none
Disable Upgrade from Windows 7 to Windows 10 via GPO

    Question

  • Hi,

    we have a Windows Server 2008 R2 Domain with Windows 7 professional Clients.

    Is it possible to disallow users from upgrading windows 7 to windows 10 via GPO?

    Kind Regards

    Tobi

    • Edited by Tobi0815 Wednesday, June 03, 2015 8:19 AM
    Wednesday, June 03, 2015 8:19 AM

All replies

  • Hi,

    We could use group policy to configure windows update if you want do disable automatic windows update.

    Computer configuration, policies, Administrative templates, Windows Components, Windows Update, in the right pane choose "Configure automatic updates" to disabled.

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/0a46b8ac-0b16-4b87-a881-260c8d5609f7/disabling-windows-update-via-group-policy

    Please feel free to let us know if you have any update about the issue.

    Regards.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Friday, June 05, 2015 9:52 AM
    Moderator
  • Hi Vivian,

    even if I configure Updates via GPO, a User (with Admin Privileges) can browse to the windows 10 website and can trigger a somehow update Process or downloads the update manually and starts it.

    Can I somehow prevent Windows 7 from starting a uprage to windows 10 via GPO or any other setting?

    Monday, June 15, 2015 10:54 AM
  • Hi,

    You want to prevent access to Windows Update website on Windows 7, right?

    If that is the issue, i think you could enable the policy Turn off access to all Windows Update features.

    You could refer to:

    Preventing access to Windows Update website on Windows 7

    https://social.technet.microsoft.com/Forums/en-US/30079d3f-eead-495d-b02d-2ff9390f783b/preventing-access-to-windows-update-website-on-windows-7?forum=winserverwsus

    Regards.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Thursday, June 25, 2015 1:10 AM
    Moderator
  • This seems to disable all updates we just want to remove the kb KB3035573 and disable the ability to ever update to just 10 not all updates to the machine has MS put a Fix it or have a full walk though on how to do this in a corporate setting that we can use a GPO and hit all machine individually

    Tuesday, June 30, 2015 6:56 PM
  • Agree with Frank, need to just disable the Win 10 update for clients on our domain, all other updates need to be installed as usual.
    Thursday, July 30, 2015 12:02 PM

  • If that is the issue, i think you could enable the policy Turn off access to all Windows Update features.


    Please note this setting has no effect on Win 10 workstations. We have noticed that our newly upgraded test workstations can still access the "check online" option and, worst , can subscribe to the "Get Insider builds"!!!

    Checking the windowsupdate.admx file,  the "RemoveWindowsUpdate" policy doesn't seem to be supported on Win 10. I see big problems coming our way...

    Thursday, July 30, 2015 6:20 PM
  • you can do it by GPO policy but you have to run an update on you domain controllers. this is what I go from Microsoft recently

    Once you install KB3050267 (on 8.1/2012R2) or KB3050265 (on Win7/2008R2) then you get an updated admx file for WindowsUpdate.admx which you can push up to PolicyDefinitions on Sysvol and enable the following GPO.

    This update installs a new Group Policy object that enables you to block upgrades to the latest version of Windows through Windows Update.

    You can configure this Group Policy object by using Group Policy (if the update is installed and if you use the updated WindowsUpdate.admx file by copying the file from where the editing policy is located). You can also do this by going to Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update, double-clicking Turn off the upgrade to the latest version of Windows through Windows Update, and then clicking Enabled.

    Policy path Computer Configuration / Administrative Templates / Windows Components / Windows Update

    Policy setting Turn off the upgrade to the latest version of Windows through Windows Update (enabled or disabled)


    Mitch Roberson MCM Exchange 2010|MCITP:Enterprise Server Admin, Messaging 2007, 2010 |MCTS:OCS with Voice Achievement |MCT |MCSE 2000\2003 |MCSE Messaging 2000\2003

    Sunday, August 02, 2015 10:28 PM
  • This is all fine but where is KB3050267 or something similar for Server 2012 NON-R2 since there is no "free" upgrade?
    • Edited by RBWagner Wednesday, October 14, 2015 2:27 AM
    Wednesday, October 14, 2015 2:26 AM
  • RBWager,

    I had the same issue.  Follow the instructions in this link to take care of it.

    http://theproviders.azurewebsites.net/2015/06/17/turning-off-windows-10-update-for-domain-computers/

    The long and short is to have a Windows 7 or 8.1 PC or a 2012R2 server, make sure the patch is installed on it, and copy the admx and the adml files from that machine to your 2012 domain controller, then you can see the policy.

    Hope this helps!

    Wednesday, October 14, 2015 4:50 PM