For this tutorial, we will apply group policies to disable automatic updates on client PCs.
Indeed, in business, it often happens that the installation of Windows updates and other software is managed through third-party solutions, such as Microsoft SCCM (System Center Configuration Manager).
To disable updates on client PCs, go to : Computer Configuration -> Policies -> Administrative Templates ... -> System -> Internet Communication Management -> Internet Communication settings.
In this folder, double-click on the "Turn off access to all Windows Update features" policy.
Enable this policy setting to remove Windows Update feature.
Then, go to "Computer Configuration -> Administrative Templates ... -> Windows Components -> Windows Update" and double-click on the "Configure Automatic Updates" policy.
Disable this policy setting so that Windows Update is disabled on client PCs.
Finally, go to "User Configuration -> Policies -> Administrative Templates -> Start Menu and Taskbar" and double click on the "Remove links and access to Windows Update" policy.
Enable this policy setting to block access to the Windows Update website.
As indicated in the description of this strategy.
Our GPO is created and configured, but it's not linked to any server or computer at this time.
If you display the properties of this GPO by double-clicking on it, you will see that it's part of the Active Directory domain specified above, but that it's not linked to any site or domain Active Directory nor to an organizational unit.
Therefore, this Group Policy Object (GPO) is not used at this time.
By default, security filtering is "Authenticated Users" and WMI filtering is not used.
In the "Details" tab of the GPO object, you can find out :
For the GPO state, by default, the "Computer configuration" and "User configuration" sections are both enabled, but you can also choose :
In the "Settings" tab of the GPO, you will be able to see which policies are defined in it, as well as their value.
In the "Delegation" tab of the GPO object, you can delegate the management of this GPO object if you wish.
As you can see, by default :
In the "Status" tab of the GPO object, you can find out the status of its replication on your different domain controllers if you have more than one domain controller.
Now that the GPO is created and configured, you can link it anywhere you want by right-clicking "Link an Existing GPO" on the desired item (in our case : the "RH_Computers" organizational unit).
Select the GPO object created previously.
By selecting the OU to which you linked your GPO, you will see that your Group Policy Object (GPO) is linked to it.
If you select the GPO, you will see in the "Scope" tab that it's indeed linked to a location : your "RH_Computers" organizational unit.
On the client PC, force the policy update by launching a command prompt as administrator, then typing the command :
If you open Windows Update settings, you will see the "*Some settings are managed by your organization" message will be displayed in red.
If you click on the "View configured update policies" link just below the message, you will be able to see which policies have been applied for Windows Update.
On Windows 10, you will find a program named "rsop.msc" which allows you to easily know which group policies have been applied on this client PC.
There are other official alternatives to this program, but in this case, we will use this one.
A "The resulting strategy set is being processed" window will be displayed.
While the policies data are loading, you will be able to see which user and which computer is used to obtain group policies.
This can help you find the cause of the application or not of a specific GPO.
In our case, we find, for example, the group policy "Configure Automatic Updates" located in the "Computer Configuration" section.
Additionally, "rsop.msc" tells us what value has been assigned for this policy and what GPO it's from.
Windows Server 11/12/2011
Windows Server 5/21/2021
Windows Server 9/17/2021
Windows Server 8/13/2021
® InformatiWeb-Pro.net - InformatiWeb.net 2008-2021 - © Lionel Eppe - All rights reserved.
Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.