LICOMPGUY
asked on
Windows 10 controlling forced updates
Windows 10, NEED to disable updates.
I have previously used a GPO to disable Win10 updates as well as stopped the update service and disabled it, however, and I could be wrong but since MS created the triggered start services, you can no longer disable the update service. I guess MS thinks it is okay to bring systems down in a business for as long as a half day to do updates, no matter what the cost to a business, but I am looking to see if anyone has come up with a way to disable the updates, so they can first be tested in a staging environment BEFORE they are actually deployed.
We have also had concerns about a user closing their notebook as updates are being installed and putting the computer in sleep/hibernate, and the potential for corruption etc.
Anyone?
Thanks!!!
I have previously used a GPO to disable Win10 updates as well as stopped the update service and disabled it, however, and I could be wrong but since MS created the triggered start services, you can no longer disable the update service. I guess MS thinks it is okay to bring systems down in a business for as long as a half day to do updates, no matter what the cost to a business, but I am looking to see if anyone has come up with a way to disable the updates, so they can first be tested in a staging environment BEFORE they are actually deployed.
We have also had concerns about a user closing their notebook as updates are being installed and putting the computer in sleep/hibernate, and the potential for corruption etc.
Anyone?
Thanks!!!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Gents
Thanks so much for the info!
No one is pretending updates don’t exist. We have put in place patch remediation for sizeable clients across multiple platforms, inclusive of different flavors of Unix, Linux, Windows, Apple even. The success of what we have implemented, was based on having the control as to which computers were updated first, then they would be tested in prod and monitored generally where possible with a machine representing a particular build for each department, then we would do tiered increasingly larger groups, update and monitor until the entire environment was updates. It was incredibly rare we would have any issues taking this approach. Windows 7 updates would only take minutes compared to Windows 10
We just wish to have the same control with Windows 10 for our smaller clients. Can we do it? Can it be done with WSUS?
Want to control
1. Limit which machines get deployed first
2. Control time frame in which they get deployed (Weekends),
3. Lowest impact machines deployed (Week1)
4. Most critical remaining, within a specific time window. Say week 2-3
Yes, even on some of the Precision workstations with Xeon processors, SSDs and 32-64 GB of RAM we have seen a few of the updates take as long as 3-4 hours. Unlike Windows 7 which would generally be in the 10 -20-minute range if that.
Just had a CEO who was intending to take his laptop offsite, his only option was I believe to update and turn off machine. It is not always a convenient time
How can we control this?
For example, we have users working with somewhat obscure applications from Germany, that create 3D renderings can output directly to a CNC Router, we can’t have any interruption from sales/creation/engineering /output.
Thanks!
Thanks so much for the info!
No one is pretending updates don’t exist. We have put in place patch remediation for sizeable clients across multiple platforms, inclusive of different flavors of Unix, Linux, Windows, Apple even. The success of what we have implemented, was based on having the control as to which computers were updated first, then they would be tested in prod and monitored generally where possible with a machine representing a particular build for each department, then we would do tiered increasingly larger groups, update and monitor until the entire environment was updates. It was incredibly rare we would have any issues taking this approach. Windows 7 updates would only take minutes compared to Windows 10
We just wish to have the same control with Windows 10 for our smaller clients. Can we do it? Can it be done with WSUS?
Want to control
1. Limit which machines get deployed first
2. Control time frame in which they get deployed (Weekends),
3. Lowest impact machines deployed (Week1)
4. Most critical remaining, within a specific time window. Say week 2-3
Yes, even on some of the Precision workstations with Xeon processors, SSDs and 32-64 GB of RAM we have seen a few of the updates take as long as 3-4 hours. Unlike Windows 7 which would generally be in the 10 -20-minute range if that.
Just had a CEO who was intending to take his laptop offsite, his only option was I believe to update and turn off machine. It is not always a convenient time
How can we control this?
For example, we have users working with somewhat obscure applications from Germany, that create 3D renderings can output directly to a CNC Router, we can’t have any interruption from sales/creation/engineering
Thanks!
We just wish to have the same control with Windows 10 for our smaller clients. Can we do it?
You need the business tools like WSUS or LTSB to do this. Small clients may not have such tools and so should use the deferral methods in my article.
Windows 7 people turned off updates, forgot, got hacked, ransomware and other things, blamed Microsoft and so now you know why Microsoft enforces updates.
Even businesses with tools do updates on a programmed basis and anyone can do this.
You need the business tools like WSUS or LTSB to do this. Small clients may not have such tools and so should use the deferral methods in my article.
Windows 7 people turned off updates, forgot, got hacked, ransomware and other things, blamed Microsoft and so now you know why Microsoft enforces updates.
Even businesses with tools do updates on a programmed basis and anyone can do this.
If you want to restrict to weekends then yes, you'll need a tool like WSUS (or SCCM, etc.)
If you inky want to limit updates to after-hours, Windows Update for Business and associated policies can let you set up incremental tiers based in the release date of the patch. It's much more hands off, but is often functional for smaller businesses.
Truthfully, if an uodate does break a line of business app/process, I'd rather that happen in a Tuesday or Wednesday night. Finding out Monday morning because of a weekend update is the WORST time. That's fairly universal in my experience across many different types of businesses. So week night updates are my preference (true for XP through Win10, iOS, MacOS, been there with them all where an uodate broke SOMETHING.)
If you inky want to limit updates to after-hours, Windows Update for Business and associated policies can let you set up incremental tiers based in the release date of the patch. It's much more hands off, but is often functional for smaller businesses.
Truthfully, if an uodate does break a line of business app/process, I'd rather that happen in a Tuesday or Wednesday night. Finding out Monday morning because of a weekend update is the WORST time. That's fairly universal in my experience across many different types of businesses. So week night updates are my preference (true for XP through Win10, iOS, MacOS, been there with them all where an uodate broke SOMETHING.)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Split:
-- 'Cliff Galiher' (https:#a42602703)
-- 'John' (https:#a42602644)
-- 'McKnife' (https:#a42609460)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Split:
-- 'Cliff Galiher' (https:#a42602703)
-- 'John' (https:#a42602644)
-- 'McKnife' (https:#a42609460)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
I guess MS thinks it is okay to bring systems down in a business for as long as a half day to do updates, no matter what the cost to a business
Never happened to us at any of our clients.