Properly Configure Windows Update on Windows 11

wrote on April 22, 2023

*Updated on September 2, 2023

Since Windows 95 up till Windows 7, there has always been an easy option under Control Panel > Windows Updates to allow easy control of disabling or enabling Automatic Windows Updates. However, since the beginning of the Windows Metro App (ie. Universal Apps) movement in Windows 8, 8.1 and Windows 10, Microsoft has suddenly removed the Control Panel > Windows Update tool, forcing users to use a heavily hampered Metrofied version in Settings > Windows Update precluding those important toggles - with Automatic Windows Updates enabled by default, constant notifications to restart the updated machine, and a set hardcoded restart postponement limit which when reached issues a forced system restart, all of which disrupt user activity and result in loss of unsaved work. Over the years, Microsoft has claimed that the removal of the Windows Update control is for the PC's best interest, to be kept in an "up-to-date" health status via "latest updates".

Windows 11 is no different from its recent predecessors, in that it requires users to jump through hoops to disable the Automatic Windows Update behavior - who want control over Windows Updates, or who want their system to not wake from Sleep to restart after Updates. This article describes 6 simple steps to keep Windows Update under user control, delegating responsibility of the system health to the user with ability and judgement, instead of to Microsoft's default policy. Although Windows 11 may from time to time reset the Windows Update settings back to default, a keen user will know what to do to keep Windows Update in order.


These steps have been performed on Windows 11 22H2. They should be very similar for recent Windows 10 and Windows 11 versions.

Note that certain Windows 11 versions such as Windows 11 Home may not have Group Policy as described in Step 4, and hence might have to seek out equivalent alternatives via Registry settings or Control Panel settings. For Windows 10, see this article instead. Improvise accordingly.

1. Defer all Windows Updates

Begin by first preventing Windows Updates from installing any updates at all, by deferring them.

Click Start > Settings, and on the left pane, click Windows Update:

In Windows Update, under More options, click the Pause updates dropdown button and select Pause for 5 weeks. This prevents Windows 11 from automatically installing Windows updates for up to the next 5 weeks:

Note that the above setting only postpones the Windows Updates. Automatic Windows Updates will get re-enabled once the deferment period has passed. Hence it is recommended to go through the next few steps below.

2. Disable unnecessary Windows Update settings

In Windows Update, under More Options, click Advanced options.

  • Optional: Flip off Receive updates for other Microsoft products if you do not want your Microsoft Office updated that might include unneeded user interface changes or behavioural changes that might break your usual workflow. If you prefer to have your Microsoft Office to always be updated, keep this on.
  • Flip off Get me up to date. This is the most disruptive to user workflow, since it keeps sending distracting notifications telling the user to restart the device, and if the user does not respond, it automatically restarts the device, that might cause unsaved work to be lost. Instead of "snoozing" the notification, it is better for users to develop a clear discipline to be prompt on deciding when to restart, much like promptly deciding to wake up immediately when the alarm clock rings in the morning.
  • Flip off Download updates over metered connections, which is useful so that you don't incur unnecessary charges if you are using a metered connection like a cellular connection.
  • Flip off Notify me when a restart is required to finish updating. Instead of delegating responsibility to a bot that constantly sends reminders, it is better to develop a sense of responsibility to be constantly aware of the device's state - and that includes knowing when the device needs a restart after a manually installing Windows Updates.
  • Ignore Active hours, leaving it as default. Since a responsible user would not even be relying on Automatic Updates, defining a time frame for automatic restarts after "Active hours" is irrelevant.

In Windows Updates > Advanced options, click Additional Options > Optional updates. This shows updates which may not be needed. Generally, this section is empty, and can be left as is:

In Windows Updates > Advanced options, click Additional Options > Delivery Optimization:

  • Flip off Allow downloads from other PCs. This setting is turned on by default on Windows 10 and 11, because it saves Microsoft servers bandwidth, though Microsoft claims that it speeds up updates as implied by the name of this setting. Leaving this on actually makes every PC act as a server that delivers Windows Updates to other PCs through a peer-to-peer mechanism. This has security implications (such as opening up the PC as a server that possibly connects to many other similar Windows 11 PCs which may be rogue, thereby opening up attack vectors) and performance implications (that is, that the home or office network is now being used to deliver Windows Updates to similar PCs running Windows 11 PCs, meaning electricity and bandwidth costs are pushed to users to deliver updates to one another). There is no reason to flip this on.
  • Under Advanced Options, you can set a limit on the upload and download bandwidth for used by Delivery Optimization of Windows Updates. This is irrelevant if you have turned off Delivery Optimization.
  • Under Activity monitor, you can see an overview of the amount of upload and download bandwidth used by Delivery Optimization of Windows Updates. This is irrelevant if you have turned off Delivery Optimization.

Optional: In Windows Updates > Advanced options, click Recovery where you can restore a Windows 11 system back to its pre-Windows-Update state. This should only be needed if there is a problem with Windows Updates:

In Windows Updates > Advanced options, click Restart apps:

  • Under Additional settings, flip off Automatically save my restartable apps and restart them when I sign back in. Since a disciplined user would have already restarted the PC after a Windows Update, this section is irrelevant. However, for simple users who prefer scheduled Automatic restarts after a Windows Update, this can be kept on (but, be warned that the setting already suggests during an automatic restart, work that can be saved would be, but work that cannot would be lost).
  • Leave the remaining settings in their defaults.

In Windows Updates > Advanced options, click Configured update policies. This section should be empty on a default Windows 11 installation, but after we have configured manual Windows Updates via Group Policy in Step 4, there will be several entries in this section.

3a. Disable Automatic Windows Updates

As seen in Step 2, there is no setting in Start > Settings > Windows Update that allows Automatic Updates to be disabled. To do this, use Group Policy.

Click Start > Edit group policy:

In Local Group Policy Editor, on the left pane, navigate to Local Computer Policy > Computer Configuration > Adminstrative Templates > Windows Components > Windows Update.

Under Windows Update > Manage end user experience, double-click on Configure Automatic Updates:

In the Configure Automatic Updates window:

  • Select Enabled on the top-left.
  • Click Configure automatic updating dropdown, select 2 - Notify for download and auto install. This will allow you to choose when to download and when to install Windows Updates. If however, you prefer for updates to be download automatically, and only manually choose when to install updates, select 3 - Auto download and notify for install.
  • Click Apply and OK to close the window.

3b. Optional: Disable Drivers from Windows Updates

This section is optional, but good to know. As a Windows user, you might have experienced the PC screen going black on boot, blue screens, or crashes after installing Windows Updates. These issues are almost always due to to Windows Updates installing incompatible device drivers, such as graphics drivers. To prevent these drivers from being installed by Windows Update, follow this step.

Under Windows Update > Manage updates offered from Windows updates, double-click on Do not include drivers with Windows Updates:

  • Click Enabled on the top left. This disables device drivers from being included during Windows Update.
  • Click Apply and OK to close the window.

4. Apply Group Policy

For changes to take effect for Step 3a and Step 3b, apply the modified Group policy.

Open Powershell as Administrator:

In Powershell, enter gpupdate /force and hit Enter. This updates Group Policy, and takes about 10 to 20 seconds:

You should see the following messages, meaning Group Policy has been successfully updated:

Computer Policy update has completed successfully.
User Policy update has completed successfully.

5. Verify Group Policy changes

Click Start > Settings > Windows Update:

In Windows Update, click Advanced Options > Configured update policies. Just as mentioned in Step 2, you should now see a list of Group Policy changes made in Step 3a and Step 3b:

6. Manually install updates only when needed

From now on, go to Start > Settings > Windows Update to download and install only the updates you need. Avoid using the Download & install all button because it may install updates you may not need.

If you have disabled Windows Defender in Windows 11, you may skip installing the Windows Malicious Software Removal Tool x64 package which updates Windows Defender definitions:


Congratulations. If you have followed through, you should have:

  • Disabled unnecessary Windows Update "Delivery Optimization" in Step 2, which is basically Microsoft pushing Windows Update delivery costs to their users
  • Disabled Automatic Windows Update via Group Policy in Step 3a
  • Optional: Disabled Automatic Windows Update driver updates via Group Policy in Step 3b
  • Applied Group Policy changes to your system in Step 4, which were verified in Step 5
  • Decided to take on the responsibility of manually managing Windows Updates of your Windows 11 machine, by choosing in Step 6:
    • When to download Windows Updates. Doing so reduces unnecessary downloading of Windows Updates to your computer which consumes bandwidth and disk space on the machine, if Updates are not promptly installed
    • When to install Windows Updates. Only manually install when you think you are comfortable installing, instead of blindly allowing your Windows 11 machine to be updated unpredictably (and its state mutated) every day or so
    • To stop Windows 11 scheduled automatic restarts after Windows Updates. This prevents scheduled restarts from interrupting your work session, or causing unsaved work to be lost
    • To stop Windows 11 scheduled automatic restarts after Windows Updates from setting a wake timer. Wake timers wakes the PC from sleep, only just to update the computer during non "Active hours", which may cause unsaved work sessions to be lost, and waste unnecessary power if the PC does not go back to sleep
    • To prevent Windows Defender definitions from being updated multiple times a day. Windows Defender may really just be a tool used for closely monitoring user activity

Final thoughts

By reducing user control over the operating system (OS) over the years, Microsoft along with all mobile OS tech giants have been subtly stripping users of their right to exercise fine-grained control over their personal devices, while taking this advantage for data mining user activity. Some examples of data mining in Windows 11 include:

The big tech has also begun pushing bandwidth and electrical costs to users. In Windows 10 and 11, this has been done via Windows Update "Delivery Optimization" as discussed earlier in the article.

There has been no other time, where user data has been under such great danger of being harvested by the big tech and stolen by malicious actors, and user resources subtly harnessed through means appearing to be benevolent as claimed by the big tech. It is vital that users begin to protect their own personal data, before humanity arrives at a point of no return.