Here’s something many Windows 10 users may not know: If you select options to control your updates in the local group policy settings better known as “Windows Update for Business,” you end up controlling optional updates. And what if you are not necessarily a “business” user? What options do you have?
The little secret about “Windows Update for Business” is that it’s nothing more than a set of registry keys and local group policy settings that allow you to better control updates. And you don’t have to work for a business to utilize these settings, though it helps if you’re running Windows 10 Professional.
(For users of Windows 10 Home, many of these settings work, but it’s not as easy to set them — and you have to rely on registry settings that can be cumbersome to install. That’s why I urge you to upgrade from Windows 10 Home to Professional. The process is easy and does not affect your programs or data. You can purchase a valid product key online, or do it from inside the operating system.)
Upgrading to Professional exposes the full ability to control updates. Often, people refer to this as the “patching tax.” While you may already know the metered network trick to keep updates from being installed (because Microsoft thinks that it will cost you money on a cellular connection), the Windows Update for Business options allow you to fine tune what your machine gets offered.
And for those of you that want to control updates using a server or cloud control tool such as Intune, Microsoft recently posted an online learning module; it helps explain the options you have for controlling your selections from a centralized location. For users that have no network other than peer to peer, you can simply make the settings on a machine-by-machine basis.
To view the settings you can control, in the search box on Windows 10, type in GPEDIT. That brings up the edit group policy control panel application. Click on it and then browse to Computer Configuration> Administrative Templates>Windows Components>Windows Update. Here, you will see a folder called Windows Update for Business. It has five settings you can adjust and use.
The five options
“Select when Preview Builds and Feature Updates are received” is the first option. This allows you to either be bleeding edge or no edge – meaning that if you want to check out new features in Windows, you can opt in to select preview builds. If you’re an IT admin or consultant who wants to keep an eye on upcoming builds, I recommend having a machine or two running Insider editions. But for regular end users (and for consumers and home users), leave these settings alone; we’re going to set the feature release we want on in a different manner.
The next setting allows you to defer quality updates – better known as security updates released on Patch Tuesdays – either after a set number of days or on a specific date. The good news is you can do this setting either by group policy here, or in the GUI settings of Windows Update for both Windows 10 Home or Pro. Go to Start>Update and Security>Advanced options and choose the date you want to install updates – preferably giving yourself sufficient time after the patching issues are identified.
The third setting allows an admin to bypass Microsoft’s blocks on installing a feature release. I don’t recommend that you bypass this setting. Even in my own office, if I find the next feature release is being blocked, I want to understand what the block is, not bypass it.
Fourth is the “Manage preview builds” setting, which allows you to select Insider editions should you want a device on the bleeding edge.
And finally, “Select the target Feature Update version” is the setting that allows you to better control when you receive feature releases. If you enable this setting and then chose the exact version of Windows 10 you want — for example, 20H2 — your system will stay on that release and not be offered the next version. The good news about this particular setting is that it’s easily set via a registry key, even on Windows Home machines.
But wait, there’s more
That’s not all you can control using the group policy settings. One in particular Microsoft doesn’t want you to use, but in fact it can be useful: Group Policy: Require end user action to download updates. This notifies the user about the download.
You find this setting under the Group Policy path Computer Configuration>Administrative Templates>Windows Components>Windows Update>Configure Automatic Updates.
Configuring this will prevent the update from downloading until a user acts by selecting a notification or going to the Windows Update Settings page. If the user takes no action, the update will not download until the deadline you set arrives. Think carefully before configuring this policy, because it will likely provide a poor user experience and slow update adoption.
Let’s take a look at this one on a standalone computer. First, you must have a Windows 10 Professional (or Enterprise or Educational). In the search box on Windows 10, type in GPEDIT to get to the edit group policy control panel. Browse to Computer Configuration>Administrative Templates>Windows Components>Windows Update>Configure Automatic Updates. Click on the box to Enable and then choose 2 – Notify for download and auto install.
This will cause the system to post a notification on your system when it senses updates are available, but they won’t be installed until you trigger them. If your firm uses Intune, these settings can also be made in the Intune console.
The bottom line: don’t be intimidated by the Windows Update for Business settings. They aren’t just for business, they’re for anyone who takes the time to set them.