Recipe2.3.Disabling Windows Update

Previous page
Table of content
Next page

Recipe 2.3. Disabling Windows Update

Problem

You want to prevent a user from running Windows Update or Automatic Updates.

Solution

Using a graphical user interface

  1. Open the Group Policy Management Console.

  2. In the left pane, navigate to the GPO you want to modify.

  3. Right-click the target GPO and select Edit.

  4. In the left pane of the Group Policy Object Editor, expand User Configuration

    In the right pane, double-click Remove links and access to Windows Update (for Windows Server 2003) or Disable and Remove Links to Windows Update (for Windows 2000).

  5. Select Enable and click OK.

Using a command-line interface

To disable Windows Update for all users who haven't logged in previously, run the following command:

> reg add HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /t REG_DWORD /v NoWindowsUpdate /d 1

To disable Windows Update for the user who is currently logged on, run the following command:

> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /t REG_ DWORD /v NoWindowsUpdate /d 1

Using VBScript
' This code disables Windows Update in the .Default profile. ' ------ SCRIPT CONFIGURATION ------ strComputer = "." ' ------ END CONFIGURATION --------- const HKEY_USERS = &H80000003 strKey = ".DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" set objReg=GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv") objReg.SetDwordValue HKEY_USERS, strKey, "NoWindowsUpdate", 1 WScript.Echo "Windows Update disabled in .Default profile"

Discussion

If you are using SUS or some other patch management system to distribute updates to your client-base, you may not want your clients accessing the Microsoft Windows Update site (http://windowsupdate.microsoft.com/). One of the reasons to use something like SUS is so your users don't have to download the same updates over the Internet from Microsoft. If you leave Windows Update turned on, there is nothing to prevent them from doing it.

Fortunately, there is an easy way to disable it. You can use Group Policy to force the change to apply across a group of users (the Windows Update disablement settings are available only in the User Configuration section of a GPO). Or you can use the command-line or VBScript solutions to disable it via a login script or manually if need be.

Once this setting is in effect, a user will not see the Windows Update link in the Start Menu or Internet Explorer, and if the user attempts to access the Windows Update site, he will get a message indicating that Windows Update has been disabled for his computer.

See Also

MS KB 326686 ("Windows Update Was Disabled by Your System Administrator" Error Message)


Previous page
Table of content
Next page
Windows Server Cookbook
Windows Server Cookbook for Windows Server 2003 and Windows 2000
ISBN: 0596006330
EAN: 2147483647
Year: 2006
Pages: 380
Authors: Robbie Allen
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
Beginning Cryptography with Java
Certified Ethical Hacker Exam Prep
Mastering Delphi 7
Ruby Cookbook (Cookbooks (OReilly))
VBScript in a Nutshell, 2nd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy