john-doe
Goto Top

Windows 10 Upgrade in Domain verbieten

Hallo Leute!
Wahrscheinlich betrifft es viele von euch.
Kennt jemand einen Trick, oder eine Möglichkeit das Windows 10 Upgrade innerhalb der Domain zentral zu verbieten oder zu deaktivieren.
Bzw. welche Updates müssen am WSUS zurückgerufen werden? Oder welche Regkeys kann man austeilen?

Besten Dank für eure Hilfe
J.D.

Content-ID: 305706

Url: https://administrator.de/contentid/305706

Ausgedruckt am: 22.11.2024 um 04:11 Uhr

shadynet
shadynet 30.05.2016 um 11:31:29 Uhr
Goto Top
Moin moin
Seit wann verteilt der WSUS denn das Windows-10-Upgrade-Update? Meiner tuts nicht, bin ich auch froh drum, und das ohne jemals genau drauf geachtet zu haben, dass ich es ausschließe. Irgendwo hieß es auch mal, über WSUS kommt das Upgrade-Update auch nicht...
john-doe
john-doe 30.05.2016 um 11:40:37 Uhr
Goto Top
Hi
Seit wann genau kann ich auch nicht sagen, leider dürfte es als "wichtiges Update" mitverteilt worden sein. face-sad
Dilbert-MD
Lösung Dilbert-MD 30.05.2016 um 11:44:42 Uhr
Goto Top
Moin,

KB 3035583 deinstallieren und bei jedem neuen Updatevorgang immer wieder ausblenden.
ggf. auch noch KB2952664 und 3118401 mit rausnehmen.

dann dürfte auch kein Updatesymbol in der Taskleiste auftauchen.
Evtl noch per GPO die GWX.exe verbieten

dann bist Du schon mal einen guten Schritt weiter.

Gruß
Holger
john-doe
john-doe 30.05.2016 um 11:50:49 Uhr
Goto Top
Vielen Dank Holger!
kontext
kontext 30.05.2016 um 11:52:43 Uhr
Goto Top
Hallo @john-doe,

bzgl. Registry-Keys ...
... ich habe angefangen bei Maschinen folgende Keys zu setzen:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate - DWORD: DisableOSUpgrade (1)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Gwx - DWORD: DisableGwx (1)

Gruß
@kontext
Pjordorf
Pjordorf 30.05.2016 um 12:00:40 Uhr
Goto Top
Hallo,

Zitat von @shadynet:
Seit wann verteilt der WSUS denn das Windows-10-Upgrade-Update?
Hier gefunden, http://www.computerworld.com/article/3022796/windows-pcs/microsoft-chan ...
Microsoft changes rules of Windows 10 upgrade game

Expands notifications and automatic upgrades to domain-joined small business PCs

Microsoft yesterday again changed the rules of its better-upgrade-to-Windows 10 game, announcing that some business PCs running the professional editions of Windows 7 and Windows 8.1 would soon begin seeing notifications to migrate to the newest OS.

At the same time, the Redmond, Wash. company belatedly provided instructions to block the Windows 10 upgrade. The timing was not coincidental: Microsoft is historically more accommodating to its commercial customers than it is to consumers when it comes to choices in upgrading and updating software.

"We will begin to roll out the 'Get Windows 10' app to additional devices that meet the following criteria, in the U.S. later this month and in additional markets shortly thereafter." said Matt Barlow of Microsoft, in a post to a company blog Wednesday.

The new criteria covered PCs running Windows 7 Professional or Windows 8.1 Pro that were "domain-joined" -- part of a computer network whose administrators rely on Active Directory to set access rights -- and that receive updates via the Windows Update service.

Previously, all domain-joined PCs were off-limits to the increasingly-aggressive upgrade nagging that consumer devices have been receiving since June.

Still out of bounds: PCs running the Windows 7 Enterprise and Windows 8.1 Enterprise editions, and all systems that receive updates from an administrator-managed patch platform, such as Microsoft's own WSUS (Windows Server Update Services) and SCCM (System Center Configuration Manager), or third-party software.

The new rules will primarily affect small businesses that take a more casual approach to managing their PCs -- often because they lack dedicated IT personnel -- and so rely on the consumer-grade Windows Update for patch delivery. Larger organizations, however, often have pockets of machines that will begin to display the nags.

Those devices will soon receive Microsoft's GWX app -- for "Get Windows 10" -- that will reside in the taskbar and display pop-up prompts to upgrade.

Microsoft has been aggressively leveraging the free upgrade offer, which ends in late July and is within two weeks of its mid-point, in an attempt to convince, cajole, nag and pester users into moving to Windows 10; the efforts are all part of its intention to put the OS on a billion systems by mid-2018. Yesterday's change in who sees the notifications was just the latest in a long series of similar steps.

Some consumers have resisted the offer, happy with the OS now on their PCs and seeing little reason they should be badgered. It's likely that small businesses will be even more resistant to the call-to-change.

"Many small businesses have already been dealing with this thing since the start. Believe me, I hear from them all the time," said Josh Mayfield. He's the software engineer who created GWX Control Panel, a tool designed to make Microsoft's GWX app go away, purge the system of upgrade files, and block the automatic upgrade that will be pushed to systems this year. Mayfield has heard from scores of small business owners, users and administrators, who, after searching for a way to remove the nags from their PCs, were thankful to find GWX Control Panel.

"Most small businesses don't have [Windows] Enterprise licenses and many also don't use Windows domains," he said.

Mayfield accidentally became an expert in Microsoft's upgrade caper, creating GWX Control Panel to give to his mother. But as he offered it to the public, he was forced to dissect Microsoft's undocumented maneuvers in order to keep pace with the company's attempts to put its notifications on upgrade-eligible PCs, keep them there, and regularly update them with changed content.

Mayfield last updated GWX Control Panel in late December to version 1.7. The utility is free to download, although Mayfield does accept donations via PayPal to cover his site hosting fees.

Along with the news that the Windows 10 upgrade prompts would shortly start to appear on more PCs, Microsoft also revised a support document that offers instructions to administrators wanting to block the appearance of the notifications and more importantly, bar the PC from receiving the upgrade and initiating the installation process. The instructions include guidelines for crafting a Group Policy that can remotely change the Windows Registry, adding a new subkey with a value assigned to DisableOSUpgrade.
What Readers Like

Unlike some other work-arounds that have circulated in the last several months, the DisableOSUpgrade method seems to work, said Mayfield, who maintains a suite of test systems to monitor what Microsoft's GWX app does.

"DisableOSUpgrade, when set, does seem to block the Windows 10 Upgrade via Windows Update behavior," said Mayfield. "We did see cases where the [DisableOSUpgrade] registry value was deleted as a result of [updates to the] Windows Update [client] over the summer, but I haven't spotted that particular behavior in the last couple of months."

Microsoft's Barlow characterized the notification change for business PCs as driven by customers who wanted a simpler way to upgrade than downloading the bits and using external media like a USB flash drive to install the OS. "Because of ongoing customer requests from many small businesses and other small organizations to easily take advantage of the free upgrade, we will soon make the Get Windows 10 app available to them as well," he said.

There's no way for outsiders to verify Barlow's claim that small businesses have been clamoring for the on-screen notifications. Cynics will likely wonder where the customer requests stop and Microsoft's marketing begins: The firm regularly cites the former when decisions it makes are in its own business interests.

Mayfield was skeptical that small businesses will universally approve of the intrusion. "I imagine it will cause another wave of panicked users, because small businesses obviously want to spend their computer time making a living, not wasting time looking for updated firmware, drivers, and applications to support an operating system they don't need," he said.
Gruß,
Peter
joachim57
joachim57 30.05.2016 aktualisiert um 17:19:46 Uhr
Goto Top
Zitat von kontext
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate - DWORD: DisableOSUpgrade (1)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Gwx - DWORD: DisableGwx (1)

dazu noch diese beiden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade - DWORD: AllowOSUpgrade (0)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade - DWORD: ReservationsAllowed (0)

Seitdem hab ich Ruhe.
Stefan007
Stefan007 03.06.2016 um 07:33:54 Uhr
Goto Top
Zitat von @joachim57:

Zitat von kontext
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate - DWORD: DisableOSUpgrade (1)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Gwx - DWORD: DisableGwx (1)

dazu noch diese beiden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade - DWORD: AllowOSUpgrade (0)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade - DWORD: ReservationsAllowed (0)

Seitdem hab ich Ruhe.



Mahlzeit,

und das machst du für jeden Client-PC?
kontext
kontext 03.06.2016 um 08:39:35 Uhr
Goto Top
Zitat von @Stefan007:
Mahlzeit,
und das machst du für jeden Client-PC?

Servus,

ist die Frage ernst gemeint?
Sorry - aber in einer Domain gibt es Gruppenrichtlinien ...

Gruß
@kontext
Stefan007
Stefan007 03.06.2016 um 10:11:01 Uhr
Goto Top
... ich habe angefangen bei Maschinen folgende Keys zu setzen:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate - DWORD: DisableOSUpgrade (1)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Gwx - DWORD: DisableGwx (1)

Gruß
@kontext


Ich habe das so verstanden und ja, demnach dürfte meine Frage ernst gemeint sein. Mir ist wohl klar, dass es Gruppenrichtlinien gibt....
joachim57
joachim57 04.06.2016 um 08:17:02 Uhr
Goto Top
Zitat von Stefan007

Mahlzeit,
und das machst du für jeden Client-PC?

Ja klar! Die 4 Einträge hab ich einer .reg Datei. Diese dann mit der Methode deiner Wahl oder per Turnschuh verteilen.
Stefan007
Stefan007 04.06.2016 um 08:23:45 Uhr
Goto Top
Danke! Ich hatte das echt so gelesen, dass du an jeden Client gehst und die Einträge änderst ^^.