Jump to content


shawn.pederson

Windows 10 GPO - Disable Access to PC Settings > Update & Security?

Recommended Posts

Anyone know how to prevent users from accessing PC Settings > Update & Security?

 

post-14550-0-80494400-1456249821.jpg

 

Either that or disabling the Windows Update "Check for updates". I don't want users manually checking Windows Update servers for these as we have SCCM in place.

 

post-14550-0-13901400-1456249842.jpg

Share this post


Link to post
Share on other sites


Received a response from MS:

Once WSUS (and SCCM) is configured on the client machine, when the user clicks “Check for updates” it will contact the WSUS server to see if any new updates are available. However; a new box appears asking the users to “Check online for updates from Microsoft Update” you can see this on your MSIT build.
To disable this checkbox the customer will need to use the registry setting “DisableWindowsUpdateAccess” and set it to a value of 1.
This registry key and details can be found here:

 

 

I was able to confirm this by:

  1. Ensuring SCCM had available updates.
  2. Clicking the "Check for updates".
  3. Running the Power Shell script "Get-WindowsUpdateLog" on the client - dumps the log file to the desktop.
  4. Reviewing that it was in fact looking to our SCCM server.

post-14550-0-09130600-1458149414.jpg

 

I then added the registry key (via Group Policy) to point to our internal SCCM/WSUS server as the SCCM client was taking too long to do it automatically.

 

To redirect Automatic Updates to a WSUS server:

  1. In the Group Policy Object Editor, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update.
  2. In the details pane, click Specify Intranet Microsoft update service location.
  3. Click Enabled and type the HTTP(S) URL of the same WSUS server in the Set the intranet update service for detecting updates box and in the Set the intranet statistics server box.
  4. For example, type http(s)://servername in both boxes, where servername is the name of the server. If the port is not 80 for HTTP or 443 for HTTPS, you should add the port number: https://servername:portnumber.
  5. Click OK.

https://technet.microsoft.com/en-us/library/cc708574(v=ws.10).aspx

 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...