Allow only manual updates on Windows 10

Microsoft removed updating controls when it released the Windows 10 operating systems so that it has become less trivial to set the updating process to manual or disable updates altogether. This is true especially when it comes to Windows 10 Home.

One of the better solutions to regain controls over updates was to disable the Windows Update service, and enable it only when you wanted the system to find and install updates.

Microsoft changed that workaround in the Fall Creators Update version of Windows 10 however closing that loophole effectively.

There is another option that is still available, but it requires changing permissions of the program that is responsible for the update checks. Good news is that this won't affect manual checks for updates, but that it will prevent any automatic checks for updates.

There is also a reset option available, but I recommended that you create a backup of the system partition before you make the changes to the Windows 10 system.

Set Windows 10 updating to manual

windows 10 automatic update task

Windows 10 has a task that uses the program C:\Windows\System32\UsoClient.exe to check for updates regularly and automatically.

You find the task under Task Scheduler Library > Microsoft > Windows > UpdateOrchestrator > Schedule Scan in the Windows Task Scheduler.

The task has several triggers: one that runs it once per day, one that runs it aver event log id 8202, and the third is a custom trigger.

The following workaround removes all permissions from the file UsoClient.exe. The update check that is triggered by tasks fails because of this.

Note that this won't affect Windows Defender signature updates, as those will still be downloaded and installed automatically.

Disable automatic updates

usoclient.exe remove permissions

  1. Tap on the Windows-key to bring up the Windows Start menu.
  2. Type cmd.exe, select the result, hold down the Ctrl-key and the Shift-key, and tap on the Enter-key to load an elevated command prompt. You can also right-click on cmd.exe and select "run as administrator if you prefer that.
  3. Confirm the UAC prompt that is displayed.
  4. Run the command takeown /f "%WINDIR%\System32\UsoClient.exe" /a
  5. This takes ownership of the file and assigns it to the administrator group giving you control over the file.
  6. Now run icacls "%WINDIR%\System32\UsoClient.exe" /inheritance:r /remove "Administrators" "Authenticated Users" "Users" "System"
  7. This removes permissions for the selected groups of users from the file. Note that you may need to change the English group names if you use a non-English edition of Windows.
Read also:  Windows 10 Build 16199: emoji on the desktop, yay!

You should get success messages, but you can verify that all permissions have been removed by right-clicking on 'C:\Windows\System32\UsoClient.exe, selecting properties from the context menu, and switching to the Security tab when the properties window opens.

usoclient no permissions

Next time when Windows 10 triggers the event, you should get a "access is denied" error message under last run result in the UpdateOrchestrator task listing.

You can still run update scans manually by opening Settings > Update & Security.

Restoring the permissions

You can restore the permissions of the file at any time:

  1. Open an elevated command prompt as outlined above.
  2. Run the command icacls "%WINDIR%\System32\UsoClient.exe" /reset
  3. This command resets all permissions of UsoClient.exe, so that automatic update scans can be run again.

Now You: No, manual or automatic updates? How is your system configured? (Thanks Deskmodder)

Summary
Article Name
Allow only manual updates on Windows 10
Description
Find out how to set the Windows Update functionality of the Microsoft Windows 10 operating system to manual from automatic.
Author
Publisher
Ghacks Technology News
Logo
Advertisement
Please share this article

Facebooktwittergoogle_plusredditlinkedinmail


Filed under:


Responses to Allow only manual updates on Windows 10

  1. hallmike December 3, 2017 at 6:12 pm #

    I've been using a 3rd party tool to block automatic updates, this but will give this a try.

    • Snowsky December 4, 2017 at 12:22 am #

      What tool do you use to block the updates?

      • Simon December 5, 2017 at 6:18 pm #

        PLEASE PLEASE advise what 3rd party tool blocks updates in W10 Home?

  2. TelV December 3, 2017 at 6:14 pm #

    Somehow or other I can't imagine Microsoft giving up control of downloading what they think you should have on your machine. So although your tip sounds like a good one Martin I would imagine it'll be shortlived I regret to say.

    • Mola Ram, CEO Microsoft December 4, 2017 at 1:32 am #

      They haven't yet figured out how to force Enterprise and LTSB customers to update. Those two versions along with the Chinese version allow control of updates.

      • ilev December 4, 2017 at 9:20 am #

        What about Windows 10 Workstation which has users full control, no telemetry, no force updates, no Cortana...

  3. kosmos December 3, 2017 at 6:22 pm #

    I usually use metered connection on Windows 10 Home. Might try to use this if there's any problem in the future.

    Thanks for sharing.

  4. Jeff December 3, 2017 at 6:56 pm #

    The problem with Windows 10 is the monstrous size of updates and the frequency of update, not that it's forced and automatic. Manual or automatic - we still have to finish that shit - several GBs of no value wasting bandwidth, CPU, disk. Rinse and repeat. And then there's the UI which is completely horrid. With such a horrid fundamentally flawed experience, I don't see PC sales going up any time soon. Yes people are "upgrading" to Windows 10 and buying new PCs when they absolutely have to because they're forced to - Microsoft left them no choice. At some point, Microsoft will have to get even more aggressive with their blackmail, maybe start charging money for a Windows subscription or some other trick to make users "upgrade" the hardware more regularly. This should lead to even lower PC sales. Hope the shareholders see good sense and realize the CEO Nadella is screwing up things and hope they fire the CEO for killing PC sales after a few years. His only achievement is Azure, while Windows is getting worse ever since he took over from Ballmer. Microsoft's shareholders have to decide - how important is the PC industry to Microsoft? Are they happy with putting all their eggs in the Azure basket?

    • seeprime December 3, 2017 at 7:38 pm #

      Microsoft's stock priced climbed when Nadella announced, some years back, that the Enterprise is where Microsoft is putting their focus. QA testers were laid off and the consumer became the final quality control check before updates are sent to the high paying Enterprise customers. Home users are nothing more to Microsoft than a way to get $40 out of an OEM, and then are used as live QA testers for the big money customers. They're out to add shareholder value. That's been done.

      • John C. December 4, 2017 at 9:03 am #

        Yes, but this won't continue for long as people decide increasingly that using a PC simply isn't worth the hassle and give up computing or move to Linux. Treat the people like crap and it will come back to bite you in the A**.

      • BM December 4, 2017 at 4:16 pm #

        @John C - if you include Android, and, for iOS, going back to NeXTSTEP (Unix based, pre-Linux), one could argue it is already happening.

        Windows has reached such critical mass and momentum that the choices are effectively it or Mac for desktop for the average person out there.

        In other words, it would take a revolution (e.g. smartphones) to overthrow that mass and momentum.

    • Noel December 4, 2017 at 12:48 pm #

      @JohnC,
      Switching over to Linux isn't so easy as you think. You may be a geek and knows how to use Linux. I have been trying to switch over to Linux for almost a decade and I keep coming back to Windows. Now I have given up on that idea completely.
      Not because I like it but because the kind of answers I get on Linux boards to the newbie questions. So unless the attitude of Linux users changes towards the newbies, it ain't going to change. This is for sample size, N=1 and I have seen quite many new Linux users switching back to Windows. Just surf through various Linux boards and it won't take long to realize.

      • Sophie December 4, 2017 at 6:57 pm #

        Agreed! I would be classed as a total Linux newbie, whereas with Windows, I consider myself very knowledgeable indeed. Always things to learn, but I'm good.

        But with Linux, every time I've gone to it, I'm out of my depth, don't really like it, can't make it do what I want, can't make it do what I can make Windows do.....and I soon drift away.

        Life is just too short!

    • John Fenderson December 6, 2017 at 9:30 pm #

      I think the forced and automatic part is much worse than the size of the updates, personally. They mean that I can't trust machines running Win10. Partly because things can (and do) change out from under me, and partly because the damned reboots have caused me endless grief (and nothing I do seems to stop them).

  5. Dave December 3, 2017 at 7:14 pm #

    What do you mean they have disabled the loophole to disable the Windows Update service? It is not possible to disable services in 10 now?

    • Bill December 3, 2017 at 9:56 pm #

      I am still able too disable Windows Update in services, although I don't. version 1709.

      • db December 4, 2017 at 6:10 am #

        you can disable that service but there are several other channels that win10 uses to detect and download updates. There are quite a few steps needed to really lock down a win10 machine from updating itself. Im adding this one to my arsenal.

      • Sophie December 4, 2017 at 6:59 pm #

        You have to be careful and watch it! Windows many times, can turn services back on for updates/bits, etc.

        I finally consider that this is not going to happen to me, after tracking down those issues that caused it to turn back on, and I finally think it is well and truly OFF and not turning back on again. Got to watch it though!

  6. Roger December 3, 2017 at 7:53 pm #

    In Windows 10 Pro you can configure updates via Gpedit, disable auto restarts and so on. Windows 10 doesn't look that bad after that.

  7. Yuliya December 3, 2017 at 8:06 pm #

    This option has always worked for me 😊
    imgur.com/wQhQTvv

  8. CHEF-KOCH December 3, 2017 at 9:35 pm #

    My Solution to workaround this, because since 1709 (Creators Update) an easy reg tweak won't work anymore. However in Ent/Pro version you can still use gpedit.msc which works. This little batch file should work, which then disabled it and you can download the updates manually or use WUMT.

    rem Prevent device meta-data retrieval from the Internet / Do not automatically download manufacturer's apps and custom icons available for your devices
    reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Device Metadata" /v "PreventDeviceMetadataFromNetwork" /t REG_DWORD /d "1" /f
    sc config DsmSvc start= disabled

    rem Do you want Windows to download driver Software / 0 - Never / 1 - Always / 2 - Install driver Software, if it is not found on my computer
    reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\DriverSearching" /v "SearchOrderConfig" /t REG_DWORD /d "0" /f

    rem Specify search order for device driver source locations
    reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\DriverSearching" /v "DontSearchWindowsUpdate" /t REG_DWORD /d "1" /f
    reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\DriverSearching" /v "DriverUpdateWizardWuSearchEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Disable driver updates in Windows Update
    reg add "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate" /v "ExcludeWUDriversInQualityUpdate" /t REG_DWORD /d "1" /f

  9. Henk van Setten December 3, 2017 at 10:08 pm #

    Windows 10 territory is like occupied France in the late summer of 1940. We're beyond the Dunkirk Beach stage right now, when the defenders were cornered with no way out but the sea, and a haphazard fleet of tiny yachts and fishing boats tried to rescue what still could be saved. This improvised solution worked very well for just a few days, but then the power of the attacking tank and air divisions established full control. After this defeat, a mass escape from occupied territory was no longer possible. All that could be done from then on, was futile resistance by a handful of brave small underground groups, in the form of relatively minor sabotage acts like blowing up a railway line here or robbing a distribution center there -- on occasion.

    Solutions like the one described in this article are just like those brave sabotage acts of the French Maquis resistance. Excellent work, but this does not change the sad fact that by now most Windows 10 users are firmly locked within occupied territory, with few effective means to escape in large numbers. Just like the French in 1940.

    Luckily for that French population, just four years later Eisenhower, Montgomery and De Gaulle appeared with newly reinforced troops from oversea -- coming back on D-Day to liberate them from the outside.

    Will Linux developers play a similar role here? I myself find it doubtful, and such a D-Day will not happen very soon -- certainly not in four years time. I'm afraid Linux still is (I have to admit it) too primitive and unpolished to gain true popularity and strength. For one thing, it lacks applications power. It does not have a Jeep yet, and certainly no Sherman tank.

    Nevertheless, my dear Windows 10 users, if you could live without the eternal charms of now-occupied Paris, you might consider emigrating through Vichy and Marseille to Guadeloupe. For the time being, such difficult routes appear to be still open (to a lucky few). Then at least you will be free. Even if it must be in some temporary shanty town instead of your beloved Paris.

    PS Please do not accuse me of throwing a Godwin. Come on now. This was just meant as a kind of apt analogy. So let me state clearly I do NOT want to accuse Microsoft of being the ultimate Evil -- although of course their greed is obvious, their lust for monopoly and total control is undeniable, and their theft of private data has become systematic practice.

    • Sophie December 4, 2017 at 7:04 pm #

      Convoluted, but also well said!!

    • Marq December 6, 2017 at 11:07 am #

      Or you could move to that brave, tiny Asterix-village. I just run W7 ultimate-64 without any issue- ever.

  10. dark December 4, 2017 at 12:27 am #

    So disabling Windows Updates from services.msc no longer works starting from Windows 10 FCU?

  11. Karl O. December 4, 2017 at 12:29 am #

    From day one on this works till today:
    HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    NoAutoUpdate 1(DWORD)
    HKLM\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows\WindowsUpdate\AU
    NoAutoUpdate 1(DWORD)

    Simply as that!

    • CHEF-KOCH December 4, 2017 at 1:24 am #

      Won't work in 1709 as I meantion above.

    • throkr December 4, 2017 at 3:11 am #

      Same here; different way : AUOptions 2 (DWORD)
      Installation of drivers through WU is disabled too.
      Configured with the excellent Winaero Tweaker.

  12. throkr December 4, 2017 at 3:55 am #

    Same here, different way :
    HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    AUOpPtions 2 (DWORD)
    Installation of drivers through WU are disabled too.
    Configured with the excellent Winaero Tweaker.

  13. Sam December 4, 2017 at 4:30 am #

    Do your security updates or stay off of my internet.

    • Martin Brinkmann December 4, 2017 at 6:57 am #

      Security updates are important, there is no doubt about that. What I (and others) dislike is that Microsoft removed controls from Windows that put users in control. I want to decide when updates are installed.

      • Sophie December 4, 2017 at 7:08 pm #

        Yes Martin, but the problem is the loss of trust is now so great, that some of us (+me) simply cannot even bring ourselves to do that (security updates). Microsoft cannot be trusted 0.0000001% with my install.

        In mitigation, I use every trick in the book I know about to protect myself (including common sense), and I use a VM, and I clone extensively.

        So no security updates for me, and if the worst should happen, I feel I'm covered and can roll back to many many historical points in time, via Macrium Reflect.

        To Microsoft...........keep away please. You've abused our trust, and that trust is not coming back.

      • Jody Thornton December 9, 2017 at 3:09 am #

        The only issue @Sophie (although I agree Microsoft is becoming somewhat more heavy-handed with its update approach) is that Windows is Microsoft's property, and we are to use it under license. By blocking updates because Microsoft is not to be trusted with one installation, well wait .... are we not disregarding the use of the license agreement? Shouldn't Microsoft be able to say that as a service, Windows should remain updated and in turn Microsoft is granted permission to collect usage statistics for advertising and sales purposes?

        Who are we to say what is "allowed".?

  14. John C. December 4, 2017 at 9:07 am #

    Google Chrome was a testbed to see if the general population of sheeple would accept forced updates. As usual, the lowest common denominator won and MS went with forced updates in W10. I'll never have a computer with Windows 10 on it, am going to finally make the shift to some Linux distro. Also don't forget that BSD is out there too.

  15. dark December 4, 2017 at 9:46 am #

    Linux Mint or Manjaro is a great way to start.

  16. curious_8 December 4, 2017 at 9:51 am #

    I use Windows Update blocker a small Portable freeware , One click solution here is the link
    https://goo.gl/jQGYuT

  17. aaabbbccc December 4, 2017 at 10:22 am #

    Try http://www.site2unblock.com/win-updates-disabler/

  18. RCL December 4, 2017 at 11:23 am #

    To me it's not the aggregate value of the updates that is questionable. The issue I have is the increasing number of firms borrowing from the government's playbook and taking control away from the consumer. If I own something I want complete control to do even "stupid" things with it. After trying to deal with Windows 10 and its unbelievably heavy-feeling user experience, I finally made the switch to Linux and am very glad I did. I was worried a bit about compatibility, but running a VirtualBox on Windows 7 takes care of that.

  19. Robert December 4, 2017 at 6:42 pm #

    When the disabled Windows Update service suddenly started to be ignored by Windows I had to set my Ethernet and Wifi connections as metered in every computer. I hope they won't remove this option.

    • Sophie December 4, 2017 at 7:11 pm #

      So you're saying that you've "actually" seen it being ignored?

      I'm on 1607, stable as a rock, and not experiencing any "restarting" of that service. Thank goodness!

  20. Adrian Kentleton December 5, 2017 at 11:46 am #

    I'm a bit puzzled by the statement that it's impossible to disable Window Update nowadays. I'm using W10 Home 64bit, v1709 b16299.98 on an unattended server, and run a batch file to enable and launch windows update, then stop and disable it when done. Works fine. I check every few days for updating purposes; no updates have taken place between times:

    @echo off & :: 171205
    title Controlling Windows Update
    sc config wuauserv start= demand > nul
    sc start wuauserv > nul
    control /name Microsoft.WindowsUpdate
    echo. & echo Press any key to stop/disable update service ...
    pause > nul
    sc stop wuauserv > nul
    sc config wuauserv start= disabled > nul
    exit

  21. John.Doe December 7, 2017 at 3:00 am #

    I bought a new computer last month ...

    I used my WIN7Home key and I was able to activate the version of WIN.10HOME

    I found out that my computer only supports WIN.Win10_1607 (Windows 10 Anniversary Update, or Windows 10 Version 1607 (build 10.0.14393), codenamed "Redstone 1") and up ...

    So I installed Win10_1607 and then Win10_1709 and activated it on my account on line with my e-mail...

    So I installed Win10_1607 at the time of doing the update I managed to cancel after having installed some things and refused the Update of 4 gb ...

    I realized that WIN.Home creates 3 user account profiles... 1 is temp...

    I deleted one and left 2 (One local and the other with the local user name that I put) and then ...

    And I used this tip below ...

    If you are Windows 10 Home Edition then try this method to disable updates through Windows services.
    Right-click on Windows Start button and select "Computer Management" option from the menu.
    On the Computer Management window in left-panel, expand "Services and Applications" option and then select "Services". All the running and disabled services will be listed in right-side panel.
    From services list, find a service with the name "Windows Update". Right-click on this service and select Stop if this service is already running.
    Now, to make sure this service will not run again on Windows startup. So, right-click again on it and select Properties option. On the Properties window, select "Disabled" from the "Startup type:" drop-down menu. Click OK button to apply changes.
    Now, when you try to check for updates from Windows 10 updates then you will see problem installing updates 0x80070422 error.

    I entered in my email I removed the machine from my account in Outlook's e-mail management devices...

    along with this tip ...
    I used getwpd.com and removed all applications and stores and blocked WINDOWS.UPDATE.!!!!!!!!!

    And I removed all the junk from stupid apps from the crappy and store in windows 10 HOME.

    It worked...

    The only thing I wanted in my life was to use Linux and Photoshop ...

    I tried using GIMP it's a hell ....

    **********************************************************
    Oh to solve the start button on home edition with this Windows 10 Creators Update, or Windows 10 Version 1703, codenamed "Redstone 2"...

    How to fix not working Windows 10 Start Button ?

    Windows 10 is next version of Windows operating system from Windows NT family. Technical preview of windows 10 was launched in middle of October. Just after its releasing there are so many bugs and issues found in this operating system.

    One issue is related to its start button. Many users complained that start menu button not works in new version of Windows 10. After installing or upgrading the Windows 10 Technical preview, Windows start button failed to launch.

    According to latest discussions on Microsoft technical forum it is now known issue and solution of this issue is found. There is a registry key fix for this issue. You add one new Dword value in your registry and restart your computer, and this issue will be solved.

    In few cases this got fix by simply restarting the current running explorer process from task manager. Latest windows update has automatically fixed this issue. But if your problem still persist than you can apply below method.

    Follow following steps :

    1. Go to run (Windows + r)
    2. type regedit and press enter.
    3. click ok when notification window prompt.
    4. Go to HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Explorer>Advance
    5. Create a Dword with name ‘EnableXamlStartMenu’.
    6. Give it value 0
    7. Log off and login again.
    Your start menu should work now.

  22. John.Doe December 7, 2017 at 3:42 am #

    I bought a new computer last month ...

    I used my WIN7Home key and I was able to activate the version of WIN.10HOME

    I found out that my computer only supports WIN.Win10_1607 up

    So I installed Win10_1607 and then Win10_1709 and activated it on my account ...

    So I installed Win10_1607 at the time of doing the update I managed to cancel after having installed some things and refused the Update of 4 gb ...

    I realized that WIN.Home creates 3 user account profiles I deleted one and left 2 (One local and the other with the local user name that I put) and then ...

    I entered in my email I removed the machine from my account in Outlook's email management ...

    And I used this tip below ...

    If you are Windows 10 Home Edition then try this method to disable updates through Windows services.
    Right-click on Windows Start button and select "Computer Management" option from the menu.
    On the Computer Management window in left-panel, expand "Services and Applications" option and then select "Services". All the running and disabled services will be listed in right-side panel.
    From services list, find a service with the name "Windows Update". Right-click on this service and select Stop if this service is already running.
    Now, to make sure this service will not run again on Windows startup. So, right-click again on it and select Properties option. On the Properties window, select "Disabled" from the "Startup type:" drop-down menu. Click OK button to apply changes.
    Now, when you try to check for updates from Windows 10 updates then you will see problem installing updates 0x80070422 error.

    along with this tip ...

    I used getwpd.com and removed all applications and stores and blocked WINDOWS.UPDATE.

    And I removed all the applications of this windows 10 HOME.

    It worked...

    The only thing I wanted in my life was to use Linux and Photoshop ...

    I tried using GIMP ....

  23. birmingham December 7, 2017 at 8:35 am #

    After reading this and other Windows 10 related articles and all the comments ... I'm well aware that Linux is still and for many users not the expected replacement for their homelike Windows environment. Even for me Linuxes are still the 2nd choice to use, more because of buggy, underdeveloped software issues, incompatibilities and such.
    BUT still finding the Linux-Geek card played here seems so ridiculous to me ... just to mention this one point here, the Windows 10 Update Drama. Since W10 rolled out I read tons of headlines, articles about update 'problems', sometimes caused by intentional and shady MS tricks..., further many How-To articles about workarounds, tools and settings, which basically might help to protect your personal computer, setup, data, etc. against the selfish operating system on it.
    Well, while Linux isn't the ideal OS for me, I can't say I read so much bad news about it as I read about W10 and its own new updates geekworld, so please, Windows users, don't call me a geek anymore for using an OS without permanent update drama at least and rather have a look on yourselves.

    • John Fenderson December 8, 2017 at 1:42 am #

      Personally, I pretty much ignore people who say "switch to my favorite OS". The best OS for a person to use depends on too many things that can differ from person to person to make a blanket recommendation. In the immortal words of Three Dead Trolls in a Baggie, "every OS sucks". Only you can decide which flavor of suck is best for you.

      Me? I run Linux exclusively on my personal machines and servers. But I have no way of knowing whether or not anybody else should.

    • John.Doe December 14, 2017 at 3:06 am #

      Hello
      I can tell you that all programs I use except for Photoshop and Windows are alternative programs like 7-zip-comodo Suite-handbreake-daun pot player- Libreoffice anyway everything except windows and photoshop I could not get alternatives that I can use and I have to thank Linux and a lot these people who give us free alternatives are not always like high end programs but it's better than nothing...

Leave a Reply