Group Policy to control updates on Win11


pokeefe0001

Well-known member
Member
VIP
Local time
12:15 AM
Posts
217
Location
Pacific Northwest USA
OS
Windows 11
On Win10 & Win11 I have the Group Policy
Computer Configuration>Windows Components>Windows Updates>Configure Automatic Updates set to 2.

On Win10 on the Windows Update page in Settings there is a comment in red saying "Some settings are managed by your organization" . On Win11 there is no similar message. And just to confuse things a bit, the option "Pause for 1 week" is set even though I did not set it.

How can I tell if the group policy is actually working? I installed Win11 on a test PC just yesterday - not enough time to see if this works. I've also go Win11 on a Surface Pro tablet (pre-installed) but have manually installed maintenance too often to tell if it's the policy or the 1 week delay that's in effect.

Win11 21H2 build 22000.556
Win10 21H1 build 19043.1526
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Microsoft
    CPU
    Intel Core i5-8400
    Motherboard
    ASUS PRIME H370-PLUS
    Memory
    16GB
    Graphics Card(s)
    Intel UHD Graphics 630
    Sound Card
    On board
    Monitor(s) Displays
    Samsung SyncMaster 2043BWX
    Screen Resolution
    1680 x 1050
    Hard Drives
    Samsung SSD 850 256GB
    WDC 1TB NVMe
    WD 3TB external USB drive
    PSU
    I don't remember
    Case
    Corsair something-or-other
    Cooling
    Air CPU + 2 case fans
    Keyboard
    DAS S Pro (Cherry Brown)
    Mouse
    Logitech USB of some sort
On Win10 on the Windows Update page in Settings there is a comment in red saying "Some settings are managed by your organization" . On Win11 there is no similar message.

...How can I tell if the group policy is actually working?
I think Microsoft got tired of people asking "Who is this 'organization'? I'm the only user on this PC !". :lmao:

Look in Settings > Windows Update > Advanced options > Configured update policies.

1647829068104.png

And for others looking to set this particular group policy, in W11's Group Policy Editor it's now found in:
Computer Configuration>Windows Components>Windows Update>Manage end user experience>Configure Automatic Updates
 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB Samsung EVO 870 SSD
    Internet Speed
    50 Mbps
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October. Windows Update offered the 22H2 Feature Update on 20th September 2022. It got the 23H2 Feature Update on 4th November 2023 through Windows Update.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 4GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Beta as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, and Canary builds as a native boot .vhdx.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Lattitude E4310
    CPU
    Intel® Core™ i5-520M
    Motherboard
    0T6M8G
    Memory
    8GB
    Graphics card(s)
    (integrated graphics) Intel HD Graphics
    Screen Resolution
    1366x768
    Hard Drives
    500GB Crucial MX500 SSD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround. In-place upgrade to 22H2 using ISO and a workaround. Feature Update to 23H2 by manually installing the Enablement Package.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 4GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Beta as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, and Canary builds as a native boot .vhdx.
Oh, yeah. I forgot that extra "Manage end user experience" they stuck in. I did "manage" to find that.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Microsoft
    CPU
    Intel Core i5-8400
    Motherboard
    ASUS PRIME H370-PLUS
    Memory
    16GB
    Graphics Card(s)
    Intel UHD Graphics 630
    Sound Card
    On board
    Monitor(s) Displays
    Samsung SyncMaster 2043BWX
    Screen Resolution
    1680 x 1050
    Hard Drives
    Samsung SSD 850 256GB
    WDC 1TB NVMe
    WD 3TB external USB drive
    PSU
    I don't remember
    Case
    Corsair something-or-other
    Cooling
    Air CPU + 2 case fans
    Keyboard
    DAS S Pro (Cherry Brown)
    Mouse
    Logitech USB of some sort

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Skylake Special X299
    CPU
    Intel Core i9 9900X
    Motherboard
    Asus ROG Strix X299-E Gaming II
    Memory
    GSkill Trident Z RGB 32GB 3600 16-16-16-36 (F4-3600C16Q-32GTZR)
    Graphics Card(s)
    EVGA RTX 3080 12GB FTW3 Ultra Gaming (12G-P5-4877-KL)
    Sound Card
    Supreme FX
    Monitor(s) Displays
    Asus PG279Q
    Screen Resolution
    2560 x 1440 165Hz
    Hard Drives
    Samsung 980 Pro 500GB x2, Seagate Barracuda 4TB x2, Western Digital Black 4TB x1
    PSU
    EVGA 1200 P2, EVGA Black Custom Braided Cables
    Case
    Thermaltake View 31 Tempered Glass Limited Edition
    Cooling
    Corsair H115i, Thermal Grizzly Kryonaut
    Keyboard
    Logitech G910 Orion Spark
    Mouse
    Logitech G700s, Asus ROG GX860 Buzzard
    Internet Speed
    Verizon Fios Quantum Gateway 75/75
    Browser
    Edge
    Antivirus
    Windows Defender, Malwarebytes 4.5.2
    Other Info
    Thermaltake Riing Duo 14 x3, Thermaltake Riing Plus 14 x2, Corsair HS70 Pro Wireless Headset
  • Operating System
    Windows 10 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Skylake Special Z170
    CPU
    Intel Core i7 6700K
    Motherboard
    Asus Sabertooth Z170 Mark 1
    Memory
    GSkill Trident Z RGB 16GB 3600 16-16-16-36 (F4-3600C16D-16GTZR)
    Graphics card(s)
    EVGA GTX 980 Ti SC x2, EVGA Pro SLI Bridge
    Sound Card
    Realtek High Definition
    Monitor(s) Displays
    AOC G2460PG
    Screen Resolution
    1920 x 1080 144Hz
    Hard Drives
    Samsung 870 Evo 500GB, Seagate Barracuda 4TB x2
    PSU
    EVGA 1000 P2, EVGA White Custom Braided Cables
    Case
    Corsair Vengeance C70 Gunmetal Black
    Cooling
    Corsair H100i v2, Corsair ML120 x2, Thermal Grizzly Kryonaut
    Mouse
    Logitech G500s
    Keyboard
    Logitech G910 Orion Spectrum
    Internet Speed
    Verizon Fios Quantum Gateway 75/75
    Browser
    Edge
    Antivirus
    Windows Defender, Malwarebytes 4.5.2
    Other Info
    Corsair SP120 x4, LG Blu-ray Drive, Durabrand HT-395 100 Watt Dolby Digital Amp
I think Microsoft got tired of people asking "Who is this 'organization'? I'm the only user on this PC !". :lmao:
I've always assume (based on ignorance) that Group Policies were developed for the Active Directory environment and we non-AD users were lucky to get it at all. In the AD environment the message makes sense.

On the other hand the message could have been "Some settings are managed by administrative policy" and it would work for both environments. But Microsoft forgot to ask my opinion.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Microsoft
    CPU
    Intel Core i5-8400
    Motherboard
    ASUS PRIME H370-PLUS
    Memory
    16GB
    Graphics Card(s)
    Intel UHD Graphics 630
    Sound Card
    On board
    Monitor(s) Displays
    Samsung SyncMaster 2043BWX
    Screen Resolution
    1680 x 1050
    Hard Drives
    Samsung SSD 850 256GB
    WDC 1TB NVMe
    WD 3TB external USB drive
    PSU
    I don't remember
    Case
    Corsair something-or-other
    Cooling
    Air CPU + 2 case fans
    Keyboard
    DAS S Pro (Cherry Brown)
    Mouse
    Logitech USB of some sort
I've always assume (based on ignorance) that Group Policies were developed for the Active Directory environment....
I think you are correct. If you download the Group Policy Settings Reference Spreadsheet you'll see that some polices are supported as far back as Windows Server 2003, Windows XP, and Windows 2000. And Windows 2000 was when support for AD was first introduced.
 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB Samsung EVO 870 SSD
    Internet Speed
    50 Mbps
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October. Windows Update offered the 22H2 Feature Update on 20th September 2022. It got the 23H2 Feature Update on 4th November 2023 through Windows Update.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 4GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Beta as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, and Canary builds as a native boot .vhdx.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Lattitude E4310
    CPU
    Intel® Core™ i5-520M
    Motherboard
    0T6M8G
    Memory
    8GB
    Graphics card(s)
    (integrated graphics) Intel HD Graphics
    Screen Resolution
    1366x768
    Hard Drives
    500GB Crucial MX500 SSD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround. In-place upgrade to 22H2 using ISO and a workaround. Feature Update to 23H2 by manually installing the Enablement Package.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 4GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Beta as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, and Canary builds as a native boot .vhdx.
Hey people,

I have this set to option 2 as well and it works until Microsoft want to override it, but that only seems to happen if an update is put off for too long and that's acceptable for me at this time.

My issue is, it is also controlling the "security Intelligence Update(s) for Microsoft Defender Antivirus" so I have to manaully allow that update every time.

Is there a way to allow the definitions to update without my interaction while keeping the rest as set in the policy?
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    MSI
    CPU
    Intel Core i9-14900K Raptor Lake Refreshed 6.0 GHZ
    Motherboard
    MSI MAG Z790 Tomahawk WiFi
    Memory
    32GB (2x16) GSKILL Trident Z5 RGB Series (Intel XMP 3.0) DDR5 RAM 6700MT/s
    Graphics Card(s)
    MSI Gaming GeForce RTX 4070 12GB
    Sound Card
    Onboard Realtek® ALC4080 Codec
    Monitor(s) Displays
    Monitor #1 Samsung Odyssey G50A WQHD G-Sync HDR10 Monitor #2 HP LA1911
    Screen Resolution
    2560x1440 and 1280x1024
    Hard Drives
    Samsung 980 PRO SSD 1TB PCIe 4.0 NVMe Gen 4 Gaming M.2 (150GB System / 850GB More Games)
    Crucial CT2000MX500SSD1 2TB (Games)
    Western Digital Green WD40EZRX 4TB (Data/Backup)
    Western Digital Blue WD60EZAZ 6TB (Storage)
    Western Digital Blue WD60EZAZ 6TB (Media)
    PSU
    Rosewill Hive-750S
    Case
    Cooler Master Elite 430 Mid Tower
    Cooling
    Corsair Hydro Series H60 Liquid CPU Cooler + 3x120mm out + 2x120mm in + Isolated PSU
    Keyboard
    Microsoft Natural Elite White PS/2 (with usb adapter)
    Mouse
    Microsoft D67-00001 Trackball Optical Mouse (rebuilt with ceramic bearings)
    Internet Speed
    350Mb/s hard wired
    Browser
    Edge, FF, Tor
    Antivirus
    Win Def
    Other Info
    Razer Tartarus V2 Gaming Keypad
    Logitech Z-5500 5.1 THX 505w (Orignal 10" Sub with (Fr, Rr, Ctr) Polk Audio satellites
  • Operating System
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    MSI
    CPU
    Intel Core i9-14900K Raptor Lake Refreshed 6.0 GHz FCLGA1700 (Gen 14)
    Motherboard
    MSI MAG Z790 Tomahawk WiFi
    Memory
    32GB (2x16) GSKILL Trident Z5 RGB Series (Intel XMP 3.0) DDR5 RAM 6700MT/s
    Graphics card(s)
    MSI Gaming GeForce RTX 3060Ti 8GB
    Sound Card
    Onboard Realtek® ALC4080 Codec
    Monitor(s) Displays
    Monitor #1 Samsung Odyssey G50A WQHD G-Sync HDR10 Monitor #2 Samsung TU7000 55" TV
    Screen Resolution
    2560x1440 and 3840x2160
    Hard Drives
    Samsung 980 PRO SSD 1TB PCIe 4.0 NVMe Gen 4 Gaming M.2 (System)
    Samsung 980 PRO SSD 2TB PCIe 4.0 NVMe Gen 4 Gaming M.2 (Games)
    Crucial CT1000MX500SSD1 1TB (More Games)
    WD Green WD20EZRX 2TB (Data/Backup)
    WD Blue WD60EZAZ 6TB (Media)
    PSU
    Rosewill Hive-750S
    Case
    Cooler Master N400 NSE-400-KKN2 Mid-Tower
    Cooling
    Corsair H60x RGB Elite Liquid CPU Cooler + 4x120mm in + 2x120mm out (Exhausts out the front) + Isolated PSU
    Mouse
    MSI G20 Elite and Logitech MK345 Wireless
    Keyboard
    Logitech MK345 Wireless
    Internet Speed
    350Mb/s hard wired
    Browser
    Edge
    Antivirus
    Win Def
    Other Info
    Razer Tartarus Gaming Keypad
    MSI GC30 Gaming Controller (Xbox style)

Latest Support Threads

Back
Top Bottom