News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • How do I block Win 11 from installing on client computers

    Home » Forums » AskWoody support » Windows » Windows 11 » Questions about Windows 11 » How do I block Win 11 from installing on client computers

    Author
    Topic
    #2392334

    We are an MSP and support many client computers, most of which are Azure AD based (not local server domain joined).  We want to block Win11 but keep getting Win10 updates.  We may want to upgrade some of them to Win11 later, after the dust settles.  I read about the registry setting that can be added, but I want to make sure that setting it does not block future Win10 updates.  Does anyone have further information about the reg setting, or another suggestion?

    Viewing 2 reply threads
    Author
    Replies
    • #2392336

      It does not block future updates, it merely keeps the machine on Windows 10.  You can remove it at a later time.

      Susan Bradley Patch Lady

    • #2392339

      Thank you Susan.  Do you know how Microsoft will handle the Win11 upgrade?  Will it push it out to users who have an acceptable computer, or will it just give them an obvious option to upgrade?  If users just reboot regularly to install the automatically set Win10 updates, are they at risk of getting inadvertently updated to Win11?

      • #2392346

        It will be an obvious offering.  Obvious to you and I, but you know how some  end uses swear they didn’t click on anything.

        From everything I’ve seen it shouldn’t be pushed/shoved, merely offered.  That said I’m putting the block in place here just in case.

        Susan Bradley Patch Lady

    • #2392430

      Cloud-based solutions

      • If you use Windows Update for Business policies, you will need to use the Target Version capability rather than feature update deferrals to upgrade from Windows 10 to Windows 11. Feature update deferrals are great to move to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1, but do not enable you to move between products (Windows 10 to Windows 11).
        • In Group Policy, Select target Feature Update version has two entry fields after taking the 9/1/2021 optional update (KB5005101) or a later update: Product Version and Target Version.
        • The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only the target version field is configured, the device will be offered matching versions of the same product.
        • For example, if a device is running Windows 10, version 2004 and only the target version is configured to 21H1, this device will be offered version Windows 10, version 21H1, even if multiple products have a 21H1 version.

      Susan Bradley Patch Lady

      • #2397126

        Along these lines: we definitely do not want anyone in the company (beyond testers) having any ability to install Windows 11. We use a 3rd-party product for patch management, and it utilizes Windows Update. What this means is that users do not see offers for Windows Update. Additionally, we have pushed the registry change that limits Windows 10 to upgrading past 20H2.

        What we have found, however, is that Windows 11 is being offered anyway to people AND if the users go to the site offered, Windows 11 downloads and installs even with the registry block in place.

        Have you seen this behavior? Is there anything we can do to prevent it?

        • #2397128

          You can use the WU group policy setting to remove the Windows update GUI/UI interface on the workstations.

          Group Policy User setting:  Administrative Templates / Windows Components / Windows Update / Remove access to use all Windows Update features = Enabled.

          Susan Bradley Patch Lady

          • #2397151

            Thank you. We do not use GPOs here because 50% of our 5500 employees are 100% virtual and everyone is “connected” via Google Business Services rather than machines physically plugged into an intranet (we are all on a Windows domain to be sure, but hundreds of our folks only connect to the domain via cable or VPN a few times a year, so pushing GPOs is… unrewarding).

            Is there a registry push instead that would achieve the same thing?

    Viewing 2 reply threads
    Reply To: How do I block Win 11 from installing on client computers

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.