Possible to delay monthly patches in Windows 10 Pro?

Topic

New Reply

[Joseph Moran]

Hi.

Hope I’m posting in the right place. I’m looking for some guidance on how (or whether) it’s possible to postpone Microsoft Patch Tuesday updates on Windows 10 Pro PCs, other than by manually “pausing” updates for up to 35 days.

I’m responsible for supporting about 50 Windows 10 PCs in two locations and live in fear that some Wednesday morning I’m going to find that the latest shoddy update borked all of them.

So I while I still want the updates, I’d like to get them 2-3 weeks after release, once any potential problems have been identified and fixed.

I found this discussing how to keep Windows 10 on a given version and intend to use it, but looking for something that would apply to Patch Tuesday updates because obviously, manually pausing updates on 50 PCs each month is a non-starter.

So I was hoping there was some way to have Windows 10 download them but not install until a defined time in the future.

Appreciate any info. Thanks very much.

Joe

• This topic was modified 4 years, 4 months ago by Joseph Moran.

Reply | Quote

Replies

Try using WuMgr. Information is here:
https://www.askwoody.com/forums/topic/guide-to-using-wumgr-for-windows-10-updates/

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

AKB2000016 Guide for Windows Update Settings for Windows 10.
Section 1 is General.
Section 3 is about is about Win10 Pro
Section 4 is an example for v1909.
Section 5 is about v2004 and later (but can be used on v1909 as well.

There are two methods to deal with monthly updates – Pause and Deferrals. Pause you have to keep resetting after each update. Deferrals can be set to delay updating after Patch Tues and are basically set and forget.

There is also two ways to control version upgrades – Deferrals and TargetReleaseVersion (TRV).

There are screenshots below the text that show location of the settings.

Reply | Quote

Thanks for that link (and indeed for taking the time to write that guide).

I have 20H1 and 20H2 PCs, so I’m mostly concentrating on section 5, but I must confess that after reading it I’m not clear on something so I was hoping you could clarify for me.

Specifically, for “Select when Quality Updates are received” you recommend to set deferrals=0, or leaving it not configured.  But since I want to defer the monthly updates for a few weeks then I in fact need to enable this and specify my number of days, correct?

My goal is to continue to receive the updates automatically, albeit on a delayed schedule–  I definitely don’t want to have to touch these clients every month to download the updates.

Reply | Quote

If you want automatic updating, the set Quality Deferrals at the number of days after Patch Tuesday you want the updating to be done.
Also, you should not use the “2” (notify download/install) setting because that allows for manual download/install instead of automatic.
There are also settings to control the time window for the download/install and the following mandatory reboot so it does not impact working hours.

I would suggest setting TargetReleaseVersion to control the upgrades so that all your computers are on the same Win10 version.

AKB2000016 is not intended for Business guidance. It is aimed at individual Users.

The following is not aimed at Business/Enterprise Users who are supported by IT Departments. It is for the Consumers and Small Businesses that are patching their own computers without technical support.

Reply | Quote

If all of these computers are on the same domain and you have the ability to run a Windows Server, I highly recommend that you set up WSUS.  Then within WSUS you could have a test group and a production group in order to manage patch deployment.

WSUS is free, but it is not hands-free if you are trying to delay updates but still have them automatically install.  Still, here’s a good start for installing/configuring WSUS if you wanted to do some investigation to see if it would work for you:

https://www.ajtek.ca/guides/how-to-setup-manage-and-maintain-wsus-part-1-choosing-your-server-os/

Or, get PDQ Inventory and PDQ Deployment.  Also great tools to help manage Windows computers and Windows patches.  There is a free version that you may be able to use as a test, but would likely need the paid version to use automated patching.

Reply | Quote

Thanks to all who responded.

 

I’m gonna stick with the Local Group Policy method– free, and relatively easy– to defer quality updates for 21 days, and stay on 20H2 for the remainder of this year.

Reply | Quote