search

Disassembler0 / Win10-Initial-Setup-Script

PowerShell script for automation of routine tasks done after fresh installations of Windows 10 / Server 2016 / Server 2019
MIT License
4.7k stars 1.07k forks source link

Prevent Windows Update Driver Update == Function DisableUpdateDriver #178

Closed kukubau closed 5 years ago

kukubau commented 6 years ago

Since at least Windows 10 1803, the only GPO policy that successfully and I'm 90% sure, that blocks automatic driver updates in Windows 10 is:

Group Policy Editor -> Computer Configuration –> Administrative Templates –> System –> Device Installation –> Device Installation Restrictions In the right hand pane, select “Prevent installation of devices not described by other policy settings” and set it to Enabled.

Registry Hive HKEY_LOCAL_MACHINE
Registry Path Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions
Value Name DenyUnspecified
Value Type REG_DWORD
Enabled Value 1
Disabled Value 0

All the other drivers update related registry key settings are deprecated, most probably 'ExcludeWUDriversInQualityUpdate' too, which is the equivalent of

Group Policy Editor -> Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update -> "Do not include drivers with Windows Update"

Running: Windows 10 1809 October Update Refresh (Version 10.0.17763.107) Previous: Windows 10 1803 April 2018 Update (Version 10.0.17134.407)

kukubau

Disassembler0 commented 5 years ago

It has been brought to my attention that DenyUnspecified blocks all driver installations, not just Windows Updates but also manual. This isn't what the tweak is supposed to do, so I'm forced to revert that part.