none
Stop Window 10 update on domain

    Question

  • Is there an update available to Server 2012 (non R2) to stop the Windows 10 upgrade via Group Policy?

    This link only provides updates for Server 2008 R2 and Server 2012 R2, nothing for Server 2012 - https://support.microsoft.com/en-us/kb/3065988

    Is there any .admx files I can download from anywhere?

    Thursday, March 17, 2016 1:16 PM

Answers

  • I'll try that but I just don't see why I should have to go through all that when Server 08 R2 and 2012 R2 have a simple update?

    they don't really have a simple update.

    the update package itself, simply ships an updated WindowsUpdateAgent in addition to the updated ADMX/ADML files.

    You need the updated WindowsUpdateAgent so that WUAgent will honour the GroupPolicy setting.
    The updated WUAgent actually has to be installed on the client computers where the Win10 upgrade is eligible, not on the server.
    The updated ADMX/ADML needs to be on your domain controller.

    So if you have deployed the updated WUAgent to your Win7/Win8.1 client computers, all you have to do is "install" the new ADMX/ADML on your DC and you can then create the setting you want.

    e.g., go to an updated Win7/Win8.1 computer, grab a copy of the c:\windows\policydefinitions\windowsupdate.admx, and the corresponding \en-us\windowsupdate.adml files.

    (assuming your culture is en-us)

    copy these files, with the corresponding folder structure, onto your DC. note that you *may* have some difficulty replacing these files due to file ownership and access-control-list, so you *may* have to take-ownership of these two files before you can replace them.

    create your GPO accordingly.

    yes, it's a little manual work, compared to simply applying an update package, no, I don't know why MSFT haven't apparently released an update package for WS2012, maybe they have done so but I can't find it by searching so far.


    Don [doesn't work for MSFT, and they're probably glad about that ;]

    Tuesday, March 22, 2016 8:32 PM

All replies

  • Hi Jim,

    To achieve your goal, you could disable "Configure Automatic Updates" in GPO under the path below.

    Computer Configuration\Administative Templates\Windows Components\Windows Update

    For more information, you could refer to the article below.

    Configure Group Policy Settings for Automatice updates

    https://technet.microsoft.com/en-us/library/dn595129.aspx

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Saturday, March 19, 2016 12:21 AM
    Moderator
  • Is there an update available to Server 2012 (non R2) to stop the Windows 10 upgrade via Group Policy?

    This link only provides updates for Server 2008 R2 and Server 2012 R2, nothing for Server 2012 - https://support.microsoft.com/en-us/kb/3065988

    Is there any .admx files I can download from anywhere?

    https://support.microsoft.com/en-us/kb/3080351

    or

    https://blogs.technet.microsoft.com/charlesa_us/2015/06/25/how-to-remove-block-and-prevent-get-windows-10-application-for-enterprise-environments/


    Don [doesn't work for MSFT, and they're probably glad about that ;]

    Saturday, March 19, 2016 10:18 AM
  • I'll try that but I just don't see why I should have to go through all that when Server 08 R2 and 2012 R2 have a simple update?
    Tuesday, March 22, 2016 10:46 AM
  • I'll try that but I just don't see why I should have to go through all that when Server 08 R2 and 2012 R2 have a simple update?

    they don't really have a simple update.

    the update package itself, simply ships an updated WindowsUpdateAgent in addition to the updated ADMX/ADML files.

    You need the updated WindowsUpdateAgent so that WUAgent will honour the GroupPolicy setting.
    The updated WUAgent actually has to be installed on the client computers where the Win10 upgrade is eligible, not on the server.
    The updated ADMX/ADML needs to be on your domain controller.

    So if you have deployed the updated WUAgent to your Win7/Win8.1 client computers, all you have to do is "install" the new ADMX/ADML on your DC and you can then create the setting you want.

    e.g., go to an updated Win7/Win8.1 computer, grab a copy of the c:\windows\policydefinitions\windowsupdate.admx, and the corresponding \en-us\windowsupdate.adml files.

    (assuming your culture is en-us)

    copy these files, with the corresponding folder structure, onto your DC. note that you *may* have some difficulty replacing these files due to file ownership and access-control-list, so you *may* have to take-ownership of these two files before you can replace them.

    create your GPO accordingly.

    yes, it's a little manual work, compared to simply applying an update package, no, I don't know why MSFT haven't apparently released an update package for WS2012, maybe they have done so but I can't find it by searching so far.


    Don [doesn't work for MSFT, and they're probably glad about that ;]

    Tuesday, March 22, 2016 8:32 PM