How to take control of Windows 10 security update settings

It's often wise to defer Windows 10 or Server 2019 security updates to let the glitches shake out. Here are the settings needed to make that happen.

Windows 10 update settings are varied and at times confusing. The following settings allow me to control exactly when security (and other) updates will automatically update on my systems. You can use these Windows Update for Business settings either on a standalone workstation, in group policy, via registry entries, or in conjunction with Windows Software Update Services (WSUS). Note these settings are current as of 1803 on Windows 10.

You need to set the Windows Update for Business settings to defer quality (security) updates for a set number of days. Given the side effects of updates, I recommend waiting at least seven days if not more before installing quality updates. A deferral of 11 days pushes the update window past the weekend and on to the second week when most of any side effects are identified.

The second deferral I recommend is the installation of Feature Update to a time and date that you feel is right for your environment. I also recommend scripting the install of the feature updates as a better way to control the install of Windows 10 feature releases. When the feature release is deemed ready for business, the release is declared semi-annual.

If you take no action to control updates, the feature releases are set to semi-annual (targeted) by default and you will receive the feature releases when Microsoft deems your computer ready for the update. Feature updates do not include security updates and thus it’s quite safe to push off feature updates to ensure that your vendors support the release. These deferrals can be set on Windows 10 Pro, Enterprise and Educational versions.

Tip: If you manage group policy in a domain setting, be sure you download the Windows 10/Server 2016 templates to your domain by copying the ADMX files from any recent Windows 10 workstation to the server group policy settings to the SYSVOL central store:

To continue reading this article register now

The 10 most powerful cybersecurity companies