Disable Windows Update on Windows server 2019 (1809)

Copper Contributor

Hi to all,

we need to disable windwos update on my organization on windows server 2019.

We try to deploy a GPO that disable a Windows Update service but it's still work again and last night downloded and install on production server update and reboot machine. This cause a very big issue for us.

Can we help to find a correct workaround to disable it and enable only when we need to upgrade a machine?

Thanks for the support

Marco 

8 Replies
What are your settings in the GPO and when you run a rsop.msc on the server, do you see the settings being applied?
Hello Marco, there are several solutions for that, the first is with sconfig command as describe in the following page
https://www.osradar.com/disable-automatic-updates-in-windows-server-2019-2016/
...or....
You can go to the following page and at the middle there are the procedure on how to change the setting from registry (first test it on a dev server)
https://learn.microsoft.com/en-us/windows/deployment/update/waas-wu-settings#configure-automatic-upd...

BR,

Hi @Harm_Veenstra we run the rsop.msc ont he machine and we can find a Windows Update service on disable state on the server's 

Marco2706_0-1663838743324.png

at the follow the setting that we set on policy for disable update

Marco2706_1-1663838925315.png

Marco2706_2-1663838944990.png

 

please let me know if we make a mistake to set it. The domain controller that where set a GPO it's a Windows 2012R2 server

Thanks a lot

Marco

Do you also disable the Software Protection service? Only the Windows Update service is needed, but in fact, I think that only setting the Windows Update settings to disabled should be enough. The Windows Update service will still be running, but in the Windows Update control panel, you should see that it's not configured/disabled.

@Harm_Veenstra yes we disable a Software Protection service, we find this workaround on this link https://social.msdn.microsoft.com/Forums/en-US/298c11d5-02ec-4627-9916-7182d994be3b/successfully-sch... and try it  on dev machine 

 

HI @bdionisogr1 thanks for you repaly and for the workaround that we send us.

We tru to applya second link on a dev server and set a NoAutoRebootWithLoggedOnUsers (REG_DWORD) regkey to manage the updates.

 

We find and try another workaround that we send on this link

https://www.wintips.org/how-to-turn-off-windows-10-updates-permanently/

we try to apply the steps 2  on server and after set this key updates not start

thanks 
marco 

 

 

 

 

 

That's good...

HI, @bdionisogr1 onluy for update you on workaround that we use to sole this issue:

1 step, create a policy to disable a Update orchestrator service

Marco2706_0-1664263697108.png

2 step, create a policy to add a reg key  NoAutoRebootWithLoggedOnUsers on the server

Marco2706_1-1664263827668.png

After add this 2 policy the service not start by self and no reboot if a user it's logged on (for exemple a service user that use to run application on server and need to log in to run)