How to disable Windows Update on all computers in a domain
You can use Group Policy settings to disable both Windows Update and Automatic Updates.
To disable Windows Update and Automatic Updates on a per-computer basis, configure Turn off access to all Windows Update features in Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings
To disable access to Windows Update and Automatic Updates on a per-user basis, configure Remove links and access to Windows Update in User Configuration\Administrative Templates\Start Menu and Taskbar. Enabling this policy setting removes access to Windows Update features for the specified user, but Automatic Updates still checks for updates for the computer and does not notify users with this policy set.
Related videos on Youtube
Jonathon
Updated on September 17, 2022Comments
-
Jonathon almost 2 years
Instead of logging into each computer, I would like to find a way to disable Windows Update on each computer in the domain from a single location (e.g., the domain controller). The domain controller runs Windows Server Standard 2008. Computers in the domain run anything from Windows 7, to Vista, to XP. How can this be done?
-
MDMarra over 11 yearsOh please please don't do this. Manage your updates with WSUS or something, don't just turn it off.
-
-
Jonathon over 13 yearsThanks Sergey. I had a bit of trouble finding the "Computer Configuration" node, but searched and found that I needed to be looking at the "Local Group Policy Editor" as opposed to "Group Policy Management". Also, I want to leave Windows Update functionality enabled, but I want to specifically disable the automatic update capability. It seems I can do this via the "Computer Configuration\Administrative Templates\Windows Components\Windows Update" node. Is that correct? Also, once I change a setting, how and when are the settings disseminated to domain computers?
-
Sergey over 13 yearsTo apply GP settings for all PCs (incl. workstations and other servers) in your domain you need to edit 'Default domain policy' using "Group Policy Management" on your domain controller. And you'll find "Computer configuration" there. Please note: all local settings (you specified with "Local policy editor" on any workstation/member server) will be replaced with domain policy settings.
-
Alex S almost 9 years@Sergey - I was not able to go down to the same folder tree paths in DDP using GPM as I was on LGPE. Trying to do this serverfault.com/questions/718232/…