Windows 10 Upgrade in Domain verbieten
Hallo Leute!
Wahrscheinlich betrifft es viele von euch.
Kennt jemand einen Trick, oder eine Möglichkeit das Windows 10 Upgrade innerhalb der Domain zentral zu verbieten oder zu deaktivieren.
Bzw. welche Updates müssen am WSUS zurückgerufen werden? Oder welche Regkeys kann man austeilen?
Besten Dank für eure Hilfe
J.D.
Wahrscheinlich betrifft es viele von euch.
Kennt jemand einen Trick, oder eine Möglichkeit das Windows 10 Upgrade innerhalb der Domain zentral zu verbieten oder zu deaktivieren.
Bzw. welche Updates müssen am WSUS zurückgerufen werden? Oder welche Regkeys kann man austeilen?
Besten Dank für eure Hilfe
J.D.
Bitte markiere auch die Kommentare, die zur Lösung des Beitrags beigetragen haben
Content-ID: 305706
Url: https://administrator.de/contentid/305706
Ausgedruckt am: 22.11.2024 um 04:11 Uhr
12 Kommentare
Neuester Kommentar
Moin,
KB 3035583 deinstallieren und bei jedem neuen Updatevorgang immer wieder ausblenden.
ggf. auch noch KB2952664 und 3118401 mit rausnehmen.
dann dürfte auch kein Updatesymbol in der Taskleiste auftauchen.
Evtl noch per GPO die GWX.exe verbieten
dann bist Du schon mal einen guten Schritt weiter.
Gruß
Holger
KB 3035583 deinstallieren und bei jedem neuen Updatevorgang immer wieder ausblenden.
ggf. auch noch KB2952664 und 3118401 mit rausnehmen.
dann dürfte auch kein Updatesymbol in der Taskleiste auftauchen.
Evtl noch per GPO die GWX.exe verbieten
dann bist Du schon mal einen guten Schritt weiter.
Gruß
Holger
Hallo,
Hier gefunden, http://www.computerworld.com/article/3022796/windows-pcs/microsoft-chan ...
Gruß,
Peter
Hier gefunden, http://www.computerworld.com/article/3022796/windows-pcs/microsoft-chan ...
Microsoft changes rules of Windows 10 upgrade game
Expands notifications and automatic upgrades to domain-joined small business PCs
Microsoft yesterday again changed the rules of its better-upgrade-to-Windows 10 game, announcing that some business PCs running the professional editions of Windows 7 and Windows 8.1 would soon begin seeing notifications to migrate to the newest OS.
At the same time, the Redmond, Wash. company belatedly provided instructions to block the Windows 10 upgrade. The timing was not coincidental: Microsoft is historically more accommodating to its commercial customers than it is to consumers when it comes to choices in upgrading and updating software.
"We will begin to roll out the 'Get Windows 10' app to additional devices that meet the following criteria, in the U.S. later this month and in additional markets shortly thereafter." said Matt Barlow of Microsoft, in a post to a company blog Wednesday.
The new criteria covered PCs running Windows 7 Professional or Windows 8.1 Pro that were "domain-joined" -- part of a computer network whose administrators rely on Active Directory to set access rights -- and that receive updates via the Windows Update service.
Previously, all domain-joined PCs were off-limits to the increasingly-aggressive upgrade nagging that consumer devices have been receiving since June.
Still out of bounds: PCs running the Windows 7 Enterprise and Windows 8.1 Enterprise editions, and all systems that receive updates from an administrator-managed patch platform, such as Microsoft's own WSUS (Windows Server Update Services) and SCCM (System Center Configuration Manager), or third-party software.
The new rules will primarily affect small businesses that take a more casual approach to managing their PCs -- often because they lack dedicated IT personnel -- and so rely on the consumer-grade Windows Update for patch delivery. Larger organizations, however, often have pockets of machines that will begin to display the nags.
Those devices will soon receive Microsoft's GWX app -- for "Get Windows 10" -- that will reside in the taskbar and display pop-up prompts to upgrade.
Microsoft has been aggressively leveraging the free upgrade offer, which ends in late July and is within two weeks of its mid-point, in an attempt to convince, cajole, nag and pester users into moving to Windows 10; the efforts are all part of its intention to put the OS on a billion systems by mid-2018. Yesterday's change in who sees the notifications was just the latest in a long series of similar steps.
Some consumers have resisted the offer, happy with the OS now on their PCs and seeing little reason they should be badgered. It's likely that small businesses will be even more resistant to the call-to-change.
"Many small businesses have already been dealing with this thing since the start. Believe me, I hear from them all the time," said Josh Mayfield. He's the software engineer who created GWX Control Panel, a tool designed to make Microsoft's GWX app go away, purge the system of upgrade files, and block the automatic upgrade that will be pushed to systems this year. Mayfield has heard from scores of small business owners, users and administrators, who, after searching for a way to remove the nags from their PCs, were thankful to find GWX Control Panel.
"Most small businesses don't have [Windows] Enterprise licenses and many also don't use Windows domains," he said.
Mayfield accidentally became an expert in Microsoft's upgrade caper, creating GWX Control Panel to give to his mother. But as he offered it to the public, he was forced to dissect Microsoft's undocumented maneuvers in order to keep pace with the company's attempts to put its notifications on upgrade-eligible PCs, keep them there, and regularly update them with changed content.
Mayfield last updated GWX Control Panel in late December to version 1.7. The utility is free to download, although Mayfield does accept donations via PayPal to cover his site hosting fees.
Along with the news that the Windows 10 upgrade prompts would shortly start to appear on more PCs, Microsoft also revised a support document that offers instructions to administrators wanting to block the appearance of the notifications and more importantly, bar the PC from receiving the upgrade and initiating the installation process. The instructions include guidelines for crafting a Group Policy that can remotely change the Windows Registry, adding a new subkey with a value assigned to DisableOSUpgrade.
What Readers Like
Unlike some other work-arounds that have circulated in the last several months, the DisableOSUpgrade method seems to work, said Mayfield, who maintains a suite of test systems to monitor what Microsoft's GWX app does.
"DisableOSUpgrade, when set, does seem to block the Windows 10 Upgrade via Windows Update behavior," said Mayfield. "We did see cases where the [DisableOSUpgrade] registry value was deleted as a result of [updates to the] Windows Update [client] over the summer, but I haven't spotted that particular behavior in the last couple of months."
Microsoft's Barlow characterized the notification change for business PCs as driven by customers who wanted a simpler way to upgrade than downloading the bits and using external media like a USB flash drive to install the OS. "Because of ongoing customer requests from many small businesses and other small organizations to easily take advantage of the free upgrade, we will soon make the Get Windows 10 app available to them as well," he said.
There's no way for outsiders to verify Barlow's claim that small businesses have been clamoring for the on-screen notifications. Cynics will likely wonder where the customer requests stop and Microsoft's marketing begins: The firm regularly cites the former when decisions it makes are in its own business interests.
Mayfield was skeptical that small businesses will universally approve of the intrusion. "I imagine it will cause another wave of panicked users, because small businesses obviously want to spend their computer time making a living, not wasting time looking for updated firmware, drivers, and applications to support an operating system they don't need," he said.
Peter
Zitat von kontext
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate - DWORD: DisableOSUpgrade (1)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Gwx - DWORD: DisableGwx (1)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate - DWORD: DisableOSUpgrade (1)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Gwx - DWORD: DisableGwx (1)
dazu noch diese beiden:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade - DWORD: AllowOSUpgrade (0)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade - DWORD: ReservationsAllowed (0)
Seitdem hab ich Ruhe.
Zitat von @joachim57:
dazu noch diese beiden:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade - DWORD: AllowOSUpgrade (0)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade - DWORD: ReservationsAllowed (0)
Seitdem hab ich Ruhe.
Zitat von kontext
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate - DWORD: DisableOSUpgrade (1)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Gwx - DWORD: DisableGwx (1)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate - DWORD: DisableOSUpgrade (1)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Gwx - DWORD: DisableGwx (1)
dazu noch diese beiden:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade - DWORD: AllowOSUpgrade (0)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade - DWORD: ReservationsAllowed (0)
Seitdem hab ich Ruhe.
Mahlzeit,
und das machst du für jeden Client-PC?
Servus,
ist die Frage ernst gemeint?
Sorry - aber in einer Domain gibt es Gruppenrichtlinien ...
Gruß
@kontext
... ich habe angefangen bei Maschinen folgende Keys zu setzen:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate - DWORD: DisableOSUpgrade (1)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Gwx - DWORD: DisableGwx (1)
Gruß
@kontext
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate - DWORD: DisableOSUpgrade (1)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Gwx - DWORD: DisableGwx (1)
Gruß
@kontext
Ich habe das so verstanden und ja, demnach dürfte meine Frage ernst gemeint sein. Mir ist wohl klar, dass es Gruppenrichtlinien gibt....
Ja klar! Die 4 Einträge hab ich einer .reg Datei. Diese dann mit der Methode deiner Wahl oder per Turnschuh verteilen.