Disable upgrades in Win 10 (1607)

Disable upgrades in Windows 10 1607 (Anniversary Update)

 

Introduction - main concepts

 

     Why do you need to stay on an older, maybe even an obsolete version of Windows 10?
    First, Windows 10 Anniversary Update (1607) is not an obsolete version of Windows 10. For Windows 10 Enterprise and Education versions, the end of the mainstream support is October 9, 2018 (on Semi-Annual Channel) [1]. Windows 10 Enterprise, on Long-Term Servicing Channel (LTSC), will be supported up to October 13, 2026. On LTSC each Windows release is supported 10 years (five years standard support, five years extended support).
     Second and most imported, Windows 10 Anniversary Update is the best operating system from the point of view of the Bluetooth Low Energy (BLE) devices. It is the only operating system that supports the notify data transfer mechanism with a BLE device. The software used in this communication process was developed based on Windows 10 SDK – using Bluetoothapis API [2].
     Knowing all of these, the main idea is to stay as long as possible on Windows 10 Anniversary Update (1607) before Microsoft forces us to update our system to a newer release of Windows OS.
     Mainly the Windows OS pulls updates directly from Microsoft’s Windows Update servers. But, there are some options that a user can set to determine when and how updates are downloaded and applied.
     The Windows Update for Business is an option that makes it easier for a user to manage updates in Windows 10 Pro, Enterprise, and Education. You can use Group Policy to configure Windows Update for Business settings for your devices.
     In Windows 10 are three types of updates [3]:

1. Feature Updates (previously referred to as upgrades) contain security, quality revisions, and significant feature additions and changes – they are released two times in a year.
2. Quality Updates (previously referred as operating system updates) include security, critical, and driver updates. Windows Update for Business includes non-Windows updates, such as those for Microsoft Office or Visual Studio, as Quality Updates. The Quality Updates are typically released on the second Tuesday of each month.
3. Non-deferrable updates: antimalware and antispyware Definition Updates. These updates cannot be deferred in any form.

    In Windows Update for Business, the Feature and Quality Updates can be deferred from deploying within a bounded range of time from when those updates are first made available on the Windows Update Service.

      For example, the [3]:

• Feature Updates can be deferred from deploying with maximum: (a) 365 days for Windows 10, version 1703 or newer and (b) maximum 180 days for Windows 10, version 1511 to version 1607.
• Quality Updates can be deferred from deploying with maximum 30 days.

 

Defer feature updates

 

    So let's start to defer feature updates using Group Policy:

1. Press Windows Key + R;
2. Type gpedit.msc and hit Enter to open the Group Policy Editor (the Group Policy Editor is available only in the following Windows 10 editions: Professional, Enterprise or Education);
3. Navigate to the following setting: Computer Configuration → Administrative Templates → Windows Components → Windows Update → Defer Windows Upgrades;
4. Double-click on Select when Feature Updates are received;
5. From the drop-down menu select Current Branch for Business and then the period for which you want to defer the updates: 180 days. So, using “Current Branch for Business” we will get feature updates more slowly. 
6. You may select the Pause feature updates checkbox if you wish to. I’m not sure what exactly this option does. Maybe this will add an extra 60 days???? But I’m sure that [4]: “After 60 days has passed, pause functionality will automatically expire and the device will scan Windows Update for applicable Feature Updates. Following this scan, Feature Updates for the device can then be paused again”. So, I think it will not add 60 days extra.
7. Select Apply.

    For Windows Update for Business to be active, the Diagnostic Data level of the operating system must be set to 1 (Basic) or higher [5]. If it is less than 1 – set to 0 (Security) – Windows Update for Business policies will have no effect. The Basic level gathers a limited set of data that are critical for understanding the configuration of the OS. This level also includes the Security level data which includes the Connected User Experiences and Telemetry component. The reason the telemetry policy must be set is that the information about successful or unsuccessful Windows Update operations is sent to Microsoft. So, Microsoft’s Windows Update service needs to know the state of your machines related to Windows updates to determine what updates and upgrades it must send.

    Set the Diagnostic data level using Group Policy: 

1. Press Windows Key + R;
2. Type gpedit.msc and hit Enter to open the Group Policy Editor;
3. Go to: Computer Configuration → Administrative Templates → Windows Components → Data Collection and Preview Builds;
4. Double-click on Allow Telemetry;
5. In the Options box, select the level that you want to configure - at least 1;
6. Then click OK.

 

Disable Automatic Updates

 

    If you want to be informed before the updates are downloaded or applied disable Automatic Updates. 

    Based on the same Group Policy disable Automatic Updates:

1. Press Windows Key + R;
2. Type gpedit.msc and hit Enter to open the Group Policy Editor;
3. Go to: Computer Configuration → Administrative Templates → Windows Components → Windows Update;
4. Double-click on Configure Automatic Updates;
5. In the properties box which opens, select Enabled;
6. From the drop-down menu select: Notify for download and notify for install (see the following figure);
7. Then click OK.

 

Applications to disable the feature update

 

    But sometimes even the ability to pause updates for 180 days isn’t quite enough. From such situations are several types of Windows 10 update blocking tools, such as:

• WinUpdates Disabler;
• Windows Update Blocker or;
• Ultimate Windows Tweaker (Security & Privacy → Security Settings → Windows → Disable Windows Update Service).  

References

[1] C. Fitzgerald, Changes to Office and Windows servicing and support, online at https://blogs.technet.microsoft.com/windowsitpro/2018/02/01/changes-to-office-and-windows-servicing-and-support/

[2] D.M. Dobrea, Windows Bluetooth system analysis – a SensorTag approach, online at http://www.blesstags.eu/2017/11/windows-ble-analysis-sensortag-approach.html

[3] D. Halfin, J. Decker, N. Brower, B. Lich, Deploy updates using Windows Update for Business, online at https://docs.microsoft.com/en-us/windows/deployment/update/waas-manage-updates-wufb

[4] D. Halfin, J. Decker, N. Brower, B. Lich, Configure Windows Update for Business, online at https://docs.microsoft.com/en-us/windows/deployment/update/waas-configure-wufb