Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/flick9000/winscript/llms.txt

Use this file to discover all available pages before exploring further.

Windows Update can be tuned to balance staying secure with avoiding unwanted feature updates, driver changes, and bandwidth usage. The options below cover update mode selection, delivery optimization, metered connection behavior, and driver update control.

Update Modes

WinScript exposes three mutually exclusive radio options for Windows Update behavior. Select the mode that matches your preference — only one can be active at a time.

Default Settings

Restores Windows Update to its factory default state. Removes all custom policy registry keys, re-enables the Windows Update services (bits, wuauserv, usosvc, WaaSMedicSvc), re-enables all Windows Update scheduled tasks across the standard task paths, and resets local security policies to defaults.
Write-Host '-- Restoring default Windows Update settings' -ForegroundColor Green
Remove-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Recurse -Force
Remove-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization" -Recurse -Force
Remove-Item -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Recurse -Force
Remove-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Device Metadata" -Recurse -Force
Remove-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Recurse -Force
Remove-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Recurse -Force
Write-Host "Re-enabling WU services"
Set-Service -Name "bits" -StartupType Manual
Set-Service -Name "wuauserv" -StartupType Manual
Set-Service -Name "usosvc" -StartupType Automatic
Set-Service -Name "WaaSMedicSvc" -StartupType Manual
Write-Host -- "Re-enabling WU scheduled tasks"
$paths = @('\Microsoft\Windows\InstallService\', '\Microsoft\Windows\UpdateOrchestrator\', '\Microsoft\Windows\UpdateAssistant\', '\Microsoft\Windows\WaaSMedic\', '\Microsoft\Windows\WindowsUpdate\', '\Microsoft\WindowsUpdate\')
foreach ($path in $paths) { Get-ScheduledTask -TaskPath "$path*" -ErrorAction SilentlyContinue | Enable-ScheduledTask -ErrorAction SilentlyContinue }
Write-Host -- "Resetting Windows local security policies to default"
secedit /configure /cfg "$Env:SystemRoot\inf\defltbase.inf" /db defltbase.sdb

Only Security Updates

Restricts Windows Update to security patches only by deferring feature updates by 365 days and setting the branch readiness level to 20 (Release Preview channel with delayed rollout). Windows will continue to receive security and quality fixes but will not automatically install major feature upgrades.
Write-Host '-- Delaying feature updates by 1 year' -ForegroundColor Green
reg add "HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" /f
reg add "HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" /v "BranchReadinessLevel" /t REG_DWORD /d "20" /f
reg add "HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" /v "DeferFeatureUpdatesPeriodInDays" /t REG_DWORD /d "365" /f

Disable Updates

Disabling Windows Update entirely is not recommended for most users. Without updates, your system will not receive security patches, leaving it vulnerable to known exploits. Only use this option in isolated, air-gapped, or fully managed environments where updates are deployed through another mechanism.
Fully disables Windows Update by setting the NoAutoUpdate and AUOptions policy keys, disabling all four Windows Update services (BITS, wuauserv, UsoSvc, WaaSMedicSvc), removing the SoftwareDistribution folder, and disabling all Windows Update scheduled tasks.
Write-Host '-- Disabling Windows Update' -ForegroundColor Green
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "AUOptions" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization" /v "DODownloadMode" /t REG_DWORD /d "99" /f
Write-Host "Disabling Windows Update Services"
$updateServices = @("BITS","wuauserv","UsoSvc","WaaSMedicSvc")
$updateServices | ForEach-Object { Stop-Service -Name $_; Set-Service -Name $_ -StartupType Disabled }
Remove-Item -Path "C:\Windows\SoftwareDistribution" -Recurse -Force
Write-Host -- "Disabling Windows Update Scheduled Tasks"
$paths = @('\Microsoft\Windows\InstallService\', '\Microsoft\Windows\UpdateOrchestrator\', '\Microsoft\Windows\UpdateAssistant\', '\Microsoft\Windows\WaaSMedic\', '\Microsoft\Windows\WindowsUpdate\', '\Microsoft\WindowsUpdate\')
foreach ($path in $paths) { Get-ScheduledTask -TaskPath "$path*" -ErrorAction SilentlyContinue | Disable-ScheduledTask -ErrorAction SilentlyContinue }

Configure Windows Update

The following options tune individual Windows Update behaviors independently of the update mode selected above.

Disable Delivery Optimization

Delivery Optimization is designed to save Microsoft’s bandwidth by turning your PC into an upload peer for other devices on the internet. Disabling it means your machine only downloads updates from Microsoft’s servers and never uploads update data to other users.
Sets DODownloadMode to 99 (Bypass mode) under the DeliveryOptimization policy key, which disables peer-to-peer and group-based update sharing entirely.
Write-Host '-- Disabling Delivery Optimization' -ForegroundColor Green
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization" /v "DODownloadMode" /t REG_DWORD /d "99" /f

Disable Updates over Metered Connections

Prevents Windows Update from downloading updates when the active network connection is marked as metered (e.g., a mobile hotspot or a capped data plan). Sets AllowAutoWindowsUpdateDownloadOverMeteredNetwork to 0.
Write-Host '-- Disabling Updates over Metered Connections' -ForegroundColor Green
reg add "HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" /v "AllowAutoWindowsUpdateDownloadOverMeteredNetwork" /t REG_DWORD /d "0" /f

Disable Hardware Driver Updates

Prevents Windows Update from automatically downloading and installing hardware driver updates. Sets ExcludeWUDriversInQualityUpdate to 1 under the WindowsUpdate policy path, and sets SearchOrderConfig to 0 to stop Windows from searching Windows Update as a driver source.
Write-Host '-- Disable Hardware Driver Updates' -ForegroundColor Green
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "ExcludeWUDriversInQualityUpdate" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching" /v "SearchOrderConfig" /t REG_DWORD /d 0 /f

Build docs developers (and LLMs) love