12/17/2018 577 views


Does anyone have a script for windows to turn off completely Windows Updates? I want to be able to send it via SMA Scripting, our computers are not domain/GPO enable.

Since MS decide finally release 1809, we need to stop a selected group of computers.

Any help, Will help!


0 Comments   [ + ] Show comments


All Answers


Go to Scripting |  Configuration Policies | Automatic Update
Configure it as you like.
This will create the needed script you can roll out to your systems.

Answered 12/17/2018 by: Nico_K
Red Belt

  • I believe that script only works for Win7 and Win10 1607 or older versions...

    Now a days is kind of hard to silence Windows Updates, you need to have a very good script..

    Now I haven't tried since 8.0.... but I'm no sure if that policy had a rework since.
    • well, I use it to set the Windows Update polices and it works well with W2k19 and the 2019 LTS
  • Win10LTSC2019 does not "upgrade" only updates. That is it's purpose to exist - no upgrades only patches and security updates. With the regular version of windows 10 you can defer the upgrade but it will happen no matter what you do. I found if you enable the optional feature "windows developer mode" it causes the upgrade to error out and not happen. But the one way you can delay this https://www.pcmag.com/article/362284/how-to-delay-major-windows-10-updates

    You can create a enforce registry script to also set this via SMA

    Create and export this key set to use in the script


    Right-click on WindowsUpdate and select New > DWORD (32-bit) Value.

    Name it DeferUpgrade. and give it a value of 1.

    Now again right-click on WindowsUpdate and select New > DWORD (32-bit) Value.

    Name this key as DeferUpgradePeriod, and double-click on it. Here you set its value from 0-8. Here, the digit represents the number of months you want to delay installation of upgrades. Selecting a number 3 will defer the upgrades by 3 months.

    Now for the third time, we have to repeat the process. Again right-click on WindowsUpdate and select New > DWORD (32-bit) Value.

    Name the DWORD as DeferUpdatePeriod and double-click on it and give it a value between 0-4. Here the digits stand for the number of weeks. If you choose 4, you will be able to delay installation of updates by 4 weeks.

    If you wish to simply pause all upgrades, under WindowsUpdate key, create a DWORD value, name it as PauseDeferrals and give it a value of 1.
    • Thanks for the instructions, this seems to be working the best on my environment at this point. Thanks Again!

If you are trying to do without a GPO then it normally work by setting registry values.

Those values can be changed by other programs and it may be possible that you can change them back on a regular basis.

Some trial and error is needed.

BTW, are these computers connected to internet? Are they air-gapped?

Answered 12/17/2018 by: nagendrasingh
Black Belt