Idea ID: 2781578

Option to disable Windows Update

Status: Waiting for Votes

Waiting for Votes

See status update history

As a patch administrator if I am using ZENworks Patch Management I want there to be an option to have ZENworks disable the Windows Update service so that only patches that I deploy through ZPM are being applied to my devices.

Happy Path:
1) At the zone, folder or device level I can set a setting to disable Windows update
2) On refresh the device disables the Windows update agent so that only patches deployed through ZENworks are available.
  • You can apply this custom event as a scheduled task, which forces Windows Update Service to stop and set to disable status.

      <Query Id="0" Path="System">
        <Select Path="System">
             Event[EventData[Data[@Name="Param1"]="Windows Update"]]
             and
             Event[EventData[Data[@Name="Param2"]="disabled"]]
             and
             Event[EventData[Data[@Name="Param3"]="auto start" or Data[@Name="Param3"]="demand start" or Data[@Name="Param3"]="manual"]]
           </Select>
      </Query>
    </QueryList>

  • Hi  

    Hope this helps. For workaround, I have done it using ZENworks Windows Group Policy to disable automatic update. But if you do not have zcm entitlement, then you will have to rely on AD to push that gpo

  • Hi,

    several of our customers are using ZENworks Patch Management and we are getting calls that there seems to be an issue with the way of how the clients are patched.
    After we have checked this with our customer we often notice that the GPOs are not or not more configured as they should have been.
    Sometimes we are even facing issues that some clients are not even getting the correct GPOs and have a lot of trouble to get this back to work properly.

    So some customers are even questioning if the product is doing what it is supposed to do.

    Due to this we remembered that Jason mentioned an idea to provide a mechanism to disable the Windows Update service through ZENworks so that we have another and hopefully a better way to control this.

    So I took a look into the ideas portal and was just wondering what is needed to move forward with this idea?

    Thanks and regards
    René

  • You can create a registry bundle to apply to those computers via zcm to disable Windows updates.
  • We disable Windows updates via GPO on our managed workstations, however, we have a growing number of workstations which are owned by a 3rd party vendor which have the ZCM Agent install for the purpose of deploying patches only. Our practice for handling these workstations is that they have our AV and patching solutions in order to be placed on our network. These workstations are not managed in any other way in our environment so having the ability to disable Windows updates from ZEN, would be helpful if the vendor has failed to do so.