While security patches are very important especially when 0day exploits are released. Sometimes we want to manage and have control over our Windows updates (personal use). This post is going to demonstrate how to disable the ‘Auto-Reboot’ function and allow us to manually install Windows Update at our convenience.
While these changes to the registry are pretty straight forward and low-risk it’s always a good idea to take a backup. You never know!
Configure Automatic Updates Group Policy
In this step we are telling Windows that we want to download and install them when we are ready.
- Hit the Windows Key (or click on Start) and type ‘gpedit.msc‘, the group policy editor will open.
- Navigate to Computer Configuration – Administrative Templates – Windows Components – Windows Update
- In the right side pane find ‘Configure Automatic Updates‘ and open the policy.
- Once opened click on ‘Enabled‘ button, then click ‘Apply’ then ‘Ok’.
Configure the No Auto-Restart Group Policy
In this step, Windows will not automatically reboot due to updates. This is great because Windows does not always open all applications that were open nor places them where they were pre-reboot.
- Navigate to the same location as previously mentioned.
- Locate the policy named ‘No auto-restart with logged on users for scheduled automatic update installations.’
- Click on the policy and click on ‘Enabled’
- Click ‘Apply’ then ‘Ok’.
For these changes to take effect a reboot will be required OR we can run a command in the command prompt.
- Click on start and type ‘cmd‘. The command prompt should open.
- In the command prompt window type ‘gpupdate /force‘.
This will update the local group policy without needing to reboot the client machine.
Lastly, in the Windows Update settings in ‘settings’ there is now a statement stating that ‘Some settings are managed by your organization’. This can be ignored. In this instance this means that you have control over updates, not Microsoft.
I hope this helps. Cheers!