Hello,
Anyone here has advice on the best way to manage windows updates and to stop machines from doing windows updates automatically? I have the procedure to disable windows updates. Machines keep on doing updates on their own regardless of if we approve updates or not.
Thnx
hi @QuickSilverST , you can turn off OS patching and 3rd party patching separately from Profiles â Patch Management section.
Hey, thank you for the reply. I did read the documentation, but how it looks to me is if you use this section in the profile, it completely disabled updating even when you do approve or run procedures to do updates it wonât update, or am i mistaking here?
@ilgaz I think what @QuickSilverST is asking is - how do you ensure that updates are applied ONLY via Itarian. I.e. how to stop the device doing automatic updates or how to stop the end user from clicking âcheck for updatesâ in Windows and installing them.
@QuickSilverST Correct me if Iâm wrong, thatâs just how I read your question. I too would like the answer to this 
@itg Yes, your spot on. In all the years I been using this platform itâs always been an issue. Regardless of if you approve and install updates via the platform, they get installed anyways.
Hi @ilgaz
Do you have any updates on this?
How to do the updates? 
hi @alphayash
you can update the windows automatically rom Profiles â Patch Management section.
Thank you
Hi, this is only to enable/disable patching but not to stop auto updates and only to do updates by platform.
Thanks for the reply Man!!
@ilgaz Bumping this thread for a response to my question above.
Many thanks
The approve/deny function under the Patch Management has no effect on the workstation. This is because it does not know about ITarian patch management server. Basically the patch management feature is useless and cannot be used in an enterprise environment. I have given many feedback in the past and I am fed up.
So this is what I have done in our environment.
Disable the ability of the user to click on âCheck for Updatesâ on the workstation by By enabling the Group Policy setting under Computer Configuration\Administrative Templates\Windows Components\Windows update\Remove access to use all Windows update features .
Created a Monitor that will disable the Windows Update service if its running. Note that its required because if you disable the service then âWaaS Medicâ service feature will automatically enable it and do the windows update without your knowledge. So creating a monitor to keep disabling the Windows Update service is a must.
Now when you really want to install the patch then do it with the help of the PROCEDURE. In that procedure the very first step that you need to do is ENABLE the Windows Update service and then peform the patching procedure. Make sure that you do this with Maintenance Window and ensure the setting for âDisable Monitorsâ is enabled.
You can use the Powershell module PowerShell Gallery | PSWindowsUpdate 2.2.0.3