• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 61
  • Last Modified:

Best way to disable Windows 10 Update and take control when the updates should take place?

We are using a bunch of Windows 10 laptops on weekends to teach kids computer stuff. The laptops are used at different locations every time, and are only connected to the Internet via WiFi and never to a LAN with an Ethernet-cable.

What we do not want happening during these weekend sessions, is a Windows Update session of any kind which can disrupt the whole experience for the kids. But what is the best way to take control of Windows 10 update so that it will not happen automatically?

I have read that there are a couple of different options of which changing the setting with the Group Policy Editor is one, and the other Disable Windows Update Service. But which of these is best for our purpose?

As we do very basic stuff on these laptops, we do not really need to update the laptops at all after they have been installed and found properly working. But let us say that twice a year would be a reasonable schedule for us as we might want to upgrade the installed software as well and add some new maybe. Should we use the Group Policy way, or disable the update service? Or is there even a better way given our situation when we use the laptops as seldom as we do (a couple of hours each weekend)?

I have read somewhere that some people have experienced the update service automatically turning back on again after having been set to disabled?
0
Dag Wolters
Asked:
Dag Wolters
  • 2
  • 2
  • 2
  • +2
1 Solution
 
Mal OsborneAlpha GeekCommented:
If you are considering configuiration via a Group Policy Object, then I assume these machines are running Windows 10Pro,  domain members, and at least occasionally can see a Domona Controller, and other servers on the LAN?

In this case, probably the best way to go would be to install a WSUS server. This pulls down patches and keeps them stored on a central server. Machines then download the patches and instal as configured. You can decide which patches to install, and when. You also get a central view of the patch status on each machine, and can generate various reports.

WSUS is free, as a download for older versions of Windows Server, or as a role on more recent versions. It uses a fair bit of disk space as a repository for patches, this need not be backed up, and can be on a crappy old desktop drive if money is tight. It saves bandwidth, if 500 machines need a patch, it only gets downloaded once.


More here:  https://technet.microsoft.com/en-us/library/cc539281.aspx
0
 
Sam Simon NasserIT Support ProfessionalCommented:
if you have a server, you can immplement WSUS to deliver updates. otherwise, configure the updates to be delivered manually when triggered.
0
 
Dag WoltersAuthor Commented:
Thanks Mal and Sam Simon!
At the moment we do not have any server at all. The laptops are individually installed with Windows 10 Pro and some other software for the kids' education (coding apps like Python, Scratch and VS Code for example). Then the laptops are used on weekends a couple of hours and then stored until the next weekend session when the kids use them again. We have not configured the laptops to belong to any domain, etc, today. For the moment they are just individual laptops.

We are a small non-profit organization and would like to find a simple and efficient solution. However, the laptops COULD be hooked up to the same WiFi network occasionally if that would help in any way. For example in order to set up this WSUS server that these laptops could be connected to once in a while if this solution would be the best for us?
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
Olgierd UngehojerSenior Network AdministratorCommented:
Add registry key in HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows called WindowsUpdate and then inside this key AU.
In AU new DWORD (32bit) value NoAutoUpdate = 1.

Instead NoAutoUpdate you can create AUOptions 32-bit DWORD with valume 0 and you will some controle how updates are deployed.

For MS Office you have to do separate setting because updates for office 2016 and 365 are mange by Office software now.
0
 
McKnifeCommented:
If you don't need updates because you see no security implications and don't use the internet at all (you don't?), you should disable the windows update service from starting by changing its startup type to disabled. If the service does not run, no updates will install.

Twice a year, major updates are released and those should at least be installed which seems to meet your schedule.
After installing these updates, which you can acquire in the form of an ISO file using the media creation tool, the startup type of the windows update service will be reset to defaults and needs to be disabled again. That might be what you read about. Apart from that, the startup type will not change.
0
 
Dag WoltersAuthor Commented:
Thanks, Olgierd and McKnife!

@McKnife Yes the kids do hook up to the Internet via WiFi on these occasions when we have lessons, but I would say that the security risks are very, very low as they will follow along with the teacher during the lesson and do not have enough time on their own to visit malicious websites, etc. But otherwise your suggestion to turn off Windows Update Service in Services seems right for us  (I guess i do this by typing "services.msg" in the Run dialog?). And I guess then that we could just turn the service on again a couple of times a year, or can we manually run the update service from within the control panel somehow?
0
 
Sam Simon NasserIT Support ProfessionalCommented:
so in your case you have two options:
  • disable windows update, but this is NOT recommended
  • before the sessions begins, and after it finishes, check for updates, restart a couple of times to make sure there are no updates left. by this you make sure your session will run smoothly with no windows update interference.
0
 
McKnifeCommented:
Yes, you can use services.msc to set its startup type to disabled. When you do that for the first time, the service will continue to run and needs to be stopped once. You would not need to enable it and turn it on again for the semi annual updating as that would take a lot longer than just using the media creation tool from https://www.microsoft.com/software-download/windows10 as the ISO it produces can be carried from laptop to laptop mounted by simply double clicking it which will then allow you to start the upgrade setup.
1
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

  • 2
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now