none
Microsoft automatic Intel driver updates messing up our Windows 10 HP systems during and post deployment RRS feed

  • Question

  • We have HP desktops and laptops we deploy via MDT using the out of box drivers from the HP website and/or via SSM Softpaqs.

    However, somewhere during the deployment, even though our Windows updates are configured to be pulled from  our internal  WSUS, these Windows 10 systems keep updating drivers with ones from Microsoft.

    The HP laptops update the 18.32.12 wireless drivers from HP that work for the Intel 8260 AC NIC to later versions like 18.40.0.9 that are very buggy to the point of being unusable.  User's cannot even log into their laptops on wifi until we manually roll back the driver.

    The HP desktops update the Intel AMT drivers/firmware from our OOB drivers with a later version from Microsoft that is missing the Intel Management and Security Status tool that is mandatory for our systems to automatically get AMT configured.


    Why are HP and Microsoft not coordinated in which drivers should or should not get updated automatically?  Aren't the OEMs supposed to post their drivers to Windows Updates so only the correct drivers per model get updated?

    How can we stop these systems from using unwanted drivers during deployment or silently updating later?






    • Edited by MyGposts Wednesday, September 7, 2016 10:21 PM
    Wednesday, September 7, 2016 10:11 PM

Answers

  • I have to agree with this post here - http://www.tenforums.com/windows-updates-activation/60296-driver-controls-still-mess-anniversary-update-gpedit-ignored.html

    Local policy didn't appear to do squat. So here's what I did:

    I added two Run Command Lines to my task sequence. The first was to disable driver updates and reboot. I found it essential to do this before any from the network is accessed, otherwise you will get the dreaded "No physical adapters present, cannot deploy over wireless" and your deployment will fail.

    Then at the end of your task sequence add another command line to enable driver updates.

    Disable

    cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching" /v SearchOrderConfig /t REG_DWORD /d 0 /f

    Enable
    cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching" /v SearchOrderConfig /t REG_DWORD /d 1 /f


    If this post is helpful please vote it as Helpful or click Mark for answer.

    • Proposed as answer by Dan_Vega Thursday, September 8, 2016 9:25 PM
    • Marked as answer by MyGposts Friday, September 9, 2016 2:09 AM
    Thursday, September 8, 2016 3:05 PM

All replies

  • You can disable getting driver updates from WSUS or via Registry:

    http://www.ghacks.net/2015/07/21/how-to-disable-driver-updates-from-windows-update/


    Many questions such as where do I find logs and what logs are interesting are found in: MDT TechNet Forum - FAQ & Getting Started Guide Please take the time to read it. Also if you don't post logs your problem won't be easily solved.


    Thursday, September 8, 2016 1:26 AM
    Moderator
  • The drivers are not coming from WSUS  and it appears this group policy is only for 1607 and we are on 1511.

    When I looked it up, I only found posts stating the policy doesn't work even on 1607.



    • Edited by MyGposts Thursday, September 8, 2016 4:17 AM
    Thursday, September 8, 2016 4:16 AM
  • https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=%22Do+not+include+drivers+with+Windows+Updates%22+windows+10

    The reddit post looks interesting.  Beyond that you may want to look at a Windows 10 forum or play around with things yourself.


    Many questions such as where do I find logs and what logs are interesting are found in: MDT TechNet Forum - FAQ & Getting Started Guide Please take the time to read it. Also if you don't post logs your problem won't be easily solved.

    Thursday, September 8, 2016 4:40 AM
    Moderator
  • I have to agree with this post here - http://www.tenforums.com/windows-updates-activation/60296-driver-controls-still-mess-anniversary-update-gpedit-ignored.html

    Local policy didn't appear to do squat. So here's what I did:

    I added two Run Command Lines to my task sequence. The first was to disable driver updates and reboot. I found it essential to do this before any from the network is accessed, otherwise you will get the dreaded "No physical adapters present, cannot deploy over wireless" and your deployment will fail.

    Then at the end of your task sequence add another command line to enable driver updates.

    Disable

    cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching" /v SearchOrderConfig /t REG_DWORD /d 0 /f

    Enable
    cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching" /v SearchOrderConfig /t REG_DWORD /d 1 /f


    If this post is helpful please vote it as Helpful or click Mark for answer.

    • Proposed as answer by Dan_Vega Thursday, September 8, 2016 9:25 PM
    • Marked as answer by MyGposts Friday, September 9, 2016 2:09 AM
    Thursday, September 8, 2016 3:05 PM
  • When you have time, I'd recommend that you instead modify your reference image and add that registry key to it and then recapture it so that Windows is deployed with automatic driver updates already disabled.

    If this post is helpful please vote it as Helpful or click Mark for answer.

    Thursday, September 8, 2016 3:34 PM
  • I have to agree with this post here - http://www.tenforums.com/windows-updates-activation/60296-driver-controls-still-mess-anniversary-update-gpedit-ignored.html

    Local policy didn't appear to do squat. So here's what I did:

    I added two Run Command Lines to my task sequence. The first was to disable driver updates and reboot. I found it essential to do this before any from the network is accessed, otherwise you will get the dreaded "No physical adapters present, cannot deploy over wireless" and your deployment will fail.

    Then at the end of your task sequence add another command line to enable driver updates.

    Disable

    cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching" /v SearchOrderConfig /t REG_DWORD /d 0 /f

    Enable
    cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching" /v SearchOrderConfig /t REG_DWORD /d 1 /f


    If this post is helpful please vote it as Helpful or click Mark for answer.

    Should not have to do all that, but unfortunately, this might be the best answer to work around this mess.
    Friday, September 9, 2016 2:09 AM
  • Maybe the next update to MDT will disable driver updating automatically. But it would really be nice if the policy actually worked.

    If this post is helpful please vote it as Helpful or click Mark for answer.

    Friday, September 9, 2016 1:23 PM
  • The other issue is why are there bad drivers coming from Windows updates in the first place?    

    I actually would prefer to get drivers through Windows updates because it's easier than other driver deployment methods, but it becomes much more work when the drivers are not correct or are bug-ridden.  

    Friday, September 9, 2016 1:50 PM
  • Thank you so much for this! My intel NIC's kept disconnecting at the application install process of MDT. It's was always when windows update checked in and was updating the NIC drivers I believe. I put these keys in MDT process and now it does not error out. Thanks!
    Wednesday, November 16, 2016 2:07 PM