SOLVED: Unable to get rid of windows update group policy



  • I am trying to use Widows update rings on intune replacing our old group policy. Our machines were set with "disable automatic updates" via gpo. Our service provider at that time who managed our infrastructure used the default domain policy to disable windows updates!

    I disabled those policies from the default domain policies, did gpupdate on my computer and found that the policy was changed to MDM managed. The next day, the 3 policies are back on the machine and now I am not able to figure out where is this policy from. Checked each and every GPO settings on my server and confirmed that there are no policies related to windows update.

    f477d13c-6697-459c-9372-fde98ebac1ca-image.png

    1b42c675-8d52-445a-a9cd-61ef5e27d476-image.png

    Checked gpedit.msc as admin on my computer

    User configuration:

    7360b6bf-7973-4a7b-b6b7-daa515fe364b-image.png

    Computer configuration
    02edcdec-5218-4548-8b7a-7a45509c680e-image.png

    My gpresult html report which has Windows update search result
    32882243-61dd-4d98-84af-2e25c147abf1-image.png

    Not sure where else to look at and possibly remove this policy



  • While searching for this scenario, came across a topic called "tatooing" from https://docs.microsoft.com/en-us/archive/blogs/grouppolicy/gp-policy-vs-preference-vs-gp-preferences

    921bb46d-222c-453e-a71b-c8f89adbc471-image.png

    I then looked at the registry entry and found this.

    c4f0dccf-e991-4eb9-858a-d39fa5cc1a1f-image.png

    a9b681db-e599-4d0b-b03e-7666e211c1cf-image.png

    Changed the NoAutoUpdate value set to 0, did another gpupdate /force and now I dont see any GP policies on the windows update settings!
    dc32ad33-d32f-4a37-bf0a-4b092ef6b4e7-image.png

    Will need to restart and confirm once more



  • Jared ran into a simliar'ish problem recently... There is a thread around here somewhere.