Do you have a patching strategy? It should include turning off Automatic Windows update.
Patch Tuesday is here. To avoid the usual splitting headache, we recommend disabling automatic updates for Windows and implementing a reliable patch strategy.
Windows 10 updates whether you want it to or not…unless you know the trick. While we recommend that you always keep your systems patched, sometimes the updates are worse than the vulnerability, like the July Patch Tuesday this year.
If you have a Professional, Enterprise, or Education edition of Windows 10, you can turn off automatic updates, but the option is hidden. You need to pull yourself out of beta testing and then delay new versions by setting the “feature update” deferral to 120 days or more. Here’s what to do in version 1703, if you have a later version of Windows 10 these settings still apply, but the wording is slightly different.
- Press Win-R, type gpedit.msc, press Enter. This brings up the Local Group Policy Editor.
- Navigate the left pane as if it were File Explorer to
- Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Updates.
- Choose Select when Feature Updates are received.
- In the resulting dialog box, select Enabled.
- In the Options box, type in how many days you’d like to pause updates and then in the next field type in today’s date.
- Click Apply and then OK.
If you want to you can repeat this process for the second setting in Group Policy named Select when Quality Updates are received. Keep in mind, however, that quality updates include security updates and skipping them is not the best idea. On the upside, security updates are cumulative meaning if you do skip these updates, you can download the next one and be up to date.
Win7 and 8
- Log in to the Windows 7 or Windows 8 guest operating system as an administrator.
- Click Start > Control Panel > System and Security > Turn automatic updating on or off.
- In the Important updates menu, select Never check for updates.
- Deselect Give me recommended updates the same way I receive important updates.
- Deselect Allow all users to install updates on this computer and click OK.
Your IT update solution should facilitate phased rollouts and have full rollback options. These are the necessary keys to avoiding data loss or device outages.
Step 1. Identify
You can’t manage your environment if you don’t know what devices are there and which need updates. An IT solution should also be able to manage roaming devices.
Plus, if data is stale, it could mean missing a device or update that was critical to secure. Detect the state of your environment with live, accurate, and actionable data.
Step 2. Test Group Deployment
Deploy the updates to a small group of devices. These devices should be of low impact to the overall productivity of your company. Once these devices have been successfully and safely updated, you can deploy needed updates without worrying about a massive disaster.
Step 3. Phased Rollout
Now updates should be distributed to any device that needs them. However, you want this task to preform around business hours. Updates are important, but so is avoiding interruptions of productivity. A maintenance window should be set up so that any update tasks happen before and after business hours.
And to facilitate a proper patching strategy, look to a comprehensive IT solution.
Software Update Service
We understand that while updating software is the #1 way to protect your environment, it’s low on your priority list. As an IT department, you have other pressing tasks that you need your attention.
With our Software Update Service, you can move forward while we keep your devices up to date.
Our expert patch management team provides reliable support with detection and remediation for Windows and third-party software updates. We work closely with you to provide safe and efficient endpoint security with your own systems management tool or ours, Syxsense.
Our team will keep your IT systems reliable with endpoints updated and secure.
Schedule Your Syxsense Demo
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.