Disable Windows 10 Upgrade for Workstations on an Active Directory Domain via Group Policy
Microsoft has started to push the free upgrade to Windows 10 on small business domains. I thought this might be a good time to post a short reminder on how to prevent this. If you are using WSUS and have not accepted updates KB2952664 and KB3035583 then you should be safe for now.
I tend to be a bit paranoid so went ahead and pushed the blocking registry keys out on those clients with WSUS anyway . . .
According to Microsoft you can block this upgrade entirely on all workstations on your network, as well as turn off the nagging upgrade popup/notification, with two registry key additions.
If you are running a Domain Controller / Active Directory you can push these simple registry keys to all computers under that server. Alternately you can download and install an update on the AD Server and push the same settings out with a new template. I chose to use the simple approach for now.
The two keys we want look like this – and you can manually import these into any workstation running Windows 7 or 8.1 to prevent upgrades – no domain needed.
Note the Odd CaPitaliZation on the keys below – they must be entered exactly as shown.
1 2 3 4 5 6 7 |
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\GWX] "DisableGwx"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate] "DisableOSUpgrade"=dword:00000001 |
To push these out via Group Policy:
1) on the domain controller server open the Group Policy Management console (gpmc.msc).
2) for our purposes we will Edit the Default Domain Policy
3) navigate to Computer Configuration, Preferences, Windows Settings, Registry
4) right click Registry and select New, Registry Item
5) Create an Update rule for HKEY_LOCAL_MACHINE
with Keypath: SOFTWARE\Policies\Microsoft\Windows\GWX
and Value: DisableGwx
And Type: REG_DWORD
and Value Data: 1
Click OK and lets do the second key!
6) Same place – right click Registry and select New, Registry Item
7) Create an Update rule for HKEY_LOCAL_MACHINE
with Keypath: SOFTWARE\Policies\Microsoft\Windows\Windows\Update
and Value: DisableOSUpgrade
And Type: REG_DWORD
and Value Data: 1
Here’s what you should see when you check your work (right click the below image and View to see it all)
And here is the test on a client machine after forcing a Group Policy update:
Remember to reboot all the clients – this policy is delivered during startup of the target machine, also reboot if you manually applied these registry keys.