Automatic Update Group Policy Being Ignored

Topic

New Reply

Another Windows 10 2004 glitch I’ve noticed following my recent reinstall, is that despite the Group Policy for Windows Update Checking being set to “disabled” on the local computer policy section, updates are still checked for daily.

I’ve looked for KB 4023057 in installed updates, and it’s not there, so I just wondered if anyone else is seeing this behaviour, and if so – any fixes?

 

Best,

Marc

Reply | Quote

Replies

Look in the Settings App under Apps. I believe KB 4023057 installs as an App.

Reply | Quote

Thanks PKCano – just checked, no luck. No apps listed beginning with KB or containing those digits.

Best,

Marc

Reply | Quote

I don’t think it is called “KB something”
Look for a name implying MS helper.
Try the Control Panel/Add Remove Programs

Reply | Quote

Hm – nothing that implies a helper. Closest I’ve got to that is a Microsoft app called “App Installer”.

In the event log I have several installer messages from “Windows update service”. One relates to a game update, and the others are all phone updates (I use the Xbox Gaming service, but I don’t use the phone service).

 

Reply | Quote

Perhaps you didn’t get that on – you don’t want it!!
I can’t tell you what it’s called. I have never let it on my machines

Reply | Quote

Try the uninstall procedure given in the link already given by PKCano relevant to your OS bitness, it’ll do no harm if it’s not there and should remove the kb if it is:
#2299292

Update removal information

To uninstall this update, follow these steps:

Click Start and then type cmd.exe.
Right-click Command Prompt and then click Run as administrator.
In the Administrator: Command Prompt window, type one of the following commands as appropriate for your system:
For ARM-based systems: msiexec.exe /x {9C2C39FE-FDA8-4024-AE74-F06716B22D58}
For x64-based systems: msiexec.exe /x {32DC821E-4A7D-4878-BEE8-337FA153D7F2}
For x86-based systems: msiexec.exe /x {5F01BF33-E873-4B83-B2CC-E4DEF494073E}

Windows - commercial by definition and now function...

Reply | Quote

Sorry PKCano – not sure what you mean. App Installer?

Reply | Quote

App Installer is not the right one.

Reply | Quote

Nice thought Microfix :-). I just tried that and it popped up a dialog box asking first if I was sure I wanted to uninstall (I clicked “yes”) and then another one stating uninstall had failed, as only apps that are installed can be uninstalled. I’m guessing it’s not there.

Reply | Quote

OK PKCano … well, there’s nothing else that looks even remotely suspicious.

Reply | Quote

[Alex5723]

MarcVRML wrote:

well, there’s nothing else that looks even remotely suspicious

1909 Pro. I don’t care for Windows 10 checking for update.
GP set to Notify don’t download = 2
Feature updates = 365
Quality updates = 21

• This reply was modified 4 years, 8 months ago by Alex5723.

Reply | Quote

Thanks Alex5723. I just searched my apps list, and the only 2 programs I have with the word “update” in the description are “Apple Software Update” and “Microsoft Edge Update”.

 

Reply | Quote

I had Windows Update ignore my group policy settings yesterday, although my situation is different than the OP’s. I have GP set to download only with quality update deferrals at 15 days and the feature update target version set to 2004. I rarely open the Windows Update app and hadn’t yesterday until I saw the system tray icon indicating Windows Update wanted to reboot the machine. So, I know I didn’t click “Check for Updates”. Also, I normally manage Windows Update using PowerShell (the PSWindowsUpdate module), but I didn’t open PowerShell yesterday until after I saw the reboot icon. Even if I had, the tools I use have always respected the GP settings, i.e., I won’t see updates if they’re still in the deferral window. Just for clarity, I’m using Windows 10 Pro 2004.

So, after I noticed the reboot icon, I first opened the Windows Update Settings app. It showed that both the Windows CU and the .NET CU for November had been downloaded, installed, and that a reboot was necessary to finish the installation. PowerShell showed the updates had been downloaded. I don’t know how long the icon had been present before I saw it, but I didn’t see it until later in the day (it was late afternoon or early evening). I did ultimately reboot the PC to let the updates install and that all happened without incident. After the install, the Control Panel showed that the November SSU had also been installed.

I use this computer every day and, up until yesterday, the GP settings had been respected. But, yesterday was only day 12 since Patch Tuesday, so I should not have seen any available updates nor, in theory, should they have been automatically downloaded and installed. I generally check for available updates every few days or so in PowerShell and I had not been offered any of these updates on any of the previous days since November’s patch Tuesday. I do note on the Windows Update screen there is this warning: “We’ll ask you to download updates, except when updates are required to keep Windows running smoothly. In that case, we’ll automatically download those updates.” I don’t know if it matters, but I do have “Chredge” installed and it updated on 11/21.

Today, I’ve done sfc /scannow and the various dism /online /Cleanup-Image /*Health options. The sfc run did find a few problems, but none of them were related to Windows Update. None of the dism “*Health” runs found anything.

I’ve been trying to recall if I did anything yesterday that would have caused these GP settings to be ignored, but nothing comes to mind. If you want me to recap the things I remember doing, I can do that.

The last thing is I’m being offered Windows 20H2 in the Windows Update Settings app, which is new since the last time I had looked in there. Maybe this is normal behavior with no feature deferrals set and only the target release version set. Prior to 2004, I used the feature deferral settings. In PowerShell, I don’t see the feature update as being available.

Reply | Quote

I am surprised you apparently do not have Group Policy setting:
Computer Configuration\Administrative Templates\Windows Components\Windows Update
Configure Automatic Updates = Enabled, value = 2 (notify download/install)

The “2” setting prevents the updates from downloading until you click the “Download” button. That way, you are not surprised by an unexpected restart. If the updates haven’t downloaded, they can’t install.
Check out AKB2000016 Guide for Windows Update Settings for Win10, Sections 3 and 5. There are links to other information and also screenshots below/

Reply | Quote

From my post, “I have GP set to download only”.

Reply | Quote

If they are not downloaded they can’t install.
You are asking for it if you give them a chance! IMHO.

Reply | Quote

I don’t mean to be rude, PKCano, but you’re having reading comprehension problems today.

I do have GP set to 2-Download Only.
Despite that, Windows Update downloaded and installed, without my involvement, November’s SSU, Windows CU, and .NET CU.
This was also in contravention of the other GP setting to defer quality updates for 15 days. Yesterday was only day 12.
Which begs the question of what was special about yesterday? Because my GP settings were respected for days 0 through 11.

The whole point of posting to this topic was because Windows Update ignored my Group Policy settings.

Reply | Quote

I have GP set to download only with quality update deferrals at 15 days and the feature update target version set to 2004.

There is no mention of the “2” setting in your post. The “2” setting is “Notify download and auto install” With “2” there is no download only – it doesn’t download.

There are settings for “download only“:
3 = Auto download and notify install
4 = Auto download and schedule install
7 = Auto download, notify install, notify restart

Perhaps you weren’t clear about your settings.

Reply | Quote