Halting Windows 10 1803 Updates

dbeato

There is also registry as below:

For the Channel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings\ BranchReadinessLevel, REG_DWORD, 0x20 (32)

For the Days

HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdatesPeriodInDays

bbigford

Most of our clients are all handling updates through WSUS. For those not using WSUS, dbeato's GPO would work fine.

scottalanmiller

Appears that these commands are correct:

New-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\ -Name BranchReadinessLevel -Value 10 -PropertyType Dword
New-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\ -Name DeferFeatureUpdates -Value 1 -PropertyType DWord
New-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\ -Name DeferFeatureUpdatesPeriodInDays -Value 168 -PropertyType DWord

And this will halt the update for 360 days, in theory, if nothing else overrides it.

jmoore

@scottalanmiller Good to know, thanks

scottalanmiller

@jmoore said in Halting Windows 10 1803 Updates:

@scottalanmiller Good to know, thanks

We are still in early testing, so don't run out and do it everywhere yet. But so far, no issues.

scottalanmiller

This is the command to see if you have any settings in place currently:

Get-ItemProperty HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\

PenguinWrangler

At my work we have Managed Engine Desktop Central so I declined the update in it.

Obsolesce

I use WSUS with Group Policy to have 100% control over updates and releases. Works great.

black3dynamite

@obsolesce said in Halting Windows 10 1803 Updates:

I use WSUS with Group Policy to have 100% control over updates and releases. Works great.

How do you handle laptops that are sometimes offsite? Are they domain or workgroup laptops?

Obsolesce

@black3dynamite said in Halting Windows 10 1803 Updates:

@obsolesce said in Halting Windows 10 1803 Updates:

I use WSUS with Group Policy to have 100% control over updates and releases. Works great.

How do you handle laptops that are sometimes offsite? Are they domain or workgroup laptops?

All user devices are domain. All product devices are 100% updated and stable before shipped... then it's up to the customer to keep updated.

Offprem user devices are domain, and users understand they need to phone home at least once a month and bu current with approved updates or they get kicked off the domain/network. At which point its up to them to bring back to be brought back to compliance if the want to access company resources.

scottalanmiller

@obsolesce said in Halting Windows 10 1803 Updates:

@black3dynamite said in Halting Windows 10 1803 Updates:

@obsolesce said in Halting Windows 10 1803 Updates:

I use WSUS with Group Policy to have 100% control over updates and releases. Works great.

How do you handle laptops that are sometimes offsite? Are they domain or workgroup laptops?

All user devices are domain. All product devices are 100% updated and stable before shipped... then it's up to the customer to keep updated.

That would have killed us. 100% updated = Can't run SAP.

Obsolesce

@scottalanmiller said in Halting Windows 10 1803 Updates:

@obsolesce said in Halting Windows 10 1803 Updates:

@black3dynamite said in Halting Windows 10 1803 Updates:

@obsolesce said in Halting Windows 10 1803 Updates:

I use WSUS with Group Policy to have 100% control over updates and releases. Works great.

How do you handle laptops that are sometimes offsite? Are they domain or workgroup laptops?

All user devices are domain. All product devices are 100% updated and stable before shipped... then it's up to the customer to keep updated.

That would have killed us. 100% updated = Can't run SAP.

These are specifically used as single purpose tools / instruments, not as user endpoints or PCs. Things like this wouldn't apply.

hobbit666

@obsolesce said in Halting Windows 10 1803 Updates:

I use WSUS with Group Policy to have 100% control over updates and releases. Works great.

This is now in our "projects to do at some point" folder

scottalanmiller

@scottalanmiller said in Halting Windows 10 1803 Updates:

Appears that these commands are correct:

New-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\ -Name BranchReadinessLevel -Value 10 -PropertyType Dword
New-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\ -Name DeferFeatureUpdates -Value 1 -PropertyType DWord
New-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\ -Name DeferFeatureUpdatesPeriodInDays -Value 168 -PropertyType DWord

And this will halt the update for 360 days, in theory, if nothing else overrides it.

We just had machines go through a round of updates after these commands were run and they worked. Systems were able to patch, without attempting to go up to 1803.

jmoore

@scottalanmiller said in Halting Windows 10 1803 Updates:

New-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\ -Name BranchReadinessLevel -Value 10 -PropertyType Dword
New-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\ -Name DeferFeatureUpdates -Value 1 -PropertyType DWord
New-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\ -Name DeferFeatureUpdatesPeriodInDays -Value 168 -PropertyType DWord

I had to remove the 1803 update for our database guy because it was messing with a license. I used these commands to keep them from coming for a while so thanks.

scottalanmiller

@jmoore awesome. Our customer that had to deal with this asked us if we found documentation somewhere on exactly how to stop it and we were like... well no, we found some loose stuff and put together documentation on how to stop it

jmoore

@scottalanmiller lol yeah if you can't find documentation then you make your own!

Dashrender

@scottalanmiller said in Halting Windows 10 1803 Updates:

@jmoore awesome. Our customer that had to deal with this asked us if we found documentation somewhere on exactly how to stop it and we were like... well no, we found some loose stuff and put together documentation on how to stop it

Yeah - cause you're not supposed to - no matter who you are.

wrx7m

From what I have been seeing, 1803 is still crap. I tried it at home on two systems, but reverted back to 1709 on one. I noticed a performance hit when playing BF1, so it might be a driver thing, but there wasn't a new video driver available, so I will wait it out a bit. My other system is still running it, but I don't use that one a whole lot. It is mostly for serving plex.

Obsolesce

@wrx7m said in Halting Windows 10 1803 Updates:

From what I have been seeing, 1803 is still crap. I tried it at home on two systems, but reverted back to 1709 on one. I noticed a performance hit when playing BF1, so it might be a driver thing, but there wasn't a new video driver available, so I will wait it out a bit. My other system is still running it, but I don't use that one a whole lot. It is mostly for serving plex.

I'm just counting the days until my home laptop is no longer functional, hardware wise, so I can get a System76 and run Fedora. I'm getting so tired of this Win10 update stuff all the time.