How to Disable Windows Update using Group Policy

Spread the love




Windows update is an essential service from Microsoft to ensure that all Windows devices will be updated with latest updates. These updates include feature enhancements, driver updates, service packs, security updates, critical updates and other updates. Disabling windows update is not recommended. But because of specific business requirement you may need to disable the windows updates. For example some companies might use 3rd party products for managing and rolling out Windows Updates. This article shows how to disable windows update using group policy.

How to Disable Windows Update using Group Policy

In this example, Windows client MBG-CL2 is already joined to the Active Directory domain called mustbegeek.local. The domain controller is running on Windows Server 2008 R2. The client machine MBG-CL2 where windows updates needs to be disabled is under the OU “mustbegeek.local\Prod\Billing”.

How to Disable Windows Update using Group Policy

Step 1. Create a Group Policy Object

Logon to Domain Controller server and open Group Policy Management snap-in from Start → Administrative tools → Group Policy Management. Now expand forest → Domains → mustbegeek.local and select on the OU Group Policy Objects as shown below.

How to Disable Windows Update using Group Policy

You can create a new GPO from here and then link it to any OU. Create new Group Policy Object by right-clicking on the empty space at the right panel and click New.

CreateNewGPO1

Now specify the GPO name as required and click OK as shown below.



NewGPO

After that, right click on “Disable_Windows_Updates” GPO and click on edit. This will open the Group Policy Management Editor, navigate under Computer Configuration. → Policies → Administrative Templates → Windows Components → Windows Update and  double click on Configure Automatic Updates policy as shown below.

GPMC

This will bring up the configuration window of this policy. Here, select Disabled radio button to disable the Windows updates and click OK.

ConfigureWindowsUpdates

This will save the configuration settings to the newly created GPO, now exit the Group Policy Management Editor.

Step 2. Apply the Group Policy Object

To apply the GPO we must link the policy to a the OU named Billing. In the Group Policy Management snap-in, navigate and right-click on the Billing OU and click on “Link an existing GPO”

LinkGPO

Select the GPO “Disable_Windows_Updates” and click OK as shown below.

How to Disable Windows Update using Group Policy

Step 3. Update and Verify GPO on Client Machine

Now log on to the client machine MBG-CL1 and open up command prompt. Type Gpupdate /force on the client computer to update the GPO settings on the machine. To verify if the GPO settings got applied correctly, type gpresult /r in the command prompt (Run as Admin) as shown below. The policy name will be appear under “Applied Group Policy Objects” under Computer Settings as shown below.

How to Disable Windows Update using Group Policy

After applying the policy successfully, the ability to configure or schedule the windows update will be disabled. But users can still check for new updates.

How to Disable Windows Update using Group Policy

The GPO can also be linked using a WMI Query or Security filtering. Refer the article How to Apply GPO to Computer Group in Active Directory to learn about applying group policy using security filtering.




The following two tabs change content below.
Bipin is a freelance Network and System Engineer with expertise on Cisco, Juniper, Microsoft, VMware, and other technologies. You can hire him on UpWork. Bipin enjoys writing articles and tutorials related to Network technologies. Some of his certifications are, MCSE:Messaging, JNCIP-SEC, JNCIS-ENT, and others.

Latest posts by Bipin (see all)

scroll to top