0

I'm creating a windows build which will be deployed onto hardware which will perform one single function. Consider a kiosk type deployment and the kiosks are connected over 3G. We'll be building and deploying 100's.

I'm using Windows 10 lOT Enterprise (Win_10_IoT_Enterprise_2016_LTSB_64Bit_English_X21_12007), I don't want all updates to be downloaded and installed because I don't know what effect this will have on unattended kiosks long term and it will use up bandwidth and use our 3G data allowance. Microsoft's default policy to force updates will not work in our case.

I'm willing to allow critical updates (consider wanna cry patch recently) but feature and driver installs need to be prevented.

Is it possible to only allow the most important of updates to download and install.

If not, what is the cast iron method of completely disabling all updates.

Thanks

Damo
  • 415
  • 3
  • 7
  • 17
  • You can still use local group policy to have a finer control over windows updates. Specifically you turn off recommended updates, just keeping important ones. You can also turn off driver updates or just turn off updates completely this way too – Drifter104 May 25 '17 at 16:23
  • @Drifter104 could you elaborate on specific polices? I can only see options to defer, maybe I'm looking in the wrong place? – Damo May 26 '17 at 08:30
  • If you open `Computer Configuration` > `Administrative Templates` > `Windows Components` > `Windows Update` You should have a series of polices, plus the "Defer Windows Updates" Policy Folder – Drifter104 May 26 '17 at 11:15

1 Answers1

0

ok, so I decided to never allow updates and in the event of a s*it storm we'll manually update them.

I set all network connections to be metered in the registry and prevented updates from occurring on metered connections.

Damo
  • 415
  • 3
  • 7
  • 17