Windows 10 How To REALLY Block Windows 10 Updates and Upgrades

terrym

Honorable Member
Here are the abbreviations used in this article:

W10 = original release v15xx
W10AU = Anniversay Update v16xx
W10CU = Creators Update v 17xx
W10A8 = April 2018 Update v18xx

WUP = Windows Update

############

In May 2018, as I was starting to write this guide, Microsoft released W10A8 (formerly Creators Update (Spring)). As has been all too common in 2018, the first release dropped on people's machines was bug-ridden and was delayed. **DO NOT** upgrade to W10A8 until you are confident it is stable (AskWoody).

Windows 10 is the best (and most tested) OS Microsoft has ever released; the RTM (Release To Manufacturing) build was ROCKSOLID. However, with W10 Microsoft started two EVIL practices -- Spying and Forced Updates. I can't help you with Spying, but this guide will help you BLOCK (almost) all Windows 10 Updates. Here you will find everything, as far as I know, that you can possibly do.

Another issue is the QUALITY of these Updates. Microsoft was pretty good with Update quality in W10 and W10AU. Starting in 2018, however, it has been one disaster after another, starting with the Spectre/Meltdown fiasco. I don't want to minimize what a monumental job it is to test these updates against *all* of the different machines out there, but Microsoft can (and must) do better.

1. DO Set Your Internet Connection to METERED

If you have a Metered Cxn, WUP will prompt you *BEFORE* starting to download (and install) updates. Otherwise, when you click [Check for updates] WUP will immediately start to download and install any pending updates. Unfortunately, starting with W10CU, Microsoft MAY ignore this setting and install what it feels are critical updates.

It is easy to enable a Metered Cxn if you have Wi-Fi: open Settings, click on Network & internet, then click on the Change Connection Properties link; set Metered Connection ON. If you have a Wired Connection and W10CU+, you can use the same method.

If you have Wired (Ethernet) and W10 or W10AU, it takes some work. You will have to edit the Registry; navigate to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\DefaultMediaCost

and change the value of Ethernet (DWORD) from 1 to 2. If this fails, you will have to change ownership and set permissions. Here is a link

http://www.cnet.com/how-to/meter-your-ethernet-connection-in-windows-10/


DISCLAIMER: Editing the Registry is dangerous; don't do this unless you know what you're doing -- or can find someone who does.

2. DO Use the Microsoft Show Or Hide Updates Tool

Microsoft calls it Show|Hide; think of this as Unblock|Block.

Install 'wushowhide.diagcab' from

http://download.microsoft.com/download/F/2/2/F22D5FDB-59CD-4275-8C95-1BE17BF70B21/wushowhide.diagcab

on your Desktop and use it frequently! It can take considerable time to run but it's worth it. With this Tool you can Show or Hide (Hidden updates will not install) Updates. ALWAYS run the tool before checking for pending updates.

3. DO NOT Immediately Apply Monthly Patches

This goes double-triple-quadruple for MAJOR UPGRADES!

Monthly patches come out on the 2nd Tuesday of each month. There can also be what is called OOB (Out-Of-Band) updates that can appear at any time. Make it a RULE to NEVER install these patches for a minimum of 2 weeks. Let others find the bugs.

When Patch Tuesday arrives, IMMEDIATELY run the Show Or Hide Updates Tool and BLOCK all updates, especially Cumulative Updates. You can install other Windows updates, Office updates, etc. if you want but I recommend: Block 'em, Block 'em All. Make a note of the date and KB# of the CU when it first appears.

You must then run the Show Or Hide Updates Tool DAILY to make sure a new CU has not appeared; if this happens, make a note of the date and KB# and BLOCK it. DO NOT apply these updates until at least 10 days have elapsed without a NEW CU. In Feb 2018 -- at the time of the Spectre/Meltdown fiasco -- Microsoft released FOUR (4) CUs in one month before they got it kinda right. You can also search for a specific KB# at AskWoody to see if it is safe.

4. DO NOT Assume Microsoft Will Leave Your Settings Alone

Microsoft assumes they know what you need -- no matter what you want. I have had Microsoft Unblock a Blocked 'Feature update' which is a MAJOR UPGRADE -- more than once. Always use the Show Or Hide Updates Tool BEFORE you [Check for updates] to avoid an unpleasant surprise.

5. DO Disable the Update Orchestrator Service (UsoSvc) As a Final Line of Defense

This Service is at the heart of WUP -- if it is not Running, Updates cannot be downloaded and installed. You can manage this Service from the command line using SC -- Service Controller. Use SC to Stop and Disable UsoSvc.

For help type the following at a command prompt:

$ sc /?

Handy tip: if you want to interrupt WUP after download/install has started, just stop the service. DO NOT DO THIS FOR AN UPGRADE.
 
This is a terrible idea in general and I wouldn't recommend this at all. Especially when you have actively exploited vulnerabilities and you're asking for malware, credential theft and botnet activity to name a few.

I handle patch management for 1000's of devices. Our release schedule is a pilot group the weekend after patch Tuesday and all non server devices the following weekend. Microsoft does a great job of testing and documenting issues, if any, with their patches. I think I've seen 2 patches in the last 2 years cause an issue in our environment and we've been able to work around them without removing patches.
 
I should have stated UP FRONT that this article is not for the 'casual' home user (anyone not comfortable with other than web browsing and email). It is intended for savvy (home or otherwise) users who want to control what Updates are Installed and when. I have seen 100s if not 1000s of postings from such users who don't want Microsoft deciding for them. IT IS ALSO NOT INTENDED FOR ADMINS WHO MANAGE 100S OR 1000S OF COMPUTERS.
 
I agree the last step is too far for the average user but the point is that Microsoft is force feeding people updates they don't want and this is the result

imo the UsoSvc should be ignored until you have a better idea of what you are doing but steps 1-4 as a basic plan for people that want | need control of their system back is a good start... the argument that updates are good for you (so bend over and take it like a bitch) is not helpful
 
Pretty conclusive answer there, from staff members. I can only endorse the posts.
Neemobeer's comment, in the post proceeding this, hits the target. I have never found a need to "patch" or "hack" into recent Windows 10 releases. Similarly, since the first release of windows 10, you have to believe me, I have never had a problem with any updates/upgrades.
I confess, I am not a game player, which does seem to be the root of a majority of the problems.

I have, however, used the available functions to enable some control over when I get and install the updates. Nothing new there.
 
Last edited:
How can @davehc call this "patching" or "hacking" ? My post is about how to DELAY Windows Updates. I am not talking about "patching", the patches come from M$. I am not talking about NOT INSTALLING updates, just delaying them. I think EVERYONE has the right to choose when to apply these updates. Look at what @ussnorway says: " the point is that Microsoft is force feeding people updates they don't want and this is the result".

And, if @davehc has NEVER had a problem with Windows Update, then he is truly blessed.
 
I think the concern Terry is that the 'general public' are better off leaving these settings well alone.
 
"And, if @davehc has NEVER had a problem with Windows Update, then he is truly blessed"
I guess I should amplify that. Any problems have been very minor and a matter of adjustment. Very little brain work involved.
For the record, "Patches" are not the exclusive property of Microsoft. They are numerous from third party sources.
 
"And, if @davehc has NEVER had a problem with Windows Update, then he is truly blessed"
I guess I should amplify that. Any problems have been very minor and a matter of adjustment. Very little brain work involved.
For the record, "Patches" are not the exclusive property of Microsoft. They are numerous from third party sources.

I am ONLY talking about Windows 10 Updates (and Upgrades) . I Never install any 3rd party updates via WUP except Flash which I try to keep up-to-date because it is so evil and bug-ridden. This includes HP - I have had a lot of problems with their updates, too.

And who's talking about "brain work"? I will say again my suggestions are not for the "casual" home user, but certainly within the abilities of savvy users who are able to do more than browse and email. No degree in Rocket Science required.
 
Is there anyone who can tell me which is the safest way to block updates?
Why do we want to stop Windows updates?

Oh I know some think Microsoft has a huge conspiracy going on and is spying on our boring little lives but chances are if you own a smart phone the horse has already bolted and stopping windows updates will do nothing except place your install in potentially troubled waters.
 
I gave you a like, Ross. I would like to give you a really big like!
The world of IT is getting neurotic about being "spied on"
I have a "boring little life" If Ms want to spy on me, they can pick up a phone. I'll tell them all!
 
I know conspiracy theories are fun ( a bit like urban myths i guess ) but when it starts to impinge on the true reality of things then it's all getting a bit much.
 
Is there anyone who can tell me which is the safest way to block updates?
They're for security, so why would anyone block them. Only way I'd allow it is if it kills internet access to keep the un-patched well away from the rest of us.

Sent from my CLT-L09 using Tapatalk
 
Why do we want to stop Windows updates?

Oh I know some think Microsoft has a huge conspiracy going on and is spying on our boring little lives but chances are if you own a smart phone the horse has already bolted and stopping windows updates will do nothing except place your install in potentially troubled waters.

Why Block W10 Updates? I'll tell you why --

First let me say ONCE MORE I am not advocating the blocking of updates FOREVER ... only to delay them until you are comfortable with installing them.

Spying by Microsoft is a conspiracy -- but that's another story. I don't consider Forced Updates a conspiracy per se but what would we call M$ forcing an **UPGRADE** on someone who doesn't want it? Microsoft has done this twice now -- once in May 2016 where if you clicked [X] Close Window the Install took off, once recently with the Windows 10 Update Assistant which again ignored the user's wishes and started the upgrade to v1709. I don't know what to call this evil behavior. Now -- believe it or not -- Microsoft is rolling out Windows 10 Update Assistant V2 to again force those with < v1709 to UPGRADE.

Another reason to DELAY updates is the abysmal quality of the upgrades since Feb 2018. I'm not the only one saying this -- check out AskWoody (today June 19, 2018

########

Watch out: Win10 Update Facilitation as a Service and a new push for the Update Assistant
Posted on June 18th, 2018 at 07:33 woody Comment on the AskWoody Lounge

Nag me all you want, Microsoft, but this is getting ridiculous. All I want is an “Off” button — until you figure out how to deliver reliable patches and upgrades.
 
Back
Top