if you just want to stop the automatic-update but you still want to be able to install updates yourself by launching the Windows update manually, you just need to apply a group-policy:
run: gpedit.msc
, computer configuration
, administrative templates
, windows components
, windows update
, configure automatic updates
- set to disabled
.
or apply:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000001
;not sure if '848E11D4-D798-4EAB-B5E6-690E90E02082' is unique to my machine or will it work with yours too
;uncomment and apply if you so wish.. the 'gpedit.msc' is safer
;[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{848E11D4-D798-4EAB-B5E6-690E90E02082}Machine\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
;"NoAutoUpdate"=dword:00000001
;"**del.AUOptions"=" "
;"**del.AutomaticMaintenanceEnabled"=" "
;"**del.ScheduledInstallDay"=" "
;"**del.ScheduledInstallTime"=" "
;"**del.ScheduledInstallEveryWeek"=" "
;"**del.ScheduledInstallFirstWeek"=" "
;"**del.ScheduledInstallSecondWeek"=" "
;"**del.ScheduledInstallThirdWeek"=" "
;"**del.ScheduledInstallFourthWeek"=" "
;"**del.AllowMUUpdateService"=" "
to reverse the policies either use gpedit.msc
again (set to not configured
) or apply this:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=-
;not sure if '848E11D4-D798-4EAB-B5E6-690E90E02082' is unique to my machine or will it work with yours too
;uncomment and apply if you so wish.. the 'gpedit.msc' is safer
;[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{848E11D4-D798-4EAB-B5E6-690E90E02082}Machine\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
;"NoAutoUpdate"=-
;"**del.AUOptions"=-
;"**del.AutomaticMaintenanceEnabled"=-
;"**del.ScheduledInstallDay"=-
;"**del.ScheduledInstallTime"=-
;"**del.ScheduledInstallEveryWeek"=-
;"**del.ScheduledInstallFirstWeek"=-
;"**del.ScheduledInstallSecondWeek"=-
;"**del.ScheduledInstallThirdWeek"=-
;"**del.ScheduledInstallFourthWeek"=-
;"**del.AllowMUUpdateService"=-
if you want to disable the windows update entirely (it is reversible) follow those steps.
-
download Micorosft Autoruns for Windows and run
Autoruns64.exe
as admin. -
-
switch to
services
-tab, scroll toWaaSMedicSvc
(Windows Update Medic Service
-Enables remediation and protection of Windows Update components.
), uncheck the checkbox on the left. this means the service start (a.k.a "startup type") is switched todisabled
.or apply this:
Windows Registry Editor Version 5.00 ;WaaSMedicSvc - Windows Update Medic Service ;manual (3) to disabled (4) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc] "Start"=dword:00000004
-
do the same for
wuauserv
(Windows Update
-Enables the detection, download and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.
)or apply this:
Windows Registry Editor Version 5.00 ;wuauserv - Windows Update ;manual (3) to disabled (4) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv] "Start"=dword:00000004
-
switch to
-
run:
taskschd.msc
(or manually open task-scheduler), scroll (and open) the following sub "keys":microsoft
,windows
,windowsupdate
. on the right - right click the task namedScheduled Start
, and clickdisabled
. -
(optional) look around gist/github for Micorosft blocking lists, copy them to desktop, merge them to one list, sort and unique the list to prevent duplicates using https://eladkarako.github.io/sort - make sure each line is in HOSTS-format:
0.0.0.0 microsoft.com
(for example), no#
, switch127.0.0.1
to0.0.0.0
, run notepad++ as admin, open:C:\WINDOWS\system32\drivers\etc\hosts
- to the end add your list, make sure the EOL-characters are Windows-EOL (edit, EOL convertion). this prevent resolving hostnames to real IP addresses. it isn't very effective though. - (optional) install peerblock, enable only the Microsoft blocking list, make sure the HTTP blocking is also enabled. it should prevent connection even if a hostname was somehow resolved to an IP.
side-effects: steps 1-3 stops the automatic update but also the service itself.
optional steps 4 and 5 will break browsing of Micorosoft-related websites.
no installing updates and fixes even when they are locally stored, you'll need to enable the two services and restart the computer for that. if you've installed peerblock (with http traffic blocking) and/or used hosts-blocking lists you won't be able to access other MS-related websites.