Never configure any of your windows update settings with GPO, let SCCM handle that via local policy.
I believe the setting you want is here for Win10: https://miketerrill.net/2016/10/11/disable-check-online-for-updates-from-microsoft-update-in-windows-10/ For Win7, we just disable the ability to check online: https://weikingteh.wordpress.com/2012/09/20/how-to-disable-the-check-online-for-updates-from-microsoft-update-link-in-the-windows-update-icon-in-control-panel/ Daniel Ratliff From: [email protected] [mailto:[email protected]] On Behalf Of S ConfigMgr Sent: Thursday, March 30, 2017 12:12 AM To: [email protected] Subject: [mssms] GPO Update Disable Manual MS checks Hello all, I have deployed SUP and Patching is working as expected. However my end users are able to use windows update, How can i block end users to stop installing patches from internet, I have windows 10 Enterprise and Professional Machines as end users. I have tried to deploy a group policy to disable Computer Configuration\Administrative Templates\Windows Components\Windows Update. 1. Find and double-click Configure Automatic Updates [0711 group policy step 3]<https://cms-images.idgesg.net/images/article/2016/06/0711-group-policy-step-3-100666831-orig.jpg> 2. In the resulting dialog box, select Enabled. 3. In the Options box, pull down the Configure automatic updating menu and select your preferred option. [0711 group policy step 4 and 5] 4. Still Updates are able to scan by user with ms site, How can I achieve this ? -- Thanks, ED The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information.
