Skip to content

Instantly share code, notes, and snippets.

@bitaller

bitaller/Disabling Windows 10-11 Update.md

Created December 15, 2022 07:14
Show Gist options
  • Star 5 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save bitaller/e37527eac90274e65a707b889294786a to your computer and use it in GitHub Desktop.
Save bitaller/e37527eac90274e65a707b889294786a to your computer and use it in GitHub Desktop.
Download ZIP
Disabling Windows 10-11 Update
Raw
Disabling Windows 10-11 Update.md

if you just want to stop the automatic-update but you still want to be able to install updates yourself by launching the Windows update manually, you just need to apply a group-policy: run: gpedit.msc, computer configuration, administrative templates, windows components, windows update, configure automatic updates - set to disabled.

01_start_run_gpedit_msc_group_policy

02_group_policy_windowsupdate_configureautomaticupdates_disabled_noautoupdate

or apply:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000001

;not sure if '848E11D4-D798-4EAB-B5E6-690E90E02082' is unique to my machine or will it work with yours too
;uncomment and apply if you so wish.. the 'gpedit.msc' is safer 
;[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{848E11D4-D798-4EAB-B5E6-690E90E02082}Machine\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
;"NoAutoUpdate"=dword:00000001
;"**del.AUOptions"=" "
;"**del.AutomaticMaintenanceEnabled"=" "
;"**del.ScheduledInstallDay"=" "
;"**del.ScheduledInstallTime"=" "
;"**del.ScheduledInstallEveryWeek"=" "
;"**del.ScheduledInstallFirstWeek"=" "
;"**del.ScheduledInstallSecondWeek"=" "
;"**del.ScheduledInstallThirdWeek"=" "
;"**del.ScheduledInstallFourthWeek"=" "
;"**del.AllowMUUpdateService"=" "

to reverse the policies either use gpedit.msc again (set to not configured) or apply this:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=-

;not sure if '848E11D4-D798-4EAB-B5E6-690E90E02082' is unique to my machine or will it work with yours too
;uncomment and apply if you so wish.. the 'gpedit.msc' is safer 
;[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{848E11D4-D798-4EAB-B5E6-690E90E02082}Machine\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
;"NoAutoUpdate"=-
;"**del.AUOptions"=-
;"**del.AutomaticMaintenanceEnabled"=-
;"**del.ScheduledInstallDay"=-
;"**del.ScheduledInstallTime"=-
;"**del.ScheduledInstallEveryWeek"=-
;"**del.ScheduledInstallFirstWeek"=-
;"**del.ScheduledInstallSecondWeek"=-
;"**del.ScheduledInstallThirdWeek"=-
;"**del.ScheduledInstallFourthWeek"=-
;"**del.AllowMUUpdateService"=-

if you want to disable the windows update entirely (it is reversible) follow those steps.

  1. download Micorosft Autoruns for Windows and run Autoruns64.exe as admin. 03_microsoft_sysinternals_autoruns_for_windows_download 04_microsoft_sysinternals_autoruns_for_windows_archive_open

  2. 05_autoruns_services_waasmedicsvc_wuauserv_state_to_disabled
    1. switch to services-tab, scroll to WaaSMedicSvc (Windows Update Medic Service - Enables remediation and protection of Windows Update components.), uncheck the checkbox on the left. this means the service start (a.k.a "startup type") is switched to disabled.

      or apply this:

      Windows Registry Editor Version 5.00

;WaaSMedicSvc - Windows Update Medic Service
;manual (3) to disabled (4)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc]
"Start"=dword:00000004
    2. do the same for wuauserv (Windows Update - Enables the detection, download and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.)

      or apply this:

      Windows Registry Editor Version 5.00

;wuauserv - Windows Update
;manual (3) to disabled (4)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
"Start"=dword:00000004
  3. run: taskschd.msc (or manually open task-scheduler), scroll (and open) the following sub "keys": microsoft, windows, windowsupdate. on the right - right click the task named Scheduled Start, and click disabled. 06_start_run_taskschd_msc_task_scheduler 07_task_scheduler_windowsupdate_scheduled_start_disable
  4. (optional) look around gist/github for Micorosft blocking lists, copy them to desktop, merge them to one list, sort and unique the list to prevent duplicates using https://eladkarako.github.io/sort - make sure each line is in HOSTS-format: 0.0.0.0 microsoft.com (for example), no #, switch 127.0.0.1 to 0.0.0.0, run notepad++ as admin, open: C:\WINDOWS\system32\drivers\etc\hosts - to the end add your list, make sure the EOL-characters are Windows-EOL (edit, EOL convertion). this prevent resolving hostnames to real IP addresses. it isn't very effective though. 08_hosts_block_list_github_gist 09_hosts_block_list_copy 10_notepad_plus_plus_open_as_admin_c_windows_system32_drivers_etc_hosts
  5. (optional) install peerblock, enable only the Microsoft blocking list, make sure the HTTP blocking is also enabled. it should prevent connection even if a hostname was somehow resolved to an IP. 11_peerblock_as_admin_block_http_as_well 12_peerblock_as_admin_add_ms_ip_blocking_list_iblocklist_com_lists_bluetack

    6. side-effects: steps 1-3 stops the automatic update but also the service itself.

    optional steps 4 and 5 will break browsing of Micorosoft-related websites.

    no installing updates and fixes even when they are locally stored, you'll need to enable the two services and restart the computer for that. if you've installed peerblock (with http traffic blocking) and/or used hosts-blocking lists you won't be able to access other MS-related websites.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment