5

I know it is not safe but I need to know how to prevent all computers in my LAN to download updates.

I have squid as proxy with dansguardian and I use OpenDNS...

I have put on a blacklist on dansguardian microsoft.com but it looks like it is not enough.

Dave M
  • 4,494
  • 21
  • 30
  • 30
Pitto
  • 2,009
  • 10
  • 33
  • 49

4 Answers4

8

In order to block it in one section of our network the following domains were redirected to a site with instructions:

  • update.microsoft.com
  • windowsupdate.microsoft.com
  • windowsupdate.com
  • download.windowsupdate.com

These seem to have done the trick here, but it mightn't be the full list.

Niall Donegan
  • 3,859
  • 19
  • 17
7

You may want to consider, rather than blocking all updates, managing updates with WSUS. Assuming you have a copy of Windows Server and your clients are in a domain, it's a free option that you can use to only deploy updates when and where you want them.

Michael Lowman
  • 3,584
  • 19
  • 36
  • +1 WSUS is a great way to manage Microsoft update - Central management of what updates are applied and which are not - 1 download instead of many. you could also use the GPO to fully block Microsoft Updates by pointing the update server path as an unreachable location. – JamesK Jan 07 '11 at 12:40
  • Of course that will be the final aim... Now I just need a way to block updates because there are free roaming pc, I don-t know where, killing my bandwidth – Pitto Jan 07 '11 at 12:45
  • I'm with Michael and JamesK here despite my answer despite my original answer. – Niall Donegan Jan 07 '11 at 12:47
  • My question is specific... I just need to know how to block it :) No domain here and install manually wsus on a LOT of clients will be done in future when we'll have domain... Now I just need windows update to stop eating bandwidth for a while... – Pitto Jan 10 '11 at 11:51
1

Blocking the windows updates is a very hard task. You can't only block a few of the servers as there are many and if 1 is blocked, the updates immediately go to a different server.

You can check some of the servers here:

https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1709-non-enterprise-editions

Arak Rachael
  • 11
  • 1
0

Its simple go to start menu> control panel (view by small icons)>administrative tools > services. Search for Background intelligent transfer service and windows update ...stop the services and on properties disable them

mawire
  • 1
  • It may be *simple* but it would be tedious to do this for the dozens or hundreds of computers in the OP's network. Could you improve this answer to apply to more than a handful of machines? Maybe pushing out that change via a centralised system? – Ladadadada Mar 02 '13 at 18:54