Turn off the Upgrade to the latest version of Windows GPO
June 11, 2015 8 Comments
I was continuing the reinstall of my lab today, and noticed a new setting in the policy template.
I was surprised to see this to say the least. Of course no doubt you will have read plenty of things about controlling the little Windows 10 flag in the system tray, but i had read, that if a machine was domain joined it would not show up at all. The wording on this policy setting however seems to be a little ambiguous to say the least.
“If you disable or do not configure this setting, Windows Update might offer an upgrade to the latest version of Windows”
Might? What do you mean might?
It was a useful find though as i had been speaking to some other folks about how to make sure this was disabled using a GPO. Whilst i am excited for the release of Windows 10, i don’t think i want to be one of the first over the top.
I was curious how this setting arrived with little fanfare, or none that id seen anyway so i dug a little deeper.
Looking at the Policy Definitions folder i found the WindowsUpdate.adml file and noticed it had modified recently, although the time stamps are a little odd (possibly due to the system install date)
Comparing it to the same file on an identical, but not as up to date Server, confirms the files are indeed different as half of me was thinking i had just missed this setting before.
Looking at the Windows Update history on my Server, i narrowed down the update that applied this change to KB3050265, and visiting the KB Page confirms the files that are changed with this update include the WU Policy. See below Comment from Tony re KB Number for 2012 R2.
So if you are keen to ensure your users do not get this message, this might be the policy for you.
You can find the Setting in your GPO Editor under:
Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update
What if your users are not in a domain, and you have no GPO control?
Third Tier have a blog post for you too.
About Robert Pearman
Title (Required) 
Can you tell me the GPO path to find this entry? Thanks!
Sure,
Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update
Hello Robert,
Good post first of all. To help anyone with a different OS KB3050267 covers Server 2012 R2. If anyone is looking for the same solution for 2008 R2 including SBS 2011 then they will be looking for KB3050265.
So far I have not found a similar update for Server 2008 or Server 2012 so if anyone can point me in the right direction it would be most appreciated.
Tony
There is a lot of conflicting information about this. Microsoft should have already seen what is happening and put out a technical information brief. I guess no one trusts Microsoft anymore.
On Server 2012 R2 installing KB3065988 (v2?) does NOT give you the updated GPO
On Server 2012 R2 installing KB3050267 does NOT give you the updated GPO
you suck for putting out wrong info
Hi M$,
KB3050267 does definitely add the group policy option to Windows server 2012 R2 as I have done it on five different servers. The only way it would not add it to your screen is if you had more than one domain controller and you have set up a Central store for your Group Policy Administrative templates, in which case you need to copy the relevant file from your local server to the central store location.
If this is what you have done, then you suck for not knowing your own system!!
How do you add this control to Server 2012 (NOT R2)? I can’t find a similar KB
I enabled the “Turn off upgrade to the latest version of windows through windows updates” in the local group policy editor of my windows 7 pro machine and it is not honored. I still get the tiresome ad to upgrade to windoze 10. Surprise surprise. I don’t want windows 10. I don’t want the installer on my computer. I don’t want the downloader wasting my bandwidth. Obviously Micro$soft thinks they know better what I need than I do. Just another reason to dump their OS…
Give this a try,
http://www.thirdtier.net/2015/06/how-to-block-or-allow-the-windows-10-reservation/
…or buy a mac.