Table of contents

Windows updates are one of the most critical aspects of your Windows computer, and this is not up for debate. Cybercriminals are dedicated in their pursuit of vulnerabilities, and Microsoft works hard to find exploitable loopholes and close them, which it does through developing and releasing updates for its software. Therefore, you put yourself at serious risk when not installing Windows updates.

Also read: TOP-10 Cyber Security Threats: All You Need to Know

In previous years, new Windows versions were released to take security to a new level. However, since Microsoft ended the tradition of releasing new Windows versions, Windows Update for Windows 10 and Windows 11 became the main tool for keeping the operating system up to date. Its responsibilities include installing security, feature, and quality updates.

Do you know: Windows 10’s End of Life Is Near: What You Need to Consider?

To fetch and install Windows updates, the utility has to connect to Microsoft servers. However, you can choose to install the updates from an Intranet Microsoft Update service location instead. Most network administrators do so using the Windows Server Update Services (WSUS).

With WSUS, you can easily manage how Windows updates are deployed to systems on a network. You can determine when and if a device receives updates and the type of updates that will be installed to any system.

All that said, systems could still reach out to Microsoft Update and Microsoft Store servers to fetch updates for Windows Store applications and other Microsoft products. If your main objective is to prevent the system from connecting to Microsoft servers, you need to enable a Group Policy option called “Do not connect to any Windows Update Internet locations.”

This policy only works when you’ve configured the computer to download and install updates from an Intranet Microsoft Service location.

In this article, we’ll be showing you several ways for how to prevent Windows from connecting to any Windows Update Internet locations.

How to Prevent Windows from Connecting to Any Windows Update Internet Location

Solution 1: Using the Registry Editor

Here, you’ll be disabling the DoNotConnectToWindowsUpdateInternetLocations DWORD. 

However, before you start, it’s recommended that you back up the system registry to avoid unforeseeable issues.

Making the wrong turn in the Registry Editor is not the only thing that poses risk to your system registry. 

PRO TIP
Sometimes, leftover and corrupt registry keys wreak their own kind of havoc. You can easily prevent that from happening by using a tool such as Auslogics Registry Cleaner . The utility will make sure any key that puts your operating system at risk is removed.
Download for Free Learn More

Now, to the main business:

  1. Open the Registry Editor.
  2. Go to the left pane of the window and open the HKEY_LOCAL_MACHINE folder.
  3. Next, open the SOFTWARE tree.
  4. Under SOFTWARE, go to Policies and click on it.
  5. After that, expand the Microsoft folder, then click on the arrow beside Windows.
  6. Now, click on WindowsUpdate.
  7. Your next move is to navigate to the right side of the window, right-click the empty surface, and then click on New >> DWORD (32-bit) Value.
  8. Rename the new DWORD “DoNotConnectToWindowsUpdateInternetLocations” (don’t add the quotes).
  9. Now, double-click on the DWORD.
  10. Once you see the Edit DWORD Value dialog, enter 1 into the Value box and select Hexadecimal under Base.
  11. Click on OK.
  12. Exit the Registry Editor and restart your PC.

Solution 2: Using the Group Policy Editor

Here’s how to prevent Windows from connecting to any Windows Update Internet locations using the Group Policy Editor:

  1. Right-click on the Windows logo in the taskbar.
  2. In the Power User menu, click on Run.
  3. You can also press the Windows logo and R keyboard buttons together to launch the Run dialog box.
  4. After Run opens, type “gpedit.msc” (don’t add the quotes), and then click on the OK button.
  5. Once the Group Policy Editor opens, go to the left side and open Computer Administration >> Administrative Templates >> Windows Components >> Windows Update.
  6. Click on Windows Update, then navigate to the right side of the window and double-click an option that reads, “Do not connect to any Windows Update Internet locations.”
  7. Click on the Enabled radio button when the dialog window opens.
  8. Click on OK, exit the GP Editor, and then restart your system.

Solution 3: Using the Hosts file

Modifying the Hosts file on your PC is yet another option. This method works by redirecting Windows Update domains back to your local machine; effectively, you are blocking your system from reaching Microsofts servers.

Here are the steps to take:

  • Open the Hosts file at C:\Windows\System32\drivers\etc\hosts with administrative privileges.
  • Go on to add these lines at the end of the file:

127.0.0.1   update.microsoft.com

127.0.0.1   download.windowsupdate.com

Save the changes and restart your PC.

Let’s add here a note: If you have ever encountered problems after updating Windows, check our guide on how to Troubleshoot Windows Update Problems.

Solution 4: Using a firewall

If you are looking for more control over the connections your Windows system makes, using a firewall to block Windows Update traffic can be very effective. This will prevent automatic updates but let you maintain other network functionalities without disruption. 

Do the following:

  • Open Windows Defender Firewall with Advanced Security (click Start and search for it).
  • Create a new outbound rule (Outbound Rules > New Rule).
  • Set the rule type to Custom and apply it to all programs.
  • In the Protocol and Ports section, choose Any.
  • In the Scope section, add the IP ranges for Windows Update servers (which can be found online) to block them.
  • Set the action to Block the connection.
  • Name the rule and complete the setup.

Solution 5: Using third-party tools

There are third-party apps you can use to either completely block Windows Updates entirely or to give you more control over when and how updates are applied—for example, Windows Update Blocker or StopUpdates10.

While using third-party tools can simplify the process, it’s important to note that they may interfere with other system functionalities. Make sure you are using a trustworthy tool from a reputable source.

Solution 6: Prevent Windows from connecting to any Windows Update Internet location by disabling the Windows Update service

If youre looking for a simple and direct way to stop your Windows system from connecting to update servers, disabling the Windows Update service is a straightforward solution.

Heres what to do:

  • Open the Services application by typing services.msc” in the Run dialog.
  • Scroll down and locate the Windows Update service.
  • Right-click on it, select Properties, and set the Startup type to Disabled.
  • Stop the service if it’s running.

Please note that the Windows Update service will prevent Windows from checking for updates entirely. This is a quick and easy fix, but it will leave your system vulnerable, as you may be missing out on key security patches.

How to Prevent Windows from Connecting to Any Windows Update Internet Locations: Answered

Preventing your Windows system from connecting to Windows Update Internet locations will give you more control over when and how Windows updates happen. This can be especially important in environments where strict management of updates is preferred.

You can take control of Windows updates by using the Registry Editor, Group Policy, modifying the Hosts file, implementing new firewall rules, or disabling the Windows Update service entirely.

Make sure to always consider the security implications and weigh the benefits before deciding which method best suits your needs.