
It doesn't but I always recommend going to the vendor's siteįor drivers or preinstalling a vendor's driver update tool (Lenovo's System Update,

Turn off access to all Windows Update features = Enabledĭo you know if that policy allows Device Manager to check online for drivers when a peripheral is plugged into one of the USB ports (USB dock, headset, fingerprint sensor etc.)? We use the following GPO to remove the Check online for updates from Microsoft Update option and it still give us the ability to use the Microsoft Store:Ĭomputer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings We also want Windows Update to be available to the device manager so that if a new peripheral is installed, drivers can automatically be downloaded and updated from Microsoft Update. Which setting just blocks checking for internet-based updates through the settings menu, but doesn't disable anything else? The other GPO completely grays out checking for updates which also prevents the users from manually checking for updates against our WSUS server. One of the GPOs says enabling it will disable the Windows Store. I saw a few different GPOs that can block update checking, but they do more than just block checking online and end up breaking other things. So, this means systems with Windmay get 1903 pushed to the workstation in a few weeks if a user checks for updates online.

We do have a GPO to defer feature updates, but the maximum deferral is 365 days despite feature updates being supported for 18 to 30 months. We want this disabled so that users do not inadvertently download unapproved feature updates.


How can we disable the link in Settings menu that let's users download updates from Microsoft?
