Announcement

Collapse
No announcement yet.

How to stop Windows from updating?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    How to stop Windows from updating?

    Today my HS3 was out of commission. I got on the machine with remote desktop only to find a page encouraging me to move to Windows 11. Apparently Windows 10 pushed an update and the machine was unusable until I manually clicked through a few screens.
    Is there a convenient way to stop windows 10 (or 11) from automatically updating but still alert me? I'm happy to do the updates myself but don't want my HS3 server doing them when I am not present.

    #2
    If you Google this you will find there are some windows settings to change, but my memory is they only work if you have Windows Pro, not Home.

    Comment


      #3
      Thanks Mike. Googling suggested a few ways to do this so I'm interested in what this community has found useful. I'm also nervous about registry edits as well, so I'd like to piggyback off the experience of this community.

      Comment


        #4
        I used the "set Ethernet to metering' trick on Windows 10 Home for a long time before moving to Win10 Pro and using group policy settings. By setting the Ethernet interface used to access the internet to a metered connections, updates won't be downloaded and a reboot won't be triggered. About every two weeks or so, I'd shutdown HS, force/override the update to download any updates, reboot, and finally make sure everything came back up as expected.
        "if I have seen further [than others], it is by standing on the shoulders of giants." --Sir Isaac Newton (1675)

        Comment


          #5
          I originally used the policy settings, but I found it much easier to just block the IP addresses for the updates on the router. When I want to do an update, I just disable the rule.

          Comment


            #6
            Originally posted by Coz View Post
            I originally used the policy settings, but I found it much easier to just block the IP addresses for the updates on the router. When I want to do an update, I just disable the rule.
            What IPs do you block? Have you seen them change in the past?

            Comment


              #7
              I have the following blocked:

              .download.windowsupdate.com
              .update.microsoft.com
              .windowsupdate.com
              .windowsupdate.microsoft.com
              download.microsoft.com
              download.windowsupdate.com
              ntservicepack.microsoft.com
              stats.microsoft.com
              windowsupdate.microsoft.com
              wustat.windows.com

              ​It's not the IP address like I originally said. Those keep changing.

              Comment


                #8
                Originally posted by Coz View Post
                I originally used the policy settings, but I found it much easier to just block the IP addresses for the updates on the router. When I want to do an update, I just disable the rule.
                This is an interesting strategy, but does it prevent knowing about the updates?

                Comment


                  #9
                  Originally posted by jono View Post

                  This is an interesting strategy, but does it prevent knowing about the updates?
                  Yes. It blocks everything about updates. The device still tries to update but says it's up to date. When you disable the rule and then click to check for updates, then the updates start.

                  For my HS4 device I always wait until a few weeks after patch Tuesday before updating. I figure if there are any major issues, I will see some squawking here.

                  As for this recent update window, I'm glad I waited. Right now I'm seeing a lot of new errors on both my desktop and notebook logs. From searching online, looks like MS might have pushed out some dirty updates.

                  ​

                  Comment


                    #10
                    jono you might want to take a look at jon00's Windows Update Monitor. I use it to get notification of pending updates on several PCs on my home network so I can install them on my schedule.
                    -Wade

                    Comment


                      #11
                      Originally posted by Wade View Post
                      jono you might want to take a look at jon00's Windows Update Monitor. I use it to get notification of pending updates on several PCs on my home network so I can install them on my schedule.
                      thanks Wade. I love jon00's programs! Will this give advance notice of a forced Windows 10 (or 11) update? That is the problem I'm trying to solve as Microsoft is forcing updates when I'm not around.
                      I do note that combining your suggestion with Coz's suggestion could be a good solution if jon00's program is not using the same ip addresses as Coz's method.

                      Comment


                        #12
                        Originally posted by jono View Post

                        Will this give advance notice of a forced Windows 10 (or 11) update?
                        That's its primary function. It creates several devices for each monitored PC showing number of updates, description of each, etc. When a PC requires a reboot, the Reboot Required device is set to True so you can be notified and intervene. You can restart using the HS device control if you wish.

                        ​

                        You can also filter out certain types of updates. E.g., I don't have it notify on Defender Antivirus updates as they self-install without issue.

                        There's an executable that runs on each monitored PC that interfaces with the plugin.
                        -Wade

                        Comment


                          #13
                          There is a small utility that is supposed to keep windows from updating beyond a certain level. It was designed to keep a win10 machine from updating to win11. I am familiar with the author (Steve Gibson from Security Now on TWIT) and am confident it is not nefarious. I have had it installed for a few months but I'm not confident it fully works. However, I think it is safe to try. Maybe it will work for you.

                          The utility is called InControl. Here is a link.
                          https://www.grc.com/incontrol.htm

                          Here is the wiki about the author.
                          https://en.wikipedia.org/wiki/Steve_...ter_programmer)

                          Also, thanks to @Coz for the domains to block. I have added them into pfSense with logging so I should be able to see when it blocks them.

                          Comment


                            #14
                            Here prefer to run Windows 2016 standard server. No Windows 10-11 fluff.

                            I do run Windows 11 desktop on my tablets and prefer it over Android. That is me.

                            I have two running today and only use them for Windows apps and via RDP today. One runs Blue Iris - don't like BI so still also run Zoneminder in Ubuntu 22.04 Linux.

                            I did the same for Homeseer 2 running it on Windows server 2003 many many years ago.

                            There are a few HS users here running HS3-4 on Windows 2016 server.
                            - Pete

                            Auto mator
                            Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
                            Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
                            HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

                            HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
                            HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

                            X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

                            Comment


                              #15
                              I ran HS3 and then HS4 on Server 2012 and 2016 with excellent results until I mover to a Hometrioller Plus.. But the same principles apply to that as well... I have it set to not reboot except on manual restart and I rdp in to kick it when I need to

                              Comment

                              Working...
                              X