Thursday, August 06, 2015

Stop Windows 10 Pushing to Domain Computers

Many networks I work on have appeared to be slow the past several days.  After doing some research I found out that Microsoft is pushing Windows 10 to domain joined machines even though they don't qualify for the "free" upgrade.

This is causing many networks internally and their Internet connections to slow to a crawl because of all of the data saturation.

Here's how to shut it off using Group Policy:  (You will need at least one Server 2012R2 Domain Controller for this to work)

The setting is located via [Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update].  The name of the policy is "Turn off upgrade to the latest version of Windows through Windows Update"

Given that these files can be between 2G and 3G (stored in a hidden folder on the local disk called #Windows.~BT) it is easy to see how this can impact a network of several hundred machines.  My research says this happens without the end user ever seeing the white 'Get Windows 10 flag'.

I put this policy in place on our network tonight as researching network traffic through our ASA has proven this to be true.

I like what Microsoft has done with Windows 10 so far but this is taking things a bit too far.


Anonymous said...

Thank you. I was able to get it installed and log in. But there is no traffic. Any ideas? Thanks.

Robert Bollinger said...

For Windows 10 Version 1607 (OS Build 14393.51) the registry edit is as follows:

2.Goto HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CVirtA
3.Open Enum and locate DisplayName
4.Right click and choose Modify from the menu.
5.In Value data, remove @oemX.inf,%CVirtA_Desc%;. The Value should only be Cisco Systems VPN Adapter for 64-bit Windows.
6.Click Ok.
7.Close Registry Editor.
8.Restart the Cisco VPN Client.

Anonymous said...

This is messed up... the fix doesn't work!