Upcoming changes to Windows Update for Win11 (and Win10 21H2?)

Topic

New Reply

Section 1: General Group Policy changes between Win10 and Win11.

This will probably be my last contribution to Windows Update guidance. I have been running an Insider Preview in a Parallels VM on my MacMini but none of my computers (even my 3-year-old iMac4K with a Kaby Lake i7, 32GB RAM, and Radon Pro graphics)  qualify for Win11 or the Win11 Insider Program.

There are many changes to Group Policy, and the resulting Registry settings, coming with Win11. And it is my guess they will also be similar changes in Win10 beginning with v20H2.
For those using Group Policy to control Windows Update in Win11, these are a few of the changes:

In Win11 Group Policy,the “Windows Update” folder contains four new folders – “Legacy Policies,” “Manage end user experience,'” Manage updates offered from Windows Server Update Service” (WSUS), and “Manage updates offered from Windows Update.” There is no longer a “Windows Update for Business” under “Windows Update”
1. “Legacy Policies” include settings for installation, restarts, and notifications, and what the user can see.
2. “Manage end user experience” – contains more about installs and restarts around active hours, what settings the user can see, and “Configure Automatic Updates” with the “2” setting for (notify download/install.
3. “Manage updates offered from Windows Server Update Service” (WSUS) is settings for bussiness use of WSUS.
4. “Manage updates offered from Windows Update” is much of what used to be” Windows Update for Business” including deferrals and pauses for Quality/Feature Updates and Preview Builds as well as the settings for TRV.

For illustration purposes, I will post screenshots of Win10 and Win11 main “Windows Update” Group Policy settings to demonstrate the differences. Below are the individual settings for Win11. For the differences in the individual settings in Group Policy and the corresponding Registry settings for Win10, please refer to AKB2000016 posts #2177509, #2177791, #2275038, #2275043 and #2286499.

Windows 10 Group Policy “Windows Update:”.

Windows 10 Group Policy “Windows Update for Business:”.

Windows 11 Group Policy “Windows Update:”.
There is no longer “Windows update for Business” in Win11.

6 users thanked author for this post.

hbushell, WildChild, Mele20, Cybertooth, RetiredGeek, Alex5723

Reply | Quote

Replies

Section 2: Changes in Group Policy under Windows Update.

Contents of the four folders under Group Policy for “Windows Update:”.

1. “Legacy Policies” include settings for installation, restarts, and notifications, and what the user can see.

2. “Manage end user experience” – contains more about installs and restarts around active hours, what settings the user can see, and “Configure Automatic Updates” with the “2” setting for (notify download/install.

The setting for “Configure Automatic Updates” = Enabled, value “2” (Notify download/install) is here.

3. “Manage updates offered from Windows Server Update Service” (WSUS) is settings for bussiness use of WSUS.

4. “Manage updates offered from Windows Update” is much of what used to be “Windows Update for Business” including deferrals and pauses for Quality/Feature Updates and Preview Builds as well as the settings for TRV.

2 users thanked author for this post.

WildChild, Fred

Reply | Quote

Section 3: Group Policy – Manage updates offered under Windows Update.

Contents under Group Policy\Manage updates offered from Windows Updates.

1. Select when Preview Builds and Feature Updates are received.
Defer Feature Updates after release for up to 365 days for Semi-Annual Channel, until policy change or EOS. NOTE: If you also set TRV, the version specified will take precedence.
Defer Feature Updates up to 14 days for pre-release channels (Insider).
Pause Feature Updates up to 35 days.

2. Select when Quality Updates are received.
Defer Quality Updates after release for up to 30 days.
Pause Quality Updates for up to 35 days. To resume receiving Quality Updates, clear the field.

3. Disable safeguards for Feature Updates.
Disable blocking of safeguard holds (for compatibility issues) for testing purposes.

4. Do not include drivers with Windows Updates.

5. Mange preview Builds.
Manages Insider Preview channels.

6.Select the Target Product Version and Target Feature Update Version (TRV).
Set Product and version. Win10 and Win 11 will be know by the same version (example 21H1), so the Product must also be specified (Windows 10 or Windows 11). NOTE: Setting TRV implies “I accept the Microsoft Software License Terms.”

5 users thanked author for this post.

WildChild, Rick Corbett, CADesertRat, Alex5723, Fred

Reply | Quote

Section4: Registry Settings Part 1.

Registry Settings for Win11 (paralleling those for Win10 in AKB2000016).
Part 1.

1. HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate.
Settings show whether Feature Update Deferral and/or Quality Update Deferral are turned on.
Settings show whether Drivers are excluded in Quality Updates.
Settings show Start Time if Pause Feature Updates or Pause Quality Updates is set.
Settings show Targeted Product and Targeted Version (TRV).

If the TRV settings remain here, the TRV script may need the ProductVersion added:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdate]
"TargetReleaseVersion"=dword:00000001
"TargetReleaseVersionInfo"="21H2"
"ProductVersion" = "Winsows 10" (or "Windows 11")

2. HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU.
Configure Automatic Updates – Enabled, Value = 2 (notify download/install.
This setting is in the same location in the Registry for Win10 and Win11.
Scheduled Install Day and Time will be shown here if set.

3. HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState.
Most of these settings are the same as were set bi “Windows Update for Business” up to Win10 v21H1. Since WUfB does not exist in Win11, the Deferral Settings do not appear to be active. The Policy Source settings are different and a “TargetProductVersion” setting has been added. Compare Win10 settings in second screenshot #2177791 and first screenshot in #2275038.

Reply | Quote

Section 5: Registry Settings Part 2.

Registry Settings for Win11 (similar to those for Win10 in AKB2000016).
Part 2.

4. HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings.
Settings show the status of Paused Feature and Quality updates.

5. HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX.
Settings indicate Active hours, Download over Metered Connections, Exclude drivers with Quality updates, Flight settings (Insider), and “2” (for notify download/install ?).
These appear to reflect GUI settings from the Settings App. They were not set in the installation of Win11 demonstrated.

6. HKLM\SOFTWARE\Microsoft\WindowsUpdate\StateVariables.

Reply | Quote

Exceptional (last?) WU walkthrough PK, I doubt last, there will be many changes ahead.
Although this is ‘subject to change’ for both Windows versions come 21H2 RTM dates.
Remember, Win11 is still pre-RTM with a month for MSFT to obfuscate further.

PKCano wrote:

********** Under construction *************
Please be patient.

********** Under construction *************
Please be a patient.

Should have included this in the W10 EULA back on 29th July 2015 going forward..

Keep IT Lean, Clean and Mean!

3 users thanked author for this post.

Fred, Mele20, Cybertooth

Reply | Quote

I haven’t looked into it in such depth as @PKCano.

However, I’ve seen the increasing restrictions in what Joe/Joan end-user can do and have decided to avoid it for the time being until the RTM version is released.

2 users thanked author for this post.

Charlie, Cybertooth

Reply | Quote

It appears that the setting:

Do not include drivers with Windows Updates.

…is simply ignored in 21H1 version in Windows  Professional10 editions also. Can’t we have freedom what drivers to install as Group Policy provides that ability?

Reply | Quote

It doesn’t appear to be ignored for me (or most others as far as I can tell).

Windows 11 Pro version 22H2 build 22621.1483 + Microsoft 365 + Edge

Reply | Quote

Really? I see you have 21H2 whereas I have 21H1. Additionally, Windows Update lists some drivers as optional (view optional updates) unchecked but some drivers are still forcefully installed no matter what GPO setting was set to. Very annoying.

Reply | Quote

I believe he was talking about when he had 21H1.  I still have it and don’t get shoved drivers.  I think the key is you should never view the optional section or click “check updates”

Susan Bradley Patch Lady

Reply | Quote

anonymous wrote:

It appears that the setting:

Do not include drivers with Windows Updates.

I don’t get any drivers on my 21H1 Pro.

Reply | Quote

So, doesn’t Windows update offer or detect new device drivers when you or the system perform “check for updates” even your current drivers are outdated with using Group Policy setting?

Reply | Quote

Windows update may check but not download/install.
I never install drivers from Microsoft. I install directly from OEM/Manufacturer sites (Lenovo, Intel, Nvidia, …)

Reply | Quote

anonymous wrote:

So, doesn’t Windows update offer or detect new device drivers when you or the system perform “check for updates” even your current drivers are outdated with using Group Policy setting?

You should NEVER click “check for updates.”
In Win10, “Check for updates” is NOT a CHECK, it is a mandate to download and install any and all available, pending updates (including drivers, Previews, PC Health Check, etc).

Reply | Quote

PKCano wrote:

You should NEVER click “check for updates.” In Win10, “Check for updates” is NOT a CHECK, it is a mandate to download and install any and all available, pending updates (including drivers, Previews, PC Health Check, etc).

Unless, of course, that’s what you wish to do with your own PC.  I have driver updates blocked via Group Policy in Windows 10 Pro, and that policy has yet to fail me.

And I want all available pending updates, Previews, PC Health Check, etc.  I have a library of drive images at the ready in case something should go awry.

Create a fresh drive image before making system changes/Windows updates, in case you need to start over!

We all have our own reasons for doing the things that we do. We don't all have to do the same things.

Computer Specs

Reply | Quote

bbearren wrote:

Unless, of course, that’s what you wish to do with your own PC.

Agreed, if that’s what you wish to do.
But it’s only fair that people are informed of the consequences and that’s what they want to do. Microsoft doesn’t provide that information on the “Check for updates” screen. And “check” usually doesn’t mean “go ahead, download and install updates” any more than the “X” in the upper right corner means continue with GWX.

5 users thanked author for this post.

Microfix, Alex5723, DrBonzo, Fred, Cybertooth

Reply | Quote

I do not, but Windows Update service also does checking updates on regular basis if you do not disable Windows Update core service. So problem clearly is not in users’ end.

What the most interesting thing is, EVENTHOUGH I see touhpad driver is listed and unchecked in “view optional updates” section, Windows Update insists on pushing faulty touchpad driver EVEN I do not click on check for updates manually, and Windows Update (wuauserv) does this by ignoring aforementioned Group Policy setting. I think I am not able to bare this torture anymore as I never had single issue about driver installation enforcement in old days while running on Windows 7 which never pushed any driver update forcefully, just recommending them only.

Reply | Quote

Have you set the Group Policy setting at “2” (notify download/install), and then used wushowhide (a Microsoft tool) to hide the driver?

Reply | Quote

I’m another Windows 10 Pro 21H1 user having a lot of trouble about automatic device driver installation despite applying this Group Policy setting. It is not working unfortunately.

Screenshots:
https://i.hizliresim.com/mgorl8i.PNG
https://i.hizliresim.com/rkrhwlw.PNG

For your information, “sürücü=driver” and “update=güncelleştirme” in Turkish.

Reply | Quote

This may all be great for the computer scientists and technically advanced computer and software geniuses, but what about all the Mr./Ms. Joe/Joan Average users out there.  All this highly technical rigamarole just to UPDATE?  Definitely not my cup of tea and I consider myself a bit above an average user.

That being said, good work PKCano.  The work you’ve done here will probably help many company administrators cope with it all.

Experience is that marvelous thing that enables you recognize a mistake as soon as you make it again.

2 users thanked author for this post.

Fred, DrBonzo

Reply | Quote

Why doesn’t Microsoft leave us alone and let some freedom to manage our own systems? For example my Windows 10 laptop works best when certain built-in/on-board devices are installed with standard (Microsoft) drivers such as touchpad. However, EVENTHOUGH I set aforementioned Windows 10 Group Policy above, it still tries pushing manufacturer’s faulty touchpad drivers which is causing headaches. It is all happening with 21H1 version. I want to have complete control over the operating system, at least like on the days of we were using Windows 7, really. Now I have to disable particular device from BIOS just to prevent it from being installed with wrong driver forcefully pushed by Microsoft, it even ignores Group Policy setting, this is totally unacceptable and unbeleivable.

Note that I’m not one of the guys above posted as ‘anonymous’, just another unhappy Windows 10 user. Best regards.

1 user thanked author for this post.

Charlie

Reply | Quote

anonymous wrote:

I’m another Windows 10 Pro 21H1 user having a lot of trouble about automatic device driver installation despite applying this Group Policy setting. It is not working unfortunately.

Screenshots:
https://i.hizliresim.com/mgorl8i.PNG
https://i.hizliresim.com/rkrhwlw.PNG

For your information, “sürücü=driver” and “update=güncelleştirme” in Turkish.

Works for me just fine blocking drivers in GPedit.

Reply | Quote