none
Disable Automatic update on Server 2008 R2 RRS feed

  • Question

  • I need to disable the ability for our users/admins to run automatic updates on Server 2008 R2. We use another tool to do updates. Use to we could just disabled the Windows update service but with the use of more and more .msu files for update it needs that service running. So I just need to prevent anyone from running the "check for updates" so that they will use our other program for the company approved updates.

    So how can I take away that option with out disabling the Windows Update service?

    Wednesday, October 26, 2011 4:08 PM

Answers

  • Ah found exactly what I was looking for.

    http://social.technet.microsoft.com/Forums/en-US/winserverwsus/thread/30079d3f-eead-495d-b02d-2ff9390f783b/

     

    Disable access to Windows Update

    If this policy setting is enabled, all Windows Update features are removed. It blocks access to the Microsoft Update and Windows Update Web sites, and in Windows Vista will gray out the Check for updates option in the Windows Update application. The machine will not get automatic updates directly from Windows Update or Microsoft Update, but it can still get updates from a WSUS server. This setting overrides the user settings Remove links and access to Windows Update and Remove access to use all Windows Update features.

    To disable access to Windows Update
    1. In the Group Policy Object Editor, expand Computer Configuration, expand Administrative Templates, expand System, expand Internet Communication Management, and then click Internet Communication settings.

    2. In the details pane, click Turn off access to all Windows Update features, and click Enabled.

    3. Click OK.

    • Marked as answer by smokensqueal Thursday, October 27, 2011 8:22 PM
    Thursday, October 27, 2011 8:01 PM

All replies

  • Review these articles:

    http://technet.microsoft.com/en-us/library/bb457141.aspx

    http://support.microsoft.com/kb/328010

    http://technet.microsoft.com/en-us/library/cc720539(WS.10).aspx


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+| Houston, TX
    Blogs - http://blogs.sivarajan.com/

    FaceBook Twitter LinkedIn SS Tech Forum

    This posting is provided AS IS with no warranties,and confers no rights.
    Wednesday, October 26, 2011 4:13 PM
  • Thanks but unfortunately even if I disable  "Configure Automatic Updates" it still allows you to "Check for update" which then it goes out the MS site to search for updates. Unless I missed something this all talks about how to configure Windows Update options. Really I just don't use the update option except now with the .msu file time it must have the Windows Update service running which opens up all the options for windows update that I don't want to be available. That's what I want to restrict.
    Wednesday, October 26, 2011 4:26 PM
  • Hi,

     

    You may consider using WSUS. With WSUS, you can control what updates will be deployed to users. Even users can still check for updates, they can only get updates you deployed to them.

     

    Windows Server Update Services

    http://technet.microsoft.com/en-us/windowsserver/bb332157

     

    Hope it helps.

     

    Regards,

    Bruce

    Thursday, October 27, 2011 9:00 AM
  • Bruce, Thanks for you suggestion but we already have a corp standard on patching software. Bought and payed for and works fine among other things it can do. I'm not going to be able to rip it out and install something else. So all I need to do is stop users/admin from trying to use the windows update. Just like disabling the windows update service but NOW MS is using these .MSU files that require that service. So I'm looking for a solution on the server end on how to stop the availability of "Check for update" and it going out to MS site and trying to download updates.
    Thursday, October 27, 2011 12:35 PM
  • Ah found exactly what I was looking for.

    http://social.technet.microsoft.com/Forums/en-US/winserverwsus/thread/30079d3f-eead-495d-b02d-2ff9390f783b/

     

    Disable access to Windows Update

    If this policy setting is enabled, all Windows Update features are removed. It blocks access to the Microsoft Update and Windows Update Web sites, and in Windows Vista will gray out the Check for updates option in the Windows Update application. The machine will not get automatic updates directly from Windows Update or Microsoft Update, but it can still get updates from a WSUS server. This setting overrides the user settings Remove links and access to Windows Update and Remove access to use all Windows Update features.

    To disable access to Windows Update
    1. In the Group Policy Object Editor, expand Computer Configuration, expand Administrative Templates, expand System, expand Internet Communication Management, and then click Internet Communication settings.

    2. In the details pane, click Turn off access to all Windows Update features, and click Enabled.

    3. Click OK.

    • Marked as answer by smokensqueal Thursday, October 27, 2011 8:22 PM
    Thursday, October 27, 2011 8:01 PM
  • Thanks for your feedback. Have nice day!

     

    Regards,

    Bruce

     

    Friday, October 28, 2011 3:17 AM
  • Put a firewall rule in that blocks the ability to access from inside. the service can be left alone.

    Wednesday, July 25, 2012 12:15 PM