Best way to disable Windows 10 Update and take control when the updates should take place?

We are using a bunch of Windows 10 laptops on weekends to teach kids computer stuff. The laptops are used at different locations every time, and are only connected to the Internet via WiFi and never to a LAN with an Ethernet-cable.

What we do not want happening during these weekend sessions, is a Windows Update session of any kind which can disrupt the whole experience for the kids. But what is the best way to take control of Windows 10 update so that it will not happen automatically?

I have read that there are a couple of different options of which changing the setting with the Group Policy Editor is one, and the other Disable Windows Update Service. But which of these is best for our purpose?

As we do very basic stuff on these laptops, we do not really need to update the laptops at all after they have been installed and found properly working. But let us say that twice a year would be a reasonable schedule for us as we might want to upgrade the installed software as well and add some new maybe. Should we use the Group Policy way, or disable the update service? Or is there even a better way given our situation when we use the laptops as seldom as we do (a couple of hours each weekend)?

I have read somewhere that some people have experienced the update service automatically turning back on again after having been set to disabled?
Dag WoltersAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mal OsborneAlpha GeekCommented:
If you are considering configuiration via a Group Policy Object, then I assume these machines are running Windows 10Pro,  domain members, and at least occasionally can see a Domona Controller, and other servers on the LAN?

In this case, probably the best way to go would be to install a WSUS server. This pulls down patches and keeps them stored on a central server. Machines then download the patches and instal as configured. You can decide which patches to install, and when. You also get a central view of the patch status on each machine, and can generate various reports.

WSUS is free, as a download for older versions of Windows Server, or as a role on more recent versions. It uses a fair bit of disk space as a repository for patches, this need not be backed up, and can be on a crappy old desktop drive if money is tight. It saves bandwidth, if 500 machines need a patch, it only gets downloaded once.

More here:
Sam Simon NasserIT Support ProfessionalCommented:
if you have a server, you can immplement WSUS to deliver updates. otherwise, configure the updates to be delivered manually when triggered.
Dag WoltersAuthor Commented:
Thanks Mal and Sam Simon!
At the moment we do not have any server at all. The laptops are individually installed with Windows 10 Pro and some other software for the kids' education (coding apps like Python, Scratch and VS Code for example). Then the laptops are used on weekends a couple of hours and then stored until the next weekend session when the kids use them again. We have not configured the laptops to belong to any domain, etc, today. For the moment they are just individual laptops.

We are a small non-profit organization and would like to find a simple and efficient solution. However, the laptops COULD be hooked up to the same WiFi network occasionally if that would help in any way. For example in order to set up this WSUS server that these laptops could be connected to once in a while if this solution would be the best for us?
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

Olgierd UngehojerSenior Network AdministratorCommented:
Add registry key in HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows called WindowsUpdate and then inside this key AU.
In AU new DWORD (32bit) value NoAutoUpdate = 1.

Instead NoAutoUpdate you can create AUOptions 32-bit DWORD with valume 0 and you will some controle how updates are deployed.

For MS Office you have to do separate setting because updates for office 2016 and 365 are mange by Office software now.
If you don't need updates because you see no security implications and don't use the internet at all (you don't?), you should disable the windows update service from starting by changing its startup type to disabled. If the service does not run, no updates will install.

Twice a year, major updates are released and those should at least be installed which seems to meet your schedule.
After installing these updates, which you can acquire in the form of an ISO file using the media creation tool, the startup type of the windows update service will be reset to defaults and needs to be disabled again. That might be what you read about. Apart from that, the startup type will not change.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dag WoltersAuthor Commented:
Thanks, Olgierd and McKnife!

@McKnife Yes the kids do hook up to the Internet via WiFi on these occasions when we have lessons, but I would say that the security risks are very, very low as they will follow along with the teacher during the lesson and do not have enough time on their own to visit malicious websites, etc. But otherwise your suggestion to turn off Windows Update Service in Services seems right for us  (I guess i do this by typing "services.msg" in the Run dialog?). And I guess then that we could just turn the service on again a couple of times a year, or can we manually run the update service from within the control panel somehow?
Sam Simon NasserIT Support ProfessionalCommented:
so in your case you have two options:
  • disable windows update, but this is NOT recommended
  • before the sessions begins, and after it finishes, check for updates, restart a couple of times to make sure there are no updates left. by this you make sure your session will run smoothly with no windows update interference.
Yes, you can use services.msc to set its startup type to disabled. When you do that for the first time, the service will continue to run and needs to be stopped once. You would not need to enable it and turn it on again for the semi annual updating as that would take a lot longer than just using the media creation tool from as the ISO it produces can be carried from laptop to laptop mounted by simply double clicking it which will then allow you to start the upgrade setup.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 10

From novice to tech pro — start learning today.