show you which keys to add/edit.
Thanks for the tip! This sounds like an interesting solution. I might have a closer look.
A classs action lawsuit needs to be filed against Microsux.
We’re running Winblows 10 Pro on Digital X-Ray systems and several of these reside in surgery labs.
And the P.O.S. wants to restart when the system is in use while placing pin’s in hips or any other surgical procedure.
Or while the surgeon is using the system it announces that a new update is available and they’ll tell it later and the sucker just keeps hounding them.
I’ve gone through the registry to limit it’s intrusion and gone as far as disabling the updates in services. But Microsux finds a way around these work arounds.
I’m about ready to throw in an ASA and block anything microsux on the workstation IP addresses.
What a pain in the ass.
Use GpEdit.msc adjust the policy settings for the restart behavior you desire.
Path: Computer Configuration\Administrative Templates\Windows Components\Windows Update
The policy that should help you “Turn off auto-restart for updates during active hours” and “No auto-restart with logged on users for scheduled automatic updates installations”.
Guessing you might not be Sys Admin for your Org if so contact the helpdesk. Your updates most likely are coming from WSUS/SCCM and the client manages most of the behavior. The Computer object will be moved to the correct collection and the correct BranchReadinessLevel Set.
FYI in addition, disabling Windows Update service doesn’t work either. After a while it mysteriously gets set back to “automatic” from “disabled” and runs again. I have been unable to determine which task is doing that.
still nothing for windows 10 home?
This is why I and all my friends are staying with Windows 8.1. There is none of this problem. When you turn off updates they stay turned off. Windows 10 was brought out only to benefit Micro$soft, not the users.
Mr.Michael, Good Day….
I configured client PC (window10) with WSUS server(server2012).when will update client PC did not take fix the time schedule.
Example: fixed the scheduled time 11 pm(every day).but, client PC already updated at 6:49 PM.
kindly waiting for Your valuable reply…
Any idea what could be causing the Windows Update registry settings that are specially configured by a script to revert back to what I assume is their defaults? This is on Server 2016. There is nothing configured in GPEdit.msc; I've disabled a couple of tasks in the Windows Update section. It doesn't appear that there is any group policy overwriting at least the Windows Update section when viewing the RSOP.msc. Any ideas? A different task reverting everything? Thank you.