How to block completely Windows Update on my network

windows-update block

In order to block it in one section of our network the following domains were redirected to a site with instructions:

  • update.microsoft.com
  • windowsupdate.microsoft.com
  • windowsupdate.com
  • download.windowsupdate.com

These seem to have done the trick here, but it mightn't be the full list.


You may want to consider, rather than blocking all updates, managing updates with WSUS. Assuming you have a copy of Windows Server and your clients are in a domain, it's a free option that you can use to only deploy updates when and where you want them.


Blocking the windows updates is a very hard task. You can't only block a few of the servers as there are many and if 1 is blocked, the updates immediately go to a different server.

You can check some of the servers here:

https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1709-non-enterprise-editions

Related

Password protect wired LAN?
Safely remove a disk from a spanned volume
Why do people put empty index.html files into web directories?
Finding out which version PHP a remote server is running
IE8 vs Firefox 4 with regards to central management and updating
Production BIND DNS servers - Do you use the package manager or compile the latest stable edition?
Mixing SAN iSCSI Traffic with core network traffic, Am I asking for trouble?
Embedded device configured with bad IP address, can I still connect?
A flexible SMTP server that's open source or free [closed]
Which NIC have the IP address?
How do I setup a secondary incoming mail server?
Determine the motherboard/chipset type on FreeBSD box