Windows 10 How To REALLY Block Windows 10 Updates and Upgrades

terrym

Honorable Member
Joined
Apr 25, 2015
Messages
23
Here are the abbreviations used in this article:

W10 = original release v15xx
W10AU = Anniversay Update v16xx
W10CU = Creators Update v 17xx
W10A8 = April 2018 Update v18xx

WUP = Windows Update

############

In May 2018, as I was starting to write this guide, Microsoft released W10A8 (formerly Creators Update (Spring)). As has been all too common in 2018, the first release dropped on people's machines was bug-ridden and was delayed. **DO NOT** upgrade to W10A8 until you are confident it is stable (AskWoody).

Windows 10 is the best (and most tested) OS Microsoft has ever released; the RTM (Release To Manufacturing) build was ROCKSOLID. However, with W10 Microsoft started two EVIL practices -- Spying and Forced Updates. I can't help you with Spying, but this guide will help you BLOCK (almost) all Windows 10 Updates. Here you will find everything, as far as I know, that you can possibly do.

Another issue is the QUALITY of these Updates. Microsoft was pretty good with Update quality in W10 and W10AU. Starting in 2018, however, it has been one disaster after another, starting with the Spectre/Meltdown fiasco. I don't want to minimize what a monumental job it is to test these updates against *all* of the different machines out there, but Microsoft can (and must) do better.

1. DO Set Your Internet Connection to METERED

If you have a Metered Cxn, WUP will prompt you *BEFORE* starting to download (and install) updates. Otherwise, when you click [Check for updates] WUP will immediately start to download and install any pending updates. Unfortunately, starting with W10CU, Microsoft MAY ignore this setting and install what it feels are critical updates.

It is easy to enable a Metered Cxn if you have Wi-Fi: open Settings, click on Network & internet, then click on the Change Connection Properties link; set Metered Connection ON. If you have a Wired Connection and W10CU+, you can use the same method.

If you have Wired (Ethernet) and W10 or W10AU, it takes some work. You will have to edit the Registry; navigate to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\DefaultMediaCost

and change the value of Ethernet (DWORD) from 1 to 2. If this fails, you will have to change ownership and set permissions. Here is a link

http://www.cnet.com/how-to/meter-your-ethernet-connection-in-windows-10/


DISCLAIMER: Editing the Registry is dangerous; don't do this unless you know what you're doing -- or can find someone who does.

2. DO Use the Microsoft Show Or Hide Updates Tool

Microsoft calls it Show|Hide; think of this as Unblock|Block.

Install 'wushowhide.diagcab' from

http://download.microsoft.com/download/F/2/2/F22D5FDB-59CD-4275-8C95-1BE17BF70B21/wushowhide.diagcab

on your Desktop and use it frequently! It can take considerable time to run but it's worth it. With this Tool you can Show or Hide (Hidden updates will not install) Updates. ALWAYS run the tool before checking for pending updates.

3. DO NOT Immediately Apply Monthly Patches

This goes double-triple-quadruple for MAJOR UPGRADES!

Monthly patches come out on the 2nd Tuesday of each month. There can also be what is called OOB (Out-Of-Band) updates that can appear at any time. Make it a RULE to NEVER install these patches for a minimum of 2 weeks. Let others find the bugs.

When Patch Tuesday arrives, IMMEDIATELY run the Show Or Hide Updates Tool and BLOCK all updates, especially Cumulative Updates. You can install other Windows updates, Office updates, etc. if you want but I recommend: Block 'em, Block 'em All. Make a note of the date and KB# of the CU when it first appears.

You must then run the Show Or Hide Updates Tool DAILY to make sure a new CU has not appeared; if this happens, make a note of the date and KB# and BLOCK it. DO NOT apply these updates until at least 10 days have elapsed without a NEW CU. In Feb 2018 -- at the time of the Spectre/Meltdown fiasco -- Microsoft released FOUR (4) CUs in one month before they got it kinda right. You can also search for a specific KB# at AskWoody to see if it is safe.

4. DO NOT Assume Microsoft Will Leave Your Settings Alone

Microsoft assumes they know what you need -- no matter what you want. I have had Microsoft Unblock a Blocked 'Feature update' which is a MAJOR UPGRADE -- more than once. Always use the Show Or Hide Updates Tool BEFORE you [Check for updates] to avoid an unpleasant surprise.

5. DO Disable the Update Orchestrator Service (UsoSvc) As a Final Line of Defense

This Service is at the heart of WUP -- if it is not Running, Updates cannot be downloaded and installed. You can manage this Service from the command line using SC -- Service Controller. Use SC to Stop and Disable UsoSvc.

For help type the following at a command prompt:

$ sc /?

Handy tip: if you want to interrupt WUP after download/install has started, just stop the service. DO NOT DO THIS FOR AN UPGRADE.
 


"turn off the internet is the safest way... no skill needed for that and you will not get a malware"

So true and guaranteed . Rather a LOL .though.
 


Spying is going overboard. Microsoft doesn't collect anything that can identify you. It's mostly usage statistics, and hardware profiling and scrubbed crash data. If you want to see this data you can install a certificate and decrypt the TLS traffic.
 


There's also an app in the store to view collected data.

Sent from my CLT-L09 using Tapatalk
 


Nag me all you want, Microsoft, but this is getting ridiculous. All I want is an “Off” button — until you figure out how to deliver reliable patches and upgrades.

Personally i would love nothing more than to see the old way of doing things return. The time when i could scan and investigate each update and if need be stop it's installation are very much missed indeed.
 


I have never mentioned anything about spying what I'm saying that they are forcing us to update. Sometimes many people are using a paid network and its update is more than 1 GB and there are many countries where network speed is slow and when these people do their work windows update starts I'm not against windows update but when should we update our system I think it's our right.
 


Hi Daniel. Agreed, the thread haa tended to drift from its title.
But yr post. It is possible to restrict the time that updates are applied. I would say, in the case of workers on a fixed schedule, it is comparatively easy to make sure their work is not interrupted by using the facility.
 


You can also delay them for upto 31 days.

As far as I know, you cannot delay updates on Windows 10 Home -- only on Pro

Link Removed

The company (Microsoft) says

“Windows 10 Home users will have updates from Windows Update automatically available. Windows 10 Pro and Windows 10 Enterprise users will have the ability to defer updates.”
 


Thanks for the input, Terry. I have never used a Home edition, and was not aware of that difference.
 


As far as I know, you cannot delay updates on Windows 10 Home -- only on Pro

Link Removed

The company (Microsoft) says
the company is wrong... you can (and I do) disable Microsoft updates on Windows 10 Home systems
i don't recommend blocking updates but sometimes you have to take control
it takes a good understanding of Microsoft services system and that is one of the reasons I don't post public "how toos" for it... the other being that Microsoft will just change the rules
 


the company is wrong... you can (and I do) disable Microsoft updates on Windows 10 Home systems
i don't recommend blocking updates but sometimes you have to take control
it takes a good understanding of Microsoft services system and that is one of the reasons I don't post public "how toos" for it... the other being that Microsoft will just change the rules

@ussnorway we're talking about different things here - updates can be blocked on all versions of Windows 10, but you cannot DEFER updates on Windows 10 Home Ed (this is built into the Settings > Update & security)

AND MICROSOFT WILL CHANGE THE RULES no matter if we post "how toos" or not -- and there are hundreds if not thousands of "how toos" in addition to mine.
 


I would agree to that. When I googled, I found several pages, often repetitive, with ways to "hack", or work outside normal customising procedure, in order to stop updates. And yes, Ms will go to extraordinary lenghs with Windows 10, to prevent us users horning in on their private territory.
 


Take a look at the following link

Windows 10 upgrade: Survey finds half of users experience problems

ONE-HALF of the users surveyed said they have had problems with W10 Upgrades. Mind you, the article is talking about a (major) Upgrade, not (minor) Updates. This is opposite to the statements of those who replied to my initial post saying things like "I think I've seen 2 patches in the last 2 years cause an issue" and "Since the first release of windows 10, you have to believe me, I have never had a problem with ANY updates / upgrades".

The results of this survey support my recommendation about W10 Upgrades in particular: **DO NOT** upgrade to (for example) W10A8 until you are confident it is stable (AskWoody). Again, I'm not telling anyone to block these FOREVER; just hold off until it appears safe to Upgrade.
 


The original article:
» Microsoft must help consumers affected by Windows 10 PC pain

I don't doubt their findings but, as always with such surveys, the complainants would, to a large extent, be the ones to write in. I do wonder what the other 50% had to offer. It isn't mentioned..
I guess our gang must have been in that section -lol I think it is possibly significant that we all use Dells?
 


The original article:
» Microsoft must help consumers affected by Windows 10 PC pain

I don't doubt their findings but, as always with such surveys, the complainants would, to a large extent, be the ones to write in. I do wonder what the other 50% had to offer. It isn't mentioned..
I guess our gang must have been in that section -lol I think it is possibly significant that we all use Dells?

I agree that in any kind of survey it is mostly those with a problem who respond! This is true of almost any aspect of our lives that involves an opinion. I was in software development for 30+ years and guess what? We seldom get kudos if everything is good -- we only heard if there was a problem.
 


Last edited:
If you "turn off the internet" meaning you don't use the Internet (?) then you are one in a million. Yes, you won't 'get a malware' but you also won't get *ANY* W10 patches.
yes mate that is the point I.e, he doesn't WANT any windows patches until he is ready for them
 


If you are managing multiple systems in a work environment, and you really, absolutely need to control the update processes, then you may be well aware that there is still WSUS (Windows Server Update Services). You can literally micro-manage every single update from that, but, it obviously requires a separate server installation on a domain controller. When I didn't want one of my machines here to update I found pausing the updates was sufficient. I suppose once that "deadline" expires whereas updates would be unpaused, one could simply just uncheck and recheck that box a day or two (or even week), before the "Pause Update" expiry.
 


Back
Top