In a post-COVID world where many of us are still working from home, some of the group policies that are controlled by the corporate IT group can sometimes be handicapped while off the domain network. One of these is Windows Update. If your company uses a WSUS Server to approve or block certain Windows Updates, this can sometimes be a problem while working remotely. Microsoft likes to push certain updates when it is not restricted by company policies. This sometimes poses a problem for the corporate IT, as they often have to roll-back updates that break or severely hinder the performance of their user’s computers.
Simply stopping or disabling Windows Update services is not enough because Microsoft often has builtin protections that will enable and start Windows Update services that have been stopped. However, there is a way you can stop it and prevent Windows from automatically starting it. This process, while not necessarily recommended as an extended solution for business users, can help prevent rogue updates from being pushed to your users while working away from the office.
First, launch Services and scroll until you find the Windows Update Service. Instead of simply stopping the service, instead go to the Log On tab. Change the logon permission from the Local System account and instead give it logon permission for the built-in Guest account. You will need to put in a password, but this password does not have to be a valid password for the Guest account. In fact, your Guest account is likely already disabled by default in your system (and if it is not it should be!) Once you have set this dubious account, click Apply and accept the changes. You can now stop the service on the General tab.
Windows will no longer be able to start the Windows Update service on its own. You may get
subsequent warnings from the Windows notification system, but you can click to ignore these as they arrive.
In newer versions of Windows 10, Microsoft has added an additional serviced named, Windows Update Medic Service. This service serves to fix any changes to the Windows Update system that prevents it from running. You can make the same changes to this service as you did to the Windows Update service and it will prevent your OS from self-correcting the problem.
When you are ready for Windows Update to run on your schedule, then you can restore the login back to the system and start the services. This work-around is meant to ensure that no unwanted updates are installed without your permission. You should use this process at your own risk. Running Windows without the latest updates and security definitions can pose a risk to your system, data, and network integrity. However, there are times where blocking updates for an extended time is necessary if it prevents your software or your OS from working properly.