How to block completely Windows Update on my network
Solution 1
In order to block it in one section of our network the following domains were redirected to a site with instructions:
- update.microsoft.com
- windowsupdate.microsoft.com
- windowsupdate.com
- download.windowsupdate.com
These seem to have done the trick here, but it mightn't be the full list.
Solution 2
You may want to consider, rather than blocking all updates, managing updates with WSUS. Assuming you have a copy of Windows Server and your clients are in a domain, it's a free option that you can use to only deploy updates when and where you want them.
Solution 3
Blocking the windows updates is a very hard task. You can't only block a few of the servers as there are many and if 1 is blocked, the updates immediately go to a different server.
You can check some of the servers here:
https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1709-non-enterprise-editions
Related videos on Youtube
![Pitto](https://i.stack.imgur.com/DxOt0.jpg?s=256&g=1)
Pitto
Updated on September 17, 2022Comments
-
Pitto almost 2 years
I know it is not safe but I need to know how to prevent all computers in my LAN to download updates.
I have squid as proxy with dansguardian and I use OpenDNS...
I have put on a blacklist on dansguardian microsoft.com but it looks like it is not enough.
-
JamesK over 13 years+1 WSUS is a great way to manage Microsoft update - Central management of what updates are applied and which are not - 1 download instead of many. you could also use the GPO to fully block Microsoft Updates by pointing the update server path as an unreachable location.
-
Pitto over 13 yearsOf course that will be the final aim... Now I just need a way to block updates because there are free roaming pc, I don-t know where, killing my bandwidth
-
Niall Donegan over 13 yearsI'm with Michael and JamesK here despite my answer despite my original answer.
-
Pitto over 13 yearsMy question is specific... I just need to know how to block it :) No domain here and install manually wsus on a LOT of clients will be done in future when we'll have domain... Now I just need windows update to stop eating bandwidth for a while...
-
Ladadadada over 11 yearsIt may be simple but it would be tedious to do this for the dozens or hundreds of computers in the OP's network. Could you improve this answer to apply to more than a handful of machines? Maybe pushing out that change via a centralised system?