- If an EC2 Reserved Instance is not applied or used - Thu, Jan 20 2022
- Midnight Commander remote connect via Shell link (copy files over SSH) and SFTP link using FISH and public key authentication - Mon, Jan 17 2022
- Root login via SSH and SFTP on EC2 instances running Linux - Wed, Jan 12 2022
Update I posted a new article about the topic:
I am certainly a friend of an aggressive update and upgrade strategy. But forcing users to update is not the right way. I also have doubts that this practice is legal in every country.
Windows Update only offers the “Automatic updates” and “Notify to schedule restart” options.
Perhaps this is why Redmond has partly backtracked by offering the “Show-or-hide updates” tool (wushowhide.diagcab), which I will discuss below.
Registry hacks no longer work ^
Please notice that this problem only exists on standalone machines. I outlined in a previous article that businesses have other options to stop Windows updates in addition to the ones I describe below.
In the Preview version, you could bring back the Windows Update applet in the Control Panel by changing the Registry keys. You will receive an error message (Cannot edit IsConvergedUpdateStackEnabled. Error writing the value’s new contents). The reason is that local administrators don’t have the right to change this value.
However, even if you take ownership of the key and then change the value, the Update applet will not appear in the Control Panel. I guess it is now finally gone. (Please let me know if you know of a way to bring it back.)
The only thing that you can still do in the Control Panel is uninstall updates. It appears to me that Microsoft is still fighting with the two different user interfaces in one operating system.
The registry key to change the behavior of Windows Update (HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\AUOptions) also no longer seems to have an effect.
Anyway, let’s see what we can do to stop automatic updates in Windows 10.
The show-or-hide update tool ^
Microsoft published a support article (How to temporarily prevent a Windows or driver update from reinstalling in Windows 10, KB3073930) after NVIDIA drivers caused problems.
Of course, it was only a matter of time (hours, perhaps) until a forced update would break systems. Even though the title of the KB article seems to indicate that the tool can only be used to prevent drivers and updates from reinstalling, you can use it to hide any update.
I tried the show-or-hide update tool with a driver, a normal update, and a security update and it always worked. However, right after I added an update to the list of hidden updates, it still appeared in Windows Update even after a Windows restart. Windows claimed it would install the updates automatically when I wasn’t using the computer. However, this never happened, and after a while Windows Update no longer showed these updates.
Hidden updates still appear in Windows Update.
The show-or-hide update tool is certainly useful if you are aware of a problematic update that you want to block. However, this method won’t make you happy if you want to completely stop Windows 10 from downloading and installing updates.
Stop automatic updates in Group Policy editor ^
As in the Windows 10 Preview version, you can also use the Group Policy editor to get additional options for Windows Update in Windows 10 RTM. Open the Group Policy editor by typing “gpedit.msc” in the search box of the Start screen. Then, navigate to Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update.
Stop automatic updates in Group Policy editor.
Option 1, Never check for updates (not recommended), from previous Windows versions is missing. It seems that not enough people took the “not recommended” part seriously.
Update: If you set the policy to Disabled, the old option 1 is enabled which means that Windows Update won't check for new updates. I will write a new post where I say more about this option and about the corresponding registry keys.
The Group Policy Notify for download and notify for install is another way to prevent updates from being downloaded. The only downside of this method is that Windows will constantly bother you to install missing updates. The advantage is that you will be reminded that you are working with a risky configuration.
You need some updates.
Note that the Windows Update app won’t show the changed settings immediately. Even a Windows restart doesn’t change the setting. Only after I clicked Check for updates did the new configuration show up in the Advanced Options.
Windows Update is set to notify to download.
You will then no longer be able to change the setting in the Windows Update app.
Also note that the setting Allow local admins to choose setting appears to not work on standalone machines. In the Preview version, you could then change the setting in the Control Panel. But since the Control Panel applet for Windows Update no longer exists, this setting won’t really help you.
Completely disable Windows Update ^
Systems exist where you don’t want Windows Update to mess with your installation at all. I usually completely disable Windows Update on virtual machines that I use for testing purposes. I am working with linked clones, which I destroy after the test is finished. Thus, installing updates on these systems is pointless because they usually only live for a couple of hours.
The last thing I want is for Windows Update to reboot a system during a test. Even worse is when Windows Update sometimes goes wild on idle systems and uses up all the CPU resources on the VM. If you have several VMs running on a host, and Windows Update suddenly gets bored simultaneously on a couple of VMs, your host might become more or less unresponsive and you will have a hard time getting control back on your host. Windows Update shows this odd behavior even if no updates are available!
The only thing that helps is to simply disable the Windows Update service. To do so, click Start, type “service,” and then start the Services tool. Navigate to Windows Update. After double-clicking the service, you can stop it and disable it so it won’t be bothersome again.
Disable the Windows Update service.
You can also use PowerShell to disable the service on a console with administrator rights:
stop-service wuauserv set-service wuauserv –startup disabled
If you later want to restore the default setting quickly, you can use these commands:
set-service wuauserv –startup manual start-service wuauserv
To avoid possible misunderstandings, I don’t encourage you to stop automatic updates in Windows 10. Keeping Windows up to date is extremely important for a variety reasons. Security is only one of them. If you disable Windows Update, you should take other actions to keep the system secure.
You should also have good reasons to turn off automatic updates. If you are just worried that Windows Update eats up the allowance of your mobile data plan, you just have to set the corresponding network connection to metered.
If a particular update causes problems, you can use Microsoft’s show-or-hide update tool. If you just don’t want to be patronized from Redmond, use the Group Policy editor. You can then decide for yourself if and when to install updates.
Update I posted a new article about the topic: