How to block completely Windows Update on my network

In order to block it in one section of our network the following domains were redirected to a site with instructions:

  • update.microsoft.com
  • windowsupdate.microsoft.com
  • windowsupdate.com
  • download.windowsupdate.com

These seem to have done the trick here, but it mightn't be the full list.


You may want to consider, rather than blocking all updates, managing updates with WSUS. Assuming you have a copy of Windows Server and your clients are in a domain, it's a free option that you can use to only deploy updates when and where you want them.


Blocking the windows updates is a very hard task. You can't only block a few of the servers as there are many and if 1 is blocked, the updates immediately go to a different server.

You can check some of the servers here:

https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1709-non-enterprise-editions