- Poll: How reliable are ChatGPT and Bing Chat? - Tue, May 23 2023
- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
Update I posted a new article about the topic:
Disable Windows 10 Update in the Registry and with PowerShell
I am certainly a friend of an aggressive update and upgrade strategy. But forcing users to update is not the right way. I also have doubts that this practice is legal in every country.
Windows Update only offers the “Automatic updates” and “Notify to schedule restart” options.
Perhaps this is why Redmond has partly backtracked by offering the “Show-or-hide updates” tool (wushowhide.diagcab), which I will discuss below.
Registry hacks no longer work
Please notice that this problem only exists on standalone machines. I outlined in a previous article that businesses have other options to stop Windows updates in addition to the ones I describe below.
In the Preview version, you could bring back the Windows Update applet in the Control Panel by changing the Registry keys. You will receive an error message (Cannot edit IsConvergedUpdateStackEnabled. Error writing the value’s new contents). The reason is that local administrators don’t have the right to change this value.
However, even if you take ownership of the key and then change the value, the Update applet will not appear in the Control Panel. I guess it is now finally gone. (Please let me know if you know of a way to bring it back.)
The only thing that you can still do in the Control Panel is uninstall updates. It appears to me that Microsoft is still fighting with the two different user interfaces in one operating system.
The registry key to change the behavior of Windows Update (HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\AUOptions) also no longer seems to have an effect.
Anyway, let’s see what we can do to stop automatic updates in Windows 10.
The show-or-hide update tool
Microsoft published a support article (How to temporarily prevent a Windows or driver update from reinstalling in Windows 10, KB3073930) after NVIDIA drivers caused problems.
Of course, it was only a matter of time (hours, perhaps) until a forced update would break systems. Even though the title of the KB article seems to indicate that the tool can only be used to prevent drivers and updates from reinstalling, you can use it to hide any update.
I tried the show-or-hide update tool with a driver, a normal update, and a security update and it always worked. However, right after I added an update to the list of hidden updates, it still appeared in Windows Update even after a Windows restart. Windows claimed it would install the updates automatically when I wasn’t using the computer. However, this never happened, and after a while Windows Update no longer showed these updates.
Hidden updates still appear in Windows Update.
The show-or-hide update tool is certainly useful if you are aware of a problematic update that you want to block. However, this method won’t make you happy if you want to completely stop Windows 10 from downloading and installing updates.
Stop automatic updates in Group Policy editor
As in the Windows 10 Preview version, you can also use the Group Policy editor to get additional options for Windows Update in Windows 10 RTM. Open the Group Policy editor by typing “gpedit.msc” in the search box of the Start screen. Then, navigate to Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update.
Stop automatic updates in Group Policy editor.
Option 1, Never check for updates (not recommended), from previous Windows versions is missing. It seems that not enough people took the “not recommended” part seriously.
Update: If you set the policy to Disabled, the old option 1 is enabled which means that Windows Update won't check for new updates. I will write a new post where I say more about this option and about the corresponding registry keys.
The Group Policy Notify for download and notify for install is another way to prevent updates from being downloaded. The only downside of this method is that Windows will constantly bother you to install missing updates. The advantage is that you will be reminded that you are working with a risky configuration.
You need some updates.
Note that the Windows Update app won’t show the changed settings immediately. Even a Windows restart doesn’t change the setting. Only after I clicked Check for updates did the new configuration show up in the Advanced Options.
Windows Update is set to notify to download.
You will then no longer be able to change the setting in the Windows Update app.
Also note that the setting Allow local admins to choose setting appears to not work on standalone machines. In the Preview version, you could then change the setting in the Control Panel. But since the Control Panel applet for Windows Update no longer exists, this setting won’t really help you.
Completely disable Windows Update
Systems exist where you don’t want Windows Update to mess with your installation at all. I usually completely disable Windows Update on virtual machines that I use for testing purposes. I am working with linked clones, which I destroy after the test is finished. Thus, installing updates on these systems is pointless because they usually only live for a couple of hours.
The last thing I want is for Windows Update to reboot a system during a test. Even worse is when Windows Update sometimes goes wild on idle systems and uses up all the CPU resources on the VM. If you have several VMs running on a host, and Windows Update suddenly gets bored simultaneously on a couple of VMs, your host might become more or less unresponsive and you will have a hard time getting control back on your host. Windows Update shows this odd behavior even if no updates are available!
The only thing that helps is to simply disable the Windows Update service. To do so, click Start, type “service,” and then start the Services tool. Navigate to Windows Update. After double-clicking the service, you can stop it and disable it so it won’t be bothersome again.
Disable the Windows Update service.
You can also use PowerShell to disable the service on a console with administrator rights:
stop-service wuauserv set-service wuauserv –startup disabled
If you later want to restore the default setting quickly, you can use these commands:
set-service wuauserv –startup manual start-service wuauserv
To avoid possible misunderstandings, I don’t encourage you to stop automatic updates in Windows 10. Keeping Windows up to date is extremely important for a variety reasons. Security is only one of them. If you disable Windows Update, you should take other actions to keep the system secure.
You should also have good reasons to turn off automatic updates. If you are just worried that Windows Update eats up the allowance of your mobile data plan, you just have to set the corresponding network connection to metered.
If a particular update causes problems, you can use Microsoft’s show-or-hide update tool. If you just don’t want to be patronized from Redmond, use the Group Policy editor. You can then decide for yourself if and when to install updates.
Update I posted a new article about the topic:
Disable Windows 10 Update in the Registry and with PowerShell
Want to write for 4sysops? We are looking for new authors.
I was reading through your articles regarding Update in Windows 10. I figured there must be a solution in local group policy, so I was trying what you mention in this article. I read the “Help” section of the “Configure Automatic Updates” policy setting and found this:
“If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start.”
So, set the policy to _Disabled_ and Windows Update will never check for updates. I tried this on a standalone Windows 10 Pro in a virtual machine bridged to the Internet and made a screenshot of the results. Perhaps it will need more testing. I’d send the picture to you, if you wanted or you could try it and post the results here.
A very large percentage of computers sold with Windows pre-installed contain the “Home” version of Windows. Group Policy Editor is not available to those users.
As Robert said, regular users can’t use group policy. There are very few machines that come with the Professional version unless you are at work. So the only method would be to disable windows update which is something i don’t want
I was looking a long time for this. It worked perfectly!
I was always fine with installing Windows updates since it was possible to select them one by one, with previous Windows versions.
Any chance to reactivate/hack this locked option with Windows Home Version 10.0.10240.16392?
Robert and ID, yes many people use the Home edition, but for 4sysops is a blog a for system administrators. For businesses the Home edition is usually not that important. Disabling the Windows Update service is not a big a deal. I do it on all my virtual test machines mostly because the service often causes performance problems. You just have to start the service again if you want to install the latest updates.
Morgan, I somehow doubt that it is possible with the Home edition.
Hello. Does setting the registry ‘Configure Automatic Updates’ to enabled -> (2) Notify to download and install, able you to manually choose which update you want or does that mean updates will on install and download, when the ‘check for updates’ button is checked?
–> or like toga said, if it’s true, that if it’s set to disabled you can manually choose the updates? just want a confirmation on this 🙂
sorry for the typos.
on* – only
checked!* — pressed
ToGa, you are right. Disabling the policy disables Windows Update. I posted an article about it.
I clicked thumb down by accident, I got used to voting where the default option on the left is a thumb up. Thanks for article and please consider changing it. 🙂
I lost hours of work because a scheduled update and restart, made by default. You can imagine how furious I got with Microsoft.
Please consider the most important part of this game: YOUR USER, not your support.
Please, be respectful with us and take care on your technical decisions. Do your best by the first time and you will not have to fix things for ever.
Have you found the GP entry to disable peer-to-peer windows updates? I’ve only seen how to do it in the GUI on each machine.
I have a very good reason to not want automatic updates, I run a private radio station on one of my computers, this is streaming music 24/7, I go beserk when there is a problem which cuts the music for even 5 seconds, unplanned updates and reboots are absolutely out of the question or having to manage updates more than once a month. I have a backup/failover station to which I fail over to manually, the transition is absolutely transparent so I plan my updates once a month in that way. It’s also not an option to do a failover every 2 days, it’s quite a stressful and time consuming exercise and don’t have the free time evenings for this. Surely I can’t be the only person in my situation. If there is a way with the Pro edition to manually manage updates then I would buy it , I would hope to be able to do this with the local group policies, if those continue to exist. On my other 3 computers it really doesn’t matter but no one touches my station computer. I am also not happy that my computers should be managed by a 3rd party company.
I Wonder sometimes, the Windows Updates service has full access to your computer, it has the power to copy your hard drive content, I think this is rather spooky.
I hope you can help. I am just more confused than ever. I put 10 on two of my laptops, don’t have the install partitions on them to get them back so gonna be a hassle for me. Probly just go linux if I can’t get this to work. Anyway, I am on satelite internet. I did not understand that is what metered meant and I should have selected it. Now, I don’t know what to do. I don’t have the bandwidth to download these updates. I have to pick and choose. If I can’t do that and pick which updates I install then I just can’t use it or not update at all. I am hoping there is a way through metering to be able to pick what I just have to have and not all their bloatware crap.
Please tell me how to fix these machines where they are metered, do i have to reinstall. and whether that will let me pick what I update or not… cus otherwise I am just gonna have to put a linux distro on these now… I screwed up, not thinking you don’t have cd’s for installs like you use to, lol…. I don’t even have the keys for them anymore lol… what a fiasco this has turned out to be… don’t think i will ever go past 8.1 on desktop now…. too much trouble…..
anyway, thanks i look forward to hearing from you… will it email me to let me know or will you email me… thank you
don really need this to work lol
there’s no way to access the group policy editor, so i can decide which updates i want, i am therefore forced to disable updates completely, as windows 10 offers no means of letting me decide about updates!
Hello, I want to thank you greatly for helping with the Windows Update problem. Where it was always trying to force you to update. I don’t mind at all updates, but moreso on my time, not when Windows or Microsoft thinks it’s best. On my Surface Pro 3, I used the Group Policy method you showed & it works seamlessly. The only thing I would want more is to pick & choose which updates I want to install. Like the “old days”.
Thank you for the help!
I think it is nice to have an updated system, and it would be nice for updates to be auto-managed, but the issue with windows autoupdate is that it is extremely obtrusive. I don’t think I’ve met a single person who has said to me “you know what’s nice, having that windows update feature constantly popping up and randomly shutting down my computer for me, it’s so convenient and helpful!” (at least, not in a non-sarcastic context). Also, by constantly searching for, and installing updates at shutdown/startup, ones overall ‘average effective startup/shutdown times’ are significantly increased due to the high frequency of updates requiring extended installation time. This gives a perceptual performance drop in the overall system, whereas doing more updates in a single burst are simply seen as ‘a single project/event’ and not perceived as a general system performance state.
With non-techies I find it to be one of the single most complained about annoyances with regards to computers in general. Not only that, but I find it’s very dangerous to leave enabled when setting up computers for people who are not very tech-savvy, and especially so for older people who are inclined to get confused or startled when their computers start randomly doing things. I know someone who fried an old windows 98 this way when they went to shut down the pc, and it suddenly came back on with loading wheels and whatnot. They thought “they were being hacked” and hard-shutdown the pc in the middle of the update (I think they may have even pulled the plug from the back of the box). I’ve found the best method is to ‘never check automatically’ and to instead have a shortcut link on the desktop/taskbar to quickly access the manual update section (you can even set up calendar reminders to politely ask every couple of weeks if you have done updates recently). This is the basic setup I’ve used, and users tend to like it because they feel like they are in greater control of their system and aren’t constantly harassed by some outside force. It’s even better with adequate logging, because then a user actually sees what their computer just did (not overblown logging of every little event, but at least a nice summary of all updates and a brief synopsis on what they are for)
This requirement to manually stop a system service and start it back up to run the updates is definitely not ideal for these situations. It’s not unbearable, but it’s just another example of poor design consideration on behalf of Microsoft where they effectively view their clientele as mindless apes flailing around and whacking away at keyboards without rhyme or reason. “We sure don’t want the user to break our…oops! I mean their! computers”, they must think. Again, it’s the usual trend where something which was easy and user friendly now requires registry editing and scripting. Honestly, it’s not so much that these Microsoft systems really change all that much from generation to generation (not counting the ‘deep-system’ operational changes), since you always could have changed these options through the registry, they basically just got rid of the gui and now force you to do it through the registry. It’s just an added annoyance and inconvenience they decided to implement without necessity.
first disable and then stop the service to avoid the chance of the service reviving automatically in the “very short” time between the commands.
I bought my Dell XPS 8900 Win10 Home back in late 2015 after my eight year old WinXP died. Used for my work as an artist, home use and some gaming. Originally, it came from Dell with build 1511 and was very happy with that build. Then, in early 2017 because of a buggy security update (which crashed my CPU and infected files) , I now run my machine using the 10240 build which allows you to “Disable” the Windows Update Assistant. Not just “Manual” but actually lets you “Disable” the dang thing.
I still have to keep an eye on my “Services” because Microsoft keeps sending me “We can’t send you security updates until you update your OS” sort of notices every few days. It tries to install the “Win Update Assistant” (which I uninstall) but I refuse to update the OS’s build further.
Any software updates, I can get on Their site. Any Microsoft Security updates, I can get from their site….individually. I can’t afford my satellite bandwidth tied up in forced downloads when MS decides.
I am on a very limited satellite bandwidth (very rural area) and the forced 1607 Anniversary “cumulative download” drove it through the roof to throttle any normal usage for nearly a month. Fortunately, mine has a “Grandfathered rolling” DAP setup.
I really wish Microsoft would allow you to “pick and choose” which security/updates you need or use, like the older versions did. Metering did not work for me.
Thank you so much sir for the explanation above, unlike you I’m no fan of updates I have a good firewall and antivirus programs and am very upset my system was “upgraded” from win 8 to win 10 without my permission and now am stuck with it, I must have uninstalled the windows update assistant at least 20 times in the last couple days, killing the process, deleting the program and bloking any window program event remotely connected to an update program, I now have an almost infinite list of windows update progs blocked in my firewall, I never experience such malicious and pervasive program… seems like I am about to win a battle here, because of this continuous struggle to keep control over whats going on in MY computer I seriously consider switching to Linux in the very near futur.
Thx again Sir
I just want to disable the updates because they are annoying. Popping a window to restart even after i open the pc later? Random updates don’t mean anything to me and the ,,security reasons” is just stupid. Viruses aren’t installing by themselves and i say no one cares about a computer full of games anyway.
Quick tip. You want to be secured on internet? Don’t be stupid. That’s all there is to say about it actually because FREE MONEY isn’t going to happen anytime soon.
I don’t know if this is a dead post or not, but here is the configuration i end up using at home.
i first became interested in a way to stop Windows Update when my computer restarted without asking in the middle of an online game.
Disabling the Windows Update service is not a permanent solution to those who want it gone completely. In the task scheduler there is a task that will restart the service eventually. For instance, if you hadn’t upgraded to Windows 10 1607 by October 2017, the service would automatically restart seemly on its own. From what i understand the end service of 1607 is April 2018. If by that date you haven’t upgraded to 1703 or 1709 then i assume the Update Service will kick in again and download and install 1703 & 1709.
Since, when 1607 first came out messed with my gaming computer (full screen apps would still display the star menu bar) What I personally ended up doing was configure a free dns service and block all Microsoft sites for my entire home network. Then i created a free vpn account and whenever i need to download updates, i connect to the vpn and download them. I found this to be the best option because i am in full control of when and if i want to install an update.