Home
How to Block Windows Updates Using Group Policy
Uncategorized

How to Block Windows Updates Using Group Policy

May 19, 2025

Automatic updates are a built-in feature of Windows designed to keep your system secure and up to date. However, there are cases where you may want to block or delay Windows updates—especially in business environments, during software testing, or when a specific update causes compatibility issues. One of the most effective ways to control Windows updates is by using the Group Policy Editor (gpedit.msc). I’ve used this method multiple times in enterprise setups and on personal machines to prevent updates from interfering with critical workflows.

This article explains how to block Windows updates using Group Policy, covering all the necessary steps with detailed explanations.

What Is Group Policy in Windows?

Group Policy Editor is a built-in tool in Windows 10/11 Pro, Enterprise, and Education editions. It allows administrators and power users to control the behavior of system components using configurable policies.

With Group Policy, you can:

  • Block automatic updates
  • Defer feature or quality updates
  • Control restart behavior
  • Prevent Windows from downloading drivers automatically

This method is not available in Windows Home Edition, unless you manually enable gpedit via unofficial scripts (not recommended due to stability and support concerns).

When Should You Block Windows Updates?

From my experience, you may want to disable updates in cases like:

  • Preventing driver conflicts during testing
  • Avoiding forced reboots during critical operations
  • Ensuring version stability on production machines
  • Troubleshooting issues caused by a recent Windows update

Blocking updates doesn’t mean ignoring them forever. You can enable updates manually when needed.

Step-by-Step Guide: How to Block Windows Updates Using Group Policy

Step 1: Open Group Policy Editor

  1. Press Windows + R to open the Run dialog
  2. Type: gpedit.msc
  3. Press Enter
  4. The Local Group Policy Editor window will open

You must be signed in as an administrator to access and edit policies.

Step 2: Navigate to the Windows Update Policy Path

In the left panel, expand the following:

pgsql

CopyEdit

Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage updates offered from Windows Update

You may also find relevant settings directly under:

pgsql

CopyEdit

Computer Configuration > Administrative Templates > Windows Components > Windows Update

Take your time to review the available options carefully.

Step 3: Block Automatic Updates

This is the most direct method to stop Windows from installing updates automatically.

  1. Double-click on Configure Automatic Updates
  2. In the window that appears:
  • Select Disabled
  • Click Apply, then OK

This setting tells Windows not to check, download, or install updates automatically.

If you prefer to allow updates manually, you can instead choose:

  • Enabled
  • Under “Configure automatic updating,” choose: Notify for download and auto install

This allows you to control when updates are downloaded and installed.

Step 4: Additional Policy Settings to Consider

Here are other useful policies I regularly configure to tighten control:

Do not include drivers with Windows Updates

  • Path:
    Computer Configuration > Administrative Templates > Windows Components > Windows Update > Do not include drivers with Windows Updates
  • Double-click it > Set to Enabled

This prevents Windows from updating device drivers automatically, which is useful for systems that rely on stable or vendor-specific drivers.

Select when Preview Builds and Feature Updates are received

  • Double-click this policy
  • Set to Enabled
  • Choose number of days to defer feature updates (e.g., 365)

This delays major version upgrades like Windows 11 23H2 for a defined period.

Select when Quality Updates are received

  • Set to Enabled
  • Delay monthly cumulative updates by a set number of days (e.g., 30)

This helps you avoid the risks of newly released patches.

No auto-restart with logged on users for scheduled automatic updates installations

  • Enable this policy to stop automatic restarts when users are logged in

It ensures that Windows won’t reboot the system unexpectedly while someone is working.

Step 5: Apply and Exit

Once you’ve configured the necessary policies:

  1. Close the Group Policy Editor
  2. Open Command Prompt as Administrator
  3. Run the following command to apply changes:

cmd

CopyEdit

gpupdate /force

This refreshes your group policies without requiring a restart.

Step 6: Verify That Updates Are Blocked

You can confirm the change through the Settings app:

  1. Open Settings > Windows Update
  2. Click Check for updates

If your policies are correctly configured, you may see a message like “Some settings are managed by your organization” and updates will no longer be downloaded or installed automatically.

Alternatively, run this command in PowerShell to check the policy status:

powershell

CopyEdit

Get-WindowsUpdatePolicy

What Happens After Blocking Updates?

  • Windows will no longer download updates unless manually triggered
  • Update notifications may disappear
  • Microsoft Defender updates may continue (depending on separate settings)

You can manually check for updates anytime through:
Settings > Windows Update > Check for updates

Blocking updates does not remove existing updates. It only stops new ones from being applied automatically.

How to Re-Enable Windows Updates via Group Policy

To reverse the change:

  1. Open gpedit.msc
  2. Navigate to Configure Automatic Updates
  3. Set it back to Not Configured or Enabled (with a preferred update option)
  4. Apply and force update using:

cmd

CopyEdit

gpupdate /force

This will restore normal update behavior.

Cautions and Best Practices

  • Do not block updates permanently. Regular security patches are important.
  • Review policies periodically, especially after major system upgrades.
  • Test updates in virtual machines or non-production systems if you manage critical environments.
  • Use WSUS (Windows Server Update Services) or Intune for enterprise-grade update control.

Conclusion

Blocking Windows updates using Group Policy is a safe and effective way to manage system stability, especially in business or development environments. It gives you full control over when and how updates are installed—without relying on third-party tools or risky registry hacks.

I’ve used this method on dozens of systems and workstations to maintain a predictable environment. With the right policies configured, you can avoid unwanted reboots, unstable driver updates, or incompatible feature releases—while keeping the flexibility to update when it’s convenient.

Related Articles

About The Author

Avatar photo
William Johnson

William Johnson, a freelance article writer and contributor who focus more on technology, mainly Gadgets and all the latest trends which are interesting for readers and tech enthusiasts.

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh