how to prevetn sysprep to turn automatic update back on

we don't want our windows 7 laptops to have automatic updates on. We set them oof on all our masters but we we have sysprep running after making mass numbers of clones. It turns automatic updates back onand we don't want. I tried some registry settigns but that did notwork.
So please let me know if you have experienced with this problem and have the answer.
All laptops are windwos 7
wajhiuddinAsked:
Who is Participating?
 
Michael PfisterConnect With a Mentor Commented:
Post above looks strange, this is better:

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v IncludeRecommendedUpdates /d 0 /t REG_DWORD /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v ElevateNonAdmins  /d 0 /t REG_DWORD /f

Open in new window

0
 
kevinhsiehCommented:
If your laptops are domain members, a much better solution is to use group policies to set your Automatic Updates options.

Curious, how do you patch your systems and prevent them from getting attacked from web site drive-by attacks, malicious email, spear phishing, etc.?
0
 
Michael PfisterCommented:
If you run sysprep with an unattend.xml file you can add your own commands in the specialize section under amd64_Microsoft-Windows-Deployment_6.1.7600.16385_neutral.

i.e.

sc config wuauserv start= disabled

would disable the Windows Update service.

But I agree with kevinhsieh, better patch them!
0
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

 
wajhiuddinAuthor Commented:
clients are getting windows patches buy Symatntec End point, and CMS, can't  disable windows updates services becasue syamtec won't able to deliver patches , just don't want AU enable becasue while machines getting  customizations  windows updates get started whcih slows down the process.
0
 
Michael PfisterCommented:
Ok, that wasn't clear from your original post.
Then either use GPO to disable Windows Updates or add the following registy key:


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000001

you might be able to run

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoUpdate /d 1 /t REG_DWORD /f

as a command in your unattend.xml
0
 
wajhiuddinAuthor Commented:
I don't see the option in local GPO to disabel AU in windows 7, is it availabe where?
I am talking about local group policy instead of domain, clients won't get domain policy untill they get customized,
0
 
wajhiuddinAuthor Commented:
: mpfister thanks it works I also need to add following retkeys please
"IncludeRecommendedUpdates"=dword:00000000
"ElevateNonAdmins"=dword:00000000
can you please send me the command as you did for
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoUpdate /d 1 /t REG_DWORD /f


thansk
0
 
Michael PfisterCommented:
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v IncludeRecommendedUpdates /d 0 /t REG_DWORD /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v ElevateNonAdmins  /d 0 /t REG_DWORD /f

HTH
0
 
wajhiuddinAuthor Commented:
mpfister ,
U R the man
Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.