microsoft___windows_8_logo_by_n_studios_2-d5keldy

Blocking Win 10 on the domain

, Blocking Win 10 on the domain

Windows 10 is here and frankly it’s great.  You will, however, want to be careful to put some controls in place to stop the uncontrolled install of this new OS directly by end users. 

Every firm has them, those users who really wish they were in IT and want to be on the bleeding edge of everything.  While their enthusiasm is laudable, the impact of such upgrading abandon can often be an administrative nightmare for the technology staff.  With the advent of Windows 10 the potential for such “installations in the wild” has increased many fold as most versions of windows are entitled to a free upgrade path from Windows 7/8/8.1 to Windows 10 – and all delivered direct to the machine via the web. 

 Obviously we as admins want to have some fairly tight controls over desktop environments so what is to be done?  Thankfully Microsoft has extended already existing tools to give us everything we need to control unauthorized upgrades.  In June of this year Microsoft pushed KB3050265 ( https://support.microsoft.com/en-us/kb/3050265 ) which extends the existing group policy options to add the following policy path and setting:

 Policy path Computer Configuration / Administrative Templates / Windows Components / Windows Update

Policy setting Turn off the upgrade to the latest version of Windows through Windows Update (enabled or disabled)

To suppress this offer through the registry, set the following registry key:

HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

DWORD: DisableOSUpgrade = 1

The extension of the existing group policy objects is a simple proposition.  We would, however, encourage the backup of the existing settings prior to the application just as a matter of good practice.  Obviously the application will only help you if you have control of the GP application to the machine.  Those home machines, now that is another story.  (Though the application of this GPO is just as applicable there and could be achieved via your MDM program).

 We would suggest getting these settings in-place ASAP to avoid the inevitable call from that bleeding edge user.

 

Did you find this helpful?

Share it on social media!

THIS BLOG POST IS BY
Adam is one of the co-founders of Adaptive Solutions. In his current role as CEO, Adam is responsible for overseeing all day to day aspects of the company. Under Adam’s leadership, Adaptive’ s leadership team have been able to transform the company into the leading provider of Document Management services in the United States. Along with the team, he has continually reinforced the concept of focus and becoming the best in the world in our vertical. Adam is a veteran in the field of legal technology and system integration for large legal practices. During his time in-house, Adam’s strong skills include technology leadership for numerous DMS conversions and upgrades, while taking primary responsibility for the support of all branch location technology needs. Adam is kept busy shuttling his three children, but in his spare time enjoys the recreational opportunities that only California can offer.

Leave a Comment