Windows - Configuration - Disable Check for Updates

What the Windows Update button disabler does

This Automox Worklet™ disables the 'Check for Updates' button in the Windows Update settings interface. The Worklet modifies a specific registry key that controls user access to update checks, preventing end users from initiating manual update installations.

The Worklet targets the SetDisableUXWUAccess registry key located at HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\. Setting this registry value to 1 (enabled) hides the 'Check for Updates' button from the Windows Update interface.

Important: Disabling this button does not stop Windows from automatically downloading and installing updates through your configured update policy. It only prevents users from manually checking for or installing updates on their own schedule.

Why control manual update checks

Centralized update management is critical for security and stability across your endpoint infrastructure. When users can manually trigger updates, they may install patches at inconvenient times, causing unexpected system restarts or compatibility issues. By controlling the update timeline, you maintain consistency and reduce support burden.

Organizations with compliance requirements often need predictable patching schedules. This Worklet enforces that policy by removing user choice from the update process. Your update management team maintains full control over when and how patches deploy across your fleet.

Restricting manual update access also reduces the risk of users installing untested patches that conflict with business applications or create unforeseen downtime. This is particularly important for workstations supporting critical business functions.

How the update button disabling works

1. Evaluation phase: The Worklet reads the Windows registry at HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\ and checks whether the SetDisableUXWUAccess key exists and is set to the value 1. If the key is missing or set to a different value, the endpoint is flagged for remediation.

2. Remediation phase: The Worklet creates or updates the SetDisableUXWUAccess registry key with the DWORD value of 1. This change takes effect immediately and persists across system restarts.

Windows Update policy requirements

• Windows 10 version 1809 and later, or Windows Server 2016 and later

• PowerShell version 3 or later (typically pre-installed on supported Windows versions)

• Administrator privileges to modify the registry

• The Policies registry path must be writable (present on all Windows 10/Server 2016+ endpoints)

Expected Windows Update interface behavior

After successful remediation, the 'Check for Updates' button disappears from the Windows Update settings screen. Users can no longer click this button to manually initiate update checks. The Windows Update interface will display only status information and previously scheduled updates.

Windows continues to download and install updates according to your configured update policy and group policy settings. The Worklet does not affect automatic update behavior, only the user-facing option to check manually. Verify the change by opening Settings > Update and Security > Windows Update on a remediated endpoint and confirming the button is no longer visible.

How to validate disable check for updates changes

1. Run this Worklet on a pilot Windows endpoint and review evaluation output for disable check for updates.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as Write-Error, Write-Output.

4. Validate remediation effects from script operations such as Write-Error, Write-Output, then rerun evaluation for compliance.