The Group Policy Setting inhibits the upgrade from actually happening. If you click the upgrade icon, you will get a message that the administrator has disabled upgrades. The setting does not kill the offer program (GWX.exe) if it is already running.
The official supported method for opting out of the Windows 10 upgrade is documented here: https://support.microsoft.com/en-us/kb/3080351
Here is what I did in my environment, based on the KB article.
I set the following registry values:
HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DisableOSUpgrade=0x1 (DWORD)
HKLM:\SOFTWARE\Policies\Microsoft\Windows\Gwx DisableGwx=0x1 (DWORD)
HKLM:\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade ReservationsAllowed=0x0 (DWORD)
You can set the above with Group Policy Preferences. In my environment I have a set of PowerShell scripts that run periodically on our workstations, so I added it there. The exact method is up to you. Either way, I recommend that you use a recurring method to apply the registry setting (Group Policy, Startup Script, Scheduled Task, whatever) and not a one-shot command. It is possible that a future update may reset your registry settings and cause havoc.
The first value I listed corresponds to the Group Policy setting you mentioned. The registry values used by Group Policy are documented here: https://www.microsoft.com/en-us/download/details.aspx?id=25250
Note the third one is not documented by Microsoft anymore. I believe it was documented at one point (my script comments say it came from Microsoft), but I cannot find the source. Not sure if it is need anymore.
Additionally, you have to problem of any PCs that already have the upgrade offer icon (GWX.exe is running). You need a Scheduled Task or similar to find and kill any instances of GWX.exe. Since I already have a periodic PowerShell script in place, I added this code to it:
$processes = Get-Process | Where-Object {$_.Path -like "C:\Windows\System32\GWX\*.exe"}
if($processes)
{
$processes | Stop-Process -Force
}
As an alternative, you could use Group Policy to create a Scheduled Task that uses the TASKKILL command to achieve the same thing.
One other comment: Some people have been advocating declining the security updates that include the upgrade offer. I do not recommend this. If you follow what I have listed above, you do not need to worry about what you approve in WSUS.