Disable Windows Update on Windows server 2019 (1809)

Copper Contributor

Hi to all,

we need to disable windwos update on my organization on windows server 2019.

We try to deploy a GPO that disable a Windows Update service but it's still work again and last night downloded and install on production server update and reboot machine. This cause a very big issue for us.

Can we help to find a correct workaround to disable it and enable only when we need to upgrade a machine?

Thanks for the support


8 Replies
What are your settings in the GPO and when you run a rsop.msc on the server, do you see the settings being applied?
Hello Marco, there are several solutions for that, the first is with sconfig command as describe in the following page
You can go to the following page and at the middle there are the procedure on how to change the setting from registry (first test it on a dev server)


Hi @Harm_Veenstra we run the rsop.msc ont he machine and we can find a Windows Update service on disable state on the server's 


at the follow the setting that we set on policy for disable update




please let me know if we make a mistake to set it. The domain controller that where set a GPO it's a Windows 2012R2 server

Thanks a lot


Do you also disable the Software Protection service? Only the Windows Update service is needed, but in fact, I think that only setting the Windows Update settings to disabled should be enough. The Windows Update service will still be running, but in the Windows Update control panel, you should see that it's not configured/disabled.

@Harm_Veenstra yes we disable a Software Protection service, we find this workaround on this link https://social.msdn.microsoft.com/Forums/en-US/298c11d5-02ec-4627-9916-7182d994be3b/successfully-sch... and try it  on dev machine 


HI @Vassilis_Dionisopoulos thanks for you repaly and for the workaround that we send us.

We tru to applya second link on a dev server and set a NoAutoRebootWithLoggedOnUsers (REG_DWORD) regkey to manage the updates.


We find and try another workaround that we send on this link


we try to apply the steps 2  on server and after set this key updates not start







That's good...

HI, @Vassilis_Dionisopoulos onluy for update you on workaround that we use to sole this issue:

1 step, create a policy to disable a Update orchestrator service


2 step, create a policy to add a reg key  NoAutoRebootWithLoggedOnUsers on the server


After add this 2 policy the service not start by self and no reboot if a user it's logged on (for exemple a service user that use to run application on server and need to log in to run)