Requesting a script here can prevent endpoint users from starting Windows updates on their own.
The customer originally used WSUS to control updates and completely locked endpoint users from updating by themselves, but now after importing our product, they want to control this through our console, so I first ran “Disable the WSUS server update” this script points to the WSUS SERVER to stop updating, and then runs “Disable Windows update” to prevent the endpoint from automatically updating, but after I run “Disable Windows update” I let the customer do the test, and when the customer manually enables checking for updates , Windows updates can still run normally. This situation may make it difficult for customers to control device updates in their environment. Is there a way to use scripts to achieve this so that endpoint users cannot update themselves but fully utilize the updates of the EM platform? To control?
We tried some alternative ways but we were not able to achieve it. We are sorry to inform you that this can’t be achieved as Microsoft has restricted us from modifying GPO through script.
Please refer this the customer comments, which we thought will be useful for you
Thank you for trying. I know this is difficult. I will try to use the following methods to control it. Thank you very much for your efforts in helping me.