windows update How to force W10 to install security patches only?

[KostWarCZE]

NOT RESOLVED

 

Hey LTT,

TLDR

How to force W10 to install just security patches?

OR
Read bolt olny

DESCRIPTION
i had a problem with W10 stability on "official patch" such as BSOD, performance loss, bugs, etc.. So i made something like "clean installation of w10" and modify it to be useble.
This modification solved almost all problems with W10 that i had, but there's one problem with which i need help.

PROBLEM

The problem is that i have to keep Windows Update service disabled to prevent it from auto-updates which will cause instability again (tested), but i need security patches for things like spectre/meltdown etc..

 

TRIED SOLUTION

• Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates.
  • Doen't work, its not specified for W10.
• You can set your internet connection to metered and it won't download anything unless you tell it to. 
  • As far as i know metered connection can't be set for ethernet in W10 GUI so i followed this guide: LINK
  • I restart PC and check for updates > it started to download updates.
  • Doesn't work.

SOLUTION

• My current solution is to enable Windows Update service and let it download > locate its directory > save it on server > load backup > install it manually.
  • This solution is too uneffective so i hope you can suggest something better.

 

FAQ

• What's ideal solution?
  • Ideal solution is to just chose Windows Update to download using Windows GUI.
• Why don't you just use latest version of Windows 10?
  • latest version is for my work practically unuseble.. on my modification i never had BSOD or anything that could ruin my experience.

 

Thanks for any help!

 

---
 

LW:
• i tried to search for this topic on LTT and haven't found it > i created this one.

• I chosed Operating Systems > Windows, because it seems to me as closest thread to this topic.

[Syntaxvgm]

There is an option in pro and enterprise to defer feature updates, but it's defer not cancel. I imagine there's some screwing with that you can do to make it forever. There's a program I use to snoop on things like registry writes and whatnot, but it's on one of my home computers. I'll be able to post it later if someone doens't beat me to it.

 

Keep in mind that eventually security updates are written for newer versions of 10, and over time this could cause problems. 10 seems to be a long term platform that they'll change in ways more major than service packs, and still call it 10. Not sure if continued changes like anniversary edition and creators will begin to get too far away from the original 10 to make this a problem, as I've not messed with 10 much.

[Syntaxvgm]

https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

 

This is the official Microsoft tool for it, I have another tool that I'll post at some later point. Hopefully you can figure out what the 'defer feature updates' does, and how to make it indefinite.

[Evanair]

You can set your internet connection to metered and it won't download anything unless you tell it to. 

 

This forces you, by that i mean you have to launch windoes ipdate manually as it wont ever prompt you, to choose which patches you want to download and install at all times. 

[KostWarCZE]

3 hours ago, Syntaxvgm said:

https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

 

This is the official Microsoft tool for it, I have another tool that I'll post at some later point. Hopefully you can figure out what the 'defer feature updates' does, and how to make it indefinite.

Based on my experience i believe that "defer updates" feature in W10 doesn't do anything.. i test it before my modification and it download same files and installed them..

But thanks for tip on process monitor seems like usefull sw.
 

2 hours ago, Evanair said:

You can set your internet connection to metered and it won't download anything unless you tell it to. 

 

This forces you, by that i mean you have to launch windoes ipdate manually as it wont ever prompt you, to choose which patches you want to download and install at all times. 

As far as i know metered connection can't set for ethernet in W10 GUI so i follow this tutorial: https://www.windowscentral.com/how-set-ethernet-connection-metered-windows-10
 

Testing this solution now. > Doesn't work.

[Hugh_Mungus]

4 hours ago, Syntaxvgm said:

There is an option in pro and enterprise to defer feature updates, but it's defer not cancel. I imagine there's some screwing with that you can do to make it forever. There's a program I use to snoop on things like registry writes and whatnot, but it's on one of my home computers. I'll be able to post it later if someone doens't beat me to it.

 

Keep in mind that eventually security updates are written for newer versions of 10, and over time this could cause problems. 10 seems to be a long term platform that they'll change in ways more major than service packs, and still call it 10. Not sure if continued changes like anniversary edition and creators will begin to get too far away from the original 10 to make this a problem, as I've not messed with 10 much.

I see windows 10 lasting another 3 years. Even now they still have 50% of its customers using Windows 7. I don't like all the data windows collects on me and it's known that big software companies with windows will and does build back doors for the Government. If they released windows 11 Less then 3 % of its current windows 10 users would switch over. 

 

Personally I would be using Linix if It was more geared for gaming. Sadly most games are not coded to work on Linix

 

I couldn't find the Link but there was a story a few months ago that talked about how companies in the industry including microsoft had a deal that any security bugs that the CIA, FBI, or NSA found they would disclose to them. SHOCKER that the government did not disclose them, Because they were using the bugs that they found! How long do you thing the government knew about spectre and meltdown? 7 months? longer?

[KostWarCZE]

8 hours ago, Hugh_Mungus said:

I see windows 10 lasting another 3 years. Even now they still have 50% of its customers using Windows 7. I don't like all the data windows collects on me and it's known that big software companies with windows will and does build back doors for the Government. If they released windows 11 Less then 3 % of its current windows 10 users would switch over. 

 

Personally I would be using Linix if It was more geared for gaming. Sadly most games are not coded to work on Linix

 

I couldn't find the Link but there was a story a few months ago that talked about how companies in the industry including microsoft had a deal that any security bugs that the CIA, FBI, or NSA found they would disclose to them. SHOCKER that the government did not disclose them, Because they were using the bugs that they found! How long do you thing the government knew about spectre and meltdown? 7 months? longer?

yea.. personally if i had Linux with DirectX support or something that could run "windows games/sw" same or better on Linux i would never toutch Windows again.. But since its not possible i have to modify windows to work as it should..

btw. i bet that "Windows 11" will be something like "Windows One".