none
Windows 10 Pro 1903 Driver Updates over Windows Update Service RRS feed

  • Question

  • Hi guys,

    I hope someone can help me. We are running a non microsoft patch management solution which we are using for software and microsoft updates. We have disabled all microsoft update features with the following gpo:

    Computer Configuration (Enabled)hide
    Policieshide
    Administrative Templateshide
    Policy definitions (ADMX files) retrieved from the central store.System/Internet Communication Management/Internet Communication settingshide
    Policy Setting Comment
    Turn off access to all Windows Update features Enabled  
    Turn off Windows Update device driver searching Enabled  

    Windows Components/Windows Updatehide
    Policy Setting Comment
    Allow Automatic Updates immediate installation Disabled  
    Configure Automatic Updates Disabled  
    Do not connect to any Windows Update Internet locations Enabled  
    Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box Enabled  
    Do not include drivers with Windows Updates Enabled  
    Remove access to use all Windows Update features Enabled  
    Turn on recommended updates via Automatic Updates Disabled  

    The admx files are the latest version from the microsoft page installed on windows 2012 r2

    The gpo is applied and windows updates are blocked. My problem is that the windows update agent is still downloading and installing driver updates. You can see driver installations in the update history under settings. This crashes the synaptic touchpad driver on several machines now!

    I take a lot of time for researching and cannot find any solution to stop windows update to installing driver updates.

    Can someone assist?

    best regards!

    Alex

    Thursday, September 19, 2019 1:03 PM

All replies

  • Hi Alex,

    Besides Do not include drivers with Windows Updates policy, try to use wushowhide.diagcab.

    Also note: when you enable Turn off access to all Windows Update features and Turn off Windows Update device driver searching, you must enable Restrict Internet communication firstly.

    Please refer to this article for detailed information

    http://woshub.com/how-to-turn-off-automatic-driver-updates-in-windows-10/

    Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, September 20, 2019 1:49 AM
    Moderator
  • Hi Teemo,

    awesome! This blog is very helpful in this case. The wushowhide.diagcab is no option for us, because we are using a client management solution and want to install all drivers over our software deployment solution. We want to be sure that windows update does not install any driver.

    We add the following options to our gpo:

    System/Device Installationhide
    Policy Setting Comment
    Specify search order for device driver source locations Enabled  
    Select search order: Do not search Windows Update
     

    System/Device Installation/Device Installation Restrictionshide
    Policy Setting Comment
    Prevent installation of devices not described by other policy settings Enabled

    I hope this will fix our behaviour. We will test it. Thanks for your reply :)

    Friday, September 20, 2019 11:56 AM
  • Hi Teemo,

    after a few days of testing, we have to realize that the windows update service is still installing driver updates. We had to disable the “Prevent installation of devices that match any of these device IDs” gpo, because if we enabled it, no plug and play usb device is working. This is not an option.

    We had now enabled the following options:

    Computer Configuration (Enabled)
    Policies
    Administrative Templates
    Policy Setting
    Specify search order for device driver source locations Enabled  
    Select search order: Do not search Windows Update
     

    System/Internet Communication Management/Internet Communication settings
    Policy Setting Comment
    Turn off access to all Windows Update features Enabled  
    Turn off Windows Update device driver searching Enabled  

    Windows Components/Windows Update
    Policy Setting Comment
    Allow Automatic Updates immediate installation Disabled  
    Configure Automatic Updates Disabled  
    Do not connect to any Windows Update Internet locations Enabled  
    Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box Enabled  
    Do not include drivers with Windows Updates Enabled  
    Remove access to use all Windows Update features Enabled  
    Turn on recommended updates via Automatic Updates Disabled  

    We also checked if the client is executing the policies correctly. I used the Registry Policy Viewer to get the registry values from the gpo and compare it with the client. All registry keys from the gpo are set. Gpresult tells me that the gpo is executed corretly.

    Is it possible that this settings limited to Windows Enterprise? We are using Windows 10 Pro. In other case it looks to me like a bug.

    Regards

    Alex


    Thursday, September 26, 2019 8:40 AM
  • Hi Alex,

    The following doc lists the Group Policy settings that apply only to Windows 10 Enterprise and Education Editions, don’t includes your policies

    https://docs.microsoft.com/en-us/windows/client-management/group-policies-for-enterprise-and-education-editions?redirectedfrom=MSDN&f=255&MSPPError=-2147217396

    You may Create a support request to see if can meet your demand

    https://support.microsoft.com/en-gb/hub/4343728/support-for-business

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, September 26, 2019 8:48 AM
    Moderator