• Purpose
• Description
• Recommendations 
  • Configure settings at the local computer level.
  • Disable Automatic Updates through GPO.
  • Windows Update Service
  • Remove specific intranet Microsoft update service location
• Additional Information
• Affected Product(s)

Purpose

The purpose of this document is to explain the best practices for Windows Automatic Update configuration in a Shavlik environment.

Description

When Windows Automatic Update is configured to check for updates, even if it is not configured to download or install them, it can cause slow deployments with Shavlik.

Recommendations 

Configure settings at the local computer level.

Go to Control Panel> All Control Panel Items> Windows Update> Change settings and choose "Never check for updates (not recommended)" then hit OK.

Disable Automatic Updates through GPO.

1. Click Start, and then click Run.

2. Type gpedit.msc, and then click OK.

3. Expand Computer Configuration > Administrative Templates> Windows Components> Windows Update.

4. Select Configure Automatic Updates,choose Disabled, and hit Ok.

5. As GPO updates every 90 minutes, you can force this update to take effect by running the command gpudate /force.

More information on this process can be found in Configure Automatic Updates using Group Policy.

Windows Update Service

• From the local machine, open services.msc, find the Windows Update service, right-click and go to Properties. Stop the service first. Set the Startup type to Manual and then click Apply/OK to save the change.
  

• From GPO, go to Computer Configuration > Policies > Windows Settings > Security Settings > System Services. Find Windows Updates in the list, double-click to enter the configuration window. Check 'Define this policy setting' then select Manual. Click Apply/OK to save.

Remove specific intranet Microsoft update service location

• This is set in Group Policy Object Editor. Go to Computer Configuration > Administrative Templates >Windows Components >Windows Update. Find the setting "Specify intranet Microsoft update service location". If setting is currently configured, change to 'Not Configured'.
  

Additional Information

Methodology has changed in Windows 10 build 1511, 1607, and 1703. To disable Windows Automatic Updates for Windows 10 Build 1607 and 1703, view this document: How To: Disable Automatic Updates in Windows 10 1607 and 1703

Microsoft has reverted back to the methodology in this document with Windows 10 build 1709

Affected Product(s)

All Windows OS with the exception of Window 10 build 1511, 1607, and 1703