if you have the Pro Edition, open group policy editor (gpedit.msc) search for the Configure automatic updates entry, located at:

computer configuration → administrative templates → windows components → windows update

and select Notify for download and notify for install.

When Windows detects new updates it shows a toast notification.

You can also use the troubleshooter from Update KB3073930 to disable some problematic updates, so that they are not installed again.

This is the official way from Microsoft to prevent setup of unwanted updates and drivers.

But there is a 3rd party tool called Windows Update MiniTool which allows to select which updates can be installed and allows to block updates like you could in former Windows versions.

An alternative to the standard Windows Update What you can do:
• Check for updates
• Download updates
• Installing Updates
• Deleting installed updates
• Hiding unwanted updates
• Get direct links to the *.cab / *.Exe / *.Psf update files
• View update history
• Configure Automatic Updates
• This tool is like the external powershell module PSWindowsUpdate, but much more advanced and user-friendly features
• The tool relies and use same WU infrastructure, all downloading are through WU it's not a downloader

The user slavanap posted a 2nd tool in a comment which allows you to selectively install updates. It is called Windows10 Manual Update and is available on github:

.

In the Windows 10 creators Update, there is an option to stop Windows Updates for 35 days:

under Settings App where the Windows Update options are.

One of the most controversial aspect about Windows 10 is Microsoft’s decision to make updates obligatory. If you have Windows 10 Pro, Enterprise or Education editions you can defer updates, but you can’t reject them outright.

If you’re unhappy with Microsoft forcefully installing updates on your system without your say, you can block this function using the W10Privacy.

If you haven’t heard of this program before it’s well worth checking out as the software gives you control over Windows 10’s many privacy functions, allowing you to prevent the OS snooping on what you do. Options are color coded so you can see at a glance whether something is safe to change/disable or not.

In W10Privacy 2, you can now set the program to disable Windows 10’s own update mechanism and replace it with its own. Users can choose which updates to install, and which to ignore. This isn't something everyone should do, but you can easily reverse the steps should you need to.

Before you can use this function, you need to download some additional components. Follow these steps:

• Download W10Privacy 2 and unzip it to a folder on your hard drive.
• Download PsExec (part of PsTools package) and copy it into the W10Privacy folder.
• Download the Windows Update PowerShell Module from Technet, and unzip it to a subfolder in the W10Privacy folder.
• Right-click W10Privacy.exe and choose Run as administrator from the context menu. Choose to make a system restore point. It’s also worth making a full system backup (just in case).
• Go to Extras > Windows Updates to manage the options. There are six different check boxes. None are enabled by default. They are:
• PSWindows Update module exists (must be provided previously by user to the W10Privacy folder).
• PsExec.exe in W10Privacy folder (must be provided by user). W10Privacy adaption of the PSWindows-Update Module.

• Configure fake WSUS server.

• W10Privacy is located in a path/folder without spaces. Do not consider drivers in Update Search.

• Assuming you want to manage updates manually, check the first five options. The sixth option lets you decide whether to list drivers alongside updates. This is up to you.
• Click Set changed settings then click the Start checking for updates button and you’ll be shown any new updates that have yet to be installed and can choose what action to take.

Once you’re in charge of your updates, run the software regularly and check to make sure you don’t miss any important updates;

Credits:

1. How to get total control over Windows 10's automatic updates

With the help of @Ramhound I have managed to figure out how to stop automatic updates on windows 10.

Please note this applies to Windows 10 Pro as it's the version I am running.

To stop the autmatic updates you can do the following:

1. Open Settings
2. Click on Update & security
3. Click on Advanced options
4. Ensure Defer upgrades option is checked
5. Close down the settings window and that's it you're done!

Update

As mentioned in the comments by @Vinayak the defer option is now available for home users too. Further information here

For Windows 10 Home Users

Try the following method from Windows Central. Basically, you will disable the reboot service, not the update service. You can then reboot whenever you want. Please note, you need administrator privileges, but I assume you already have it since you are using Windows Home edition.

1. From a Windows explorer window, rename the file: C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot (assuming your %windir% is C:\) to Reboot.old. Note, you will be asked for administrator access here.
2. Create a directory named Reboot in C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\. This will prevent windows from recreating a file with the same name. Note, you will be asked for administrator access here.
3. Reboot the machine. This will reset all of the services, and prevent the reboot service from starting.

Please note, this is not promoted by Microsoft. But then again, neither is controlling you own boot schedule, so take that MS! Seriously, if you don't know what you are doing understand the risks you are taking by following any directions off the Internet. This is certainly simple enough that an understanding of Windows 95 would help explain what is happening here.

Massive rework of previous batch files toggle suite into single script with best practices blocking!
Watch it in action

Desktop right-click context menu dynamic UI with toggles for everything!
Toggle all blocks on/off, Renew (from pastebin) or uninstall script options

Hide / Unhide / Install update lists with counter!
Lists are automatically updated whenever Windows would nag you via MusNotification!

Independently block Build upgrades, Automatic Installs, Downloads, Service
IFEO safe blocking with no destructive changes of ownership, deleting files or removing tasks

Focus set on Defender updates working independently
Toggling off windows mayhem automatic updates will not sacrifice built-in protection layer,
unlike any other -DIY- updates "management"

windows_update_toggle.bat

@set @version=10.0 /* &title Windows Update Toggle
@echo off &set "verbose="
echo.
echo      ---------------------------------------------------------------------
echo     :                  Windows Update Toggle v10.0 final                  :
echo     :---------------------------------------------------------------------:
echo     :      Block/Enable Upgrades, Installs, Downloads(!), Service(!)      :
echo     :         Disable/Enable Reporting, Speech, SearchUI, Defender        :
echo     :        Hide/Unhide/Apply update lists with count and max size       :
echo     :       Preset for Defender updates and Store downloads working       :
echo     :                                                                     :
echo     :     Toggle from the comfort of Desktop right-click context menu     :
echo      ---------------------------------------------------------------------
echo.
:: AveYo, 2018-05-13

if %1.==. timeout /t 10 &call wscript /e:JScript "%~f0" runas setup &exit/b &rem : no arguments, run setup elevated
if %1.==shift. shift &shift &rem : if loaded by WScript, shift args to prevent loop and restore %0
if %1.==. echo ERROR! &timeout /t 5 &exit/b : must have at least one arg

:: Setup executable blocking via ifeo
set notifier=EOSNotify MusNotification
set upgrader=Windows10UpgraderApp Windows10Upgrade WindowsUpdateBox SetupHost setupprep
set installer=wuauclt
set reporter=wermgr wsqmcons DiagTrackRunner DiagnosticsHub.StandardCollector.Service CompatTelRunner
set speecher=SpeechRuntime SpeechModelDownload
set searcher=SearchUI

set "exe=%notifier% %upgrader% %installer% %reporter%"
set "noop=%SystemRoot%\system32\systray.exe"
set "ifeo=HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options"
set "menu=HKCR\DesktopBackground\shell\WUT"
set "f0=%SystemRoot%\windows_update_toggle.bat"
set "task=wscript.exe /e:JScript \"%f0%\" schtasks WUT"
set "DefMUS={MicrosoftUpdateServer|MMPC|InternalDefinitionUpdateServer}"
set "DefMMPC={MMPC|MicrosoftUpdateServer|InternalDefinitionUpdateServer}"
set ".=>nul 2>nul"
for /f "tokens=2 delims=1234567890" %%# in ('shutdown /?^|findstr /bc:"E"') do set "[T]=%%#" &rem : cosmetic usage in menus
if defined verbose (echo on &set ".=" &set "window=") else set "window=hide"
call :%~1 %2 %3 %4 %5 %6 %7 %8 %9 &rem : launch secondary functions below dinamically, passing next args
echo.
echo Done! Use the Desktop right-click context menu to toggle, renew or uninstall
if "%~1"=="setup" (pause) else if defined verbose timeout /t 5
exit/b : End of main script, functions below

:refresh context menu
echo %0 %*
call :reg_query "HKLM\SOFTWARE\WUT.bat" NoBlock noblock
if "%noblock%"=="Enable" exit/b
call :reg_query "%menu%0pending" MUIVerb pending
if defined pending exit/b
for %%# in ("1hide" "2unhide" "3apply") do reg delete "%menu%%%~#" /f %.%
reg add "%menu%0pending" /v MUIVerb /d "Pending.." /f %.%
reg add "%menu%0pending" /v SubCommands /d "" /f %.%
call :reg_query "HKLM\SOFTWARE\WUT.bat" NoRefresh norefresh
if "%norefresh%"=="Disable" start "WUT" wscript /e:JScript "%f0%" WUTRefresh
call :status SetupHost
reg add "%menu%\shell\3Upgrades"   /v MUIVerb /d "Upgrades %[T]% [setuphost]    %toggle%" /f %.%
reg add "%menu%\shell\3Upgrades\command" /ve /d "%task%\upgrades" /f %.%
call :status wuauclt
reg add "%menu%\shell\4Installs"   /v MUIVerb /d "Installs %[T]% [wuauclt]    %toggle%" /f %.%
reg add "%menu%\shell\4Installs\command" /ve /d "%task%\installs" /f %.%
for /f "tokens=3" %%# in ('sc qc TrustedInstaller ^| find /I "WUTblocked"') do set "blocked=%%#"
if /i "%blocked%"=="[WUTblocked]" (set "toggle=blocked") else set "toggle=enabled"
reg add "%menu%\shell\5Downloads"  /v MUIVerb /d "Downloads ( ! ) %[T]% [trustedinstaller]    %toggle%" /f %.%
reg add "%menu%\shell\5Downloads\command" /ve /d "%task%\downloads" /f %.%
for /f "tokens=3" %%# in ('sc qc wuauserv ^| find /I "WUTblocked"') do set "blocked=%%#"
if /i "%blocked%"=="rpcss[WUTblocked]" (set "toggle=blocked") else set "toggle=enabled"
reg add "%menu%\shell\6Service"    /v MUIVerb /d "Service ( ! ) %[T]% [wuauserv]    %toggle%" /f %.%
reg add "%menu%\shell\6Service\command" /ve /d "%task%\service" /f %.%
call :status wermgr
reg add "%menu%\shell\81Report"    /v MUIVerb /d "Report    %[T]% %toggle%" /f %.%
reg add "%menu%\shell\81Report\command" /ve /d "%task%\report" /f %.%
call :status SpeechRuntime
reg add "%menu%\shell\82Speech"    /v MUIVerb /d "Speech    %[T]% %toggle%" /f %.%
reg add "%menu%\shell\82Speech\command" /ve /d "%task%\speech" /f %.%
call :status SearchUI
reg add "%menu%\shell\83Search"    /v MUIVerb /d "SearchUI  %[T]% %toggle%" /f %.%
reg add "%menu%\shell\83Search\command" /ve /d "%task%\search" /f %.%
set "defstatus=if((Get-MpPreference).DisableRealtimeMonitoring){write-host stopped}else{write-host enabled}"
for /f "delims=" %%# in ('call powershell.exe -c "%defstatus%;"') do set "toggle=%%#"
reg add "%menu%\shell\84Defender"  /v MUIVerb /d "Defender  %[T]% %toggle%" /f %.%
reg add "%menu%\shell\84Defender\command" /ve /d "%task%\defender" /f %.%
if "%norefresh%"=="Enable" reg delete "%menu%0pending" /f %.%
exit/b

:toggle WUT
echo %0 %*
call :reg_query "HKLM\SOFTWARE\WUT.bat" NoBlock noblock
if "%noblock%"=="Disable" (set "toggle=Enable") else set "toggle=Disable"
for %%# in (NoBlock NoRefresh) do reg add "HKLM\SOFTWARE\WUT.bat" /v %%# /d "%toggle%" /f %.%
:: Generate WUT main context menu
for %%# in ("" "0pending" "1hide" "2unhide" "3apply") do reg delete "%menu%%%~#" /f %.%
reg add "%menu%" /v MUIVerb /d "Windows Update Toggle" /f %.%
reg add "%menu%" /v Icon /d "appwiz.cpl,5" /f %.%
reg add "%menu%" /v SubCommands /d "" /f %.%
reg add "%menu%\shell\9Setup" /v MUIVerb /d "windows_update_toggle.bat v10.0" /f %.%
reg add "%menu%\shell\9Setup" /v SubCommands /d "" /f %.%
reg add "%menu%\shell\9Setup\shell\1Toggle" /v MUIVerb /d "%toggle%" /f %.%
reg add "%menu%\shell\9Setup\shell\2Renew"  /v MUIVerb /d "Renew" /f %.%
reg add "%menu%\shell\9Setup\shell\3Remove" /v MUIVerb /d "Remove" /f %.%
reg add "%menu%\shell\9Setup\shell\1Toggle\command" /ve /d "%task%\toggle" /f %.%
reg add "%menu%\shell\9Setup\shell\2Renew\command"  /ve /d "%task%\renew" /f %.%
reg add "%menu%\shell\9Setup\shell\3Remove\command" /ve /d "%task%\remove" /f %.%
if "%toggle%"=="Disable" (
 reg add "%menu%\shell\1Refresh" /v MUIVerb /d "Refresh" /f %.%
 reg add "%menu%\shell\1Refresh\command" /ve /d "%task%\refresh" /f %.%
 reg add "%menu%\shell\2Lists" /v MUIVerb /d "Hide / Unhide / Apply %[T]% enabled" /f %.%
 reg add "%menu%\shell\2Lists\command" /ve /d "%task%\lists" /f %.%
 reg add "%menu%\shell\7Repair"     /v MUIVerb /d "Troubleshooter" /f %.%
 reg add "%menu%\shell\7Repair\command" /ve /d "%task%\repair" /f %.%
)
:: Disabling automatic updates hinders Defender, so get definitions from MMPC first
if "%toggle%"=="Enable" ( set "DefSig=%DefMUS%" ) else set "DefSig=%DefMMPC%"
start "WUT:MpPref" wscript /e:JScript "%~f0" cmd "powershell.exe -c `Set-MpPreference -SignatureFallbackOrder %DefSig%;`"
:: Default services
sc config wuauserv type= share depend= rpcss %.%
sc config TrustedInstaller type= own depend= / %.%
:: Toggle ifeo exe blocking
for %%# in (%exe% %speech% %search%) do reg delete "%ifeo%\%%#.exe" /f %.%
if "%toggle%"=="Enable" exit/b WUT disabled, so skip the code below
for %%# in (%exe%) do reg add "%ifeo%\%%#.exe" /v Debugger /d "%noop%" /f %.% &taskkill /im "%%#.exe" /t /f %.%
:: WUTRefresh hijacking
for %%# in (MusNotification EOSNotify) do reg add "%ifeo%\%%#.exe" /v Debugger /d "%SystemRoot%\WUTRefresh.bat" /f %.%
call :refresh menu
exit/b

:hide update
echo %0 %*
call :reg_query "%menu%1hide\shell\%~1" MUIVerb updatefound
echo -%updatefound%
if not defined updatefound exit/b
call wscript /e:JScript "%f0%" hide "%updatefound%"
exit/b

:unhide update
echo %0 %*
call :reg_query "%menu%2unhide\shell\%~1" MUIVerb updatefound
echo -%updatefound%
if not defined updatefound exit/b
call wscript /e:JScript "%f0%" unhide "%updatefound%"
exit/b

:apply update
echo %0 %*
call :reg_query "%menu%3apply\shell\%~1" MUIVerb updatefound
echo -%updatefound%
if not defined updatefound exit/b
:: Temporarily unblock downloads and installs
call :reg_query "%ifeo%\wuauclt.exe" Debugger installs_blocked
for /f "tokens=3" %%# in ('sc qc TrustedInstaller ^| find /I "WUTblocked"') do set "downloads_blocked=%%#"
call wscript /e:JScript "%f0%" apply "%updatefound%"
:: Restore block
if defined installs_blocked reg add "%ifeo%\wuauclt.exe" /v Debugger /d "%noop%" /f %.% &taskkill /im "wuauclt.exe" /t /f %.%
if defined downloads_blocked sc config TrustedInstaller type= own depend= [WUTblocked] %.%
exit/b

:lists
echo %0 %*
call :reg_query "HKLM\SOFTWARE\WUT.bat" NoRefresh norefresh
if "%norefresh%"=="Disable" ( set "norefresh=Enable" &set "toggle=disabled") else set "norefresh=Disable" &set "toggle=enabled"
reg add "HKLM\SOFTWARE\WUT.bat" /v NoRefresh /d "%norefresh%" /f %.%
reg add "%menu%\shell\2Lists" /v MUIVerb /d "Hide / Unhide / Apply %[T]% %toggle%" /f %.%
reg add "%menu%\shell\1Refresh" /v MUIVerb /d "Refresh" /f %.%
reg add "%menu%\shell\1Refresh\command" /ve /d "%task%\refresh" /f %.%
if "%norefresh%"=="Enable" (
 reg delete "%menu%0pending" /f %.% &reg delete "%menu%1hide" /f %.% &reg delete "%menu%2unhide" /f %.%
 reg delete "%menu%3apply" /f %.% &reg delete "%menu%\shell\1Refresh" /f %.%
)
call :refresh lists
exit/b

:upgrades
echo %0 %*
call :flip SetupHost
reg add "%menu%\shell\3Upgrades"   /v MUIVerb /d "Upgrades %[T]% [setuphost]    %toggle%" /f %.%
for %%# in (%upgrader%) do if defined block (
 reg delete "%ifeo%\%%#.exe" /f %.%
) else (
 reg add "%ifeo%\%%#.exe" /v Debugger /d "%noop%" /f %.% &taskkill /im "%%#.exe" /t /f %.%
)
exit/b

:installs
echo %0 %*
call :flip wuauclt
reg add "%menu%\shell\4Installs"   /v MUIVerb /d "Installs %[T]% [wuauclt]    %toggle%" /f %.%
for %%# in (%installer%) do if defined block (
 do reg delete "%ifeo%\%%#.exe" /f %.% &start "wt" wscript /e:JScript "%f0%" WUTRefresh
) else (
 reg add "%ifeo%\%%#.exe" /v Debugger /d "%SystemRoot%\WUTRefresh.bat" /f %.% &taskkill /im "%%#.exe" /t /f %.%
)
exit/b

:downloads
echo %0 %*
call :reg_query "%menu%3apply" MUIVerb pending
set "reboot=%pending:reboot=%"
if defined pending if "%pending%"=="%reboot%" set "pending="
if defined pending (
 sc config TrustedInstaller type= own depend= / %.%
 reg add "%menu%\shell\5Downloads" /v MUIVerb /d "Downloads ( ! ) %[T]% [trustedinstaller]    reboot?" /f %.%
 exit/b
)
for /f "tokens=3" %%# in ('sc qc TrustedInstaller ^| find /I "WUTblocked"') do set "blocked=%%#"
if /i "%blocked%"=="[WUTblocked]" (set "blocked=/") else set "blocked=[WUTblocked]"
net stop TrustedInstaller /y %.%
for /f "tokens=3" %%# in ('sc queryex TrustedInstaller ^| find /i "PID"') do set "pid=%#"
if not "%pid%"=="0" taskkill /pid %pid% /f %.%
sc config TrustedInstaller type= own depend= %blocked% %.%
tasklist /svc | find /i "TrustedInstaller" %.%
if errorlevel 1 net start TrustedInstaller /y %.%
if errorlevel 1 (set "toggle=blocked") else set "toggle=enabled"
reg add "%menu%\shell\5Downloads" /v MUIVerb /d "Downloads ( ! ) %[T]% [trustedinstaller]    %toggle%" /f %.%
if "%toggle%"=="enabled" start "WUT" wscript /e:JScript "%f0%" WUTRefresh
exit/b

:service
echo %0 %*
for /f "tokens=3" %%# in ('sc qc wuauserv ^| find /I "WUTblocked"') do set "blocked=%%#"
if /i "%blocked%"=="rpcss[WUTblocked]" (set "blocked=rpcss") else set "blocked=rpcss[WUTblocked]"
net stop wuauserv /y %.%
for /f "tokens=3" %%# in ('sc queryex wuauserv ^| find /i "PID"') do set "pid=%#"
if not "%pid%"=="0" taskkill /pid %pid% /f %.%
sc config wuauserv type= share depend= %blocked% %.%
tasklist /svc | find /i "wuauserv" %.%
if errorlevel 1 net start wuauserv /y %.%
if errorlevel 1 (set "toggle=blocked") else set "toggle=enabled"
reg add "%menu%\shell\6Service" /v MUIVerb /d "Service ( ! ) %[T]% [wuauserv]    %toggle%" /f %.%
if "%toggle%"=="enabled" start "WUT" wscript /e:JScript "%f0%" WUTRefresh
exit/b

:repair
echo %0 %*
:: Restore services (undo only the changes made by this script, not whatever blocking was done by other means)
sc config wuauserv type= share depend= rpcss %.%
sc config TrustedInstaller type= own depend= / %.%
:: Remove any IFEO blocking done by past scripts
set eo=DiagnosticsHub.StandardCollector.Service WindowsUpdateElevatedInstaller LocationNotificationWindows InstallAgentUserBroker
set eo=%eo% UpdateNotificationMgr DataUsageLiveTileTask Windows10UpgraderApp WindowsActionDialog SpeechModelDownload WerFaultSecure
set eo=%eo% GetCurrentRollback WindowsUpdateBox Windows10Upgrade TrustedInstaller MusNotification DiagTrackRunner CompatTelRunner
set eo=%eo% WinREBootApp64 WinREBootApp32 UNPUXLauncher SpeechRuntime MusNotifyIcon PilotshubApp InstallAgent dstokenclean wsqmcons
set eo=%eo% disksnapshot osrssupdate wuapihost WaaSMedic UsoClient UNPUXHost SIHClient setupprep SetupHost osrssinst EOSNotify wusa
set eo=%eo% WerFault TiWorker SearchUI DWTRIG20 dusmtask dmclient appidtel wuauclt wermgr DFDWiz remsh reach HxTsr DWWIN DW20 GWX
for %%# in (%eo%) do reg delete "%ifeo%\%%#.exe" /f %.%
:: Restore notification hijacking
>"%SystemRoot%\WUTRefresh.bat" echo/@start "WUTRefresh" /min wscript.exe /e:JScript "%f0%" WUTRefresh
for %%# in (MusNotification EOSNotify) do reg add "%ifeo%\%%#.exe" /v Debugger /d "%SystemRoot%\WUTRefresh.bat" /f %.%
:: Remove pending instance safeguard
reg delete "HKLM\SOFTWARE\WUT.bat" /v Pending /f %.%
:: Refresh menu
call :refresh repair
:: Open Update Diagnostic
start "wud" msdt.exe /id WindowsUpdateDiagnostic %.%
:: Open official update troubleshooter page
start https://support.microsoft.com/en-us/help/4027322/windows-update-troubleshooter %.%
exit/b

:report
echo %0 %*
call :flip wermgr
reg add "%menu%\shell\81Report"    /v MUIVerb /d "Report    %[T]% %toggle%" /f %.%
for %%# in (%reporter%) do if defined block ( reg delete "%ifeo%\%%#.exe" /f %.% ) else (
 reg add "%ifeo%\%%#.exe" /v Debugger /d "%noop%" /f %.% &taskkill /im "%%#.exe" /t /f %.%
)
exit/b

:speech
echo %0 %*
call :flip SpeechRuntime
reg add "%menu%\shell\82Speech"    /v MUIVerb /d "Speech    %[T]% %toggle%" /f %.%
for %%# in (%speecher%) do if defined block ( reg delete "%ifeo%\%%#.exe" /f %.% ) else (
 reg add "%ifeo%\%%#.exe" /v Debugger /d "%noop%" /f %.% &taskkill /im "%%#.exe" /t /f %.%
)
exit/b

:search
echo %0 %*
call :flip SearchUI
reg add "%menu%\shell\83Search"    /v MUIVerb /d "SearchUI  %[T]% %toggle%" /f %.%
for %%# in (%searcher%) do if defined block ( reg delete "%ifeo%\%%#.exe" /f %.% ) else (
 reg add "%ifeo%\%%#.exe" /v Debugger /d "%noop%" /f %.% &taskkill /im "%%#.exe" /t /f %.%
)
exit/b

:defender
echo %0 %*
set "s10=$t=1;$toggle='stopped'; if((Get-MpPreference).DisableRealtimeMonitoring){$t=0;$toggle='enabled';}"
set "s11=Set-MpPreference -DisableRealtimeMonitoring $t"
set "s12=Set-MpPreference -DisableBehaviorMonitoring $t"
set "s13=Set-MpPreference -DisableIOAVProtection $t"
set "s14=write-host $toggle"
for /f "delims=" %%# in ('call powershell.exe -c "%s10%;%s11%;%s12%;%s13%;%s14%;"') do set "toggle=%%#"
reg add "%menu%\shell\84Defender"  /v MUIVerb /d "Defender  %[T]% %toggle%" /f %.%
exit/b

:update_defender - triggered from WScript to get definitions from MMPC, regardless of updates being blocked
tasklist /FI "IMAGENAME eq MpCmdRun.exe" | find ".exe" %.%
if not errorlevel 1 exit/b
pushd %ProgramFiles%\Windows Defender
call MpCmdRun.exe -removedefinitions -dynamicsignatures
call MpCmdRun.exe -SignatureUpdate -MMPC
exit/b

:setup
echo %0 %*
pushd %SystemRoot%
if /i "%~f0"=="%f0%" (set "initial_setup=") else copy /y "%~f0" "%f0%" %.%
:: Create WUTUndo for emergencies
 >WUTUndo.bat echo/pushd %%~dp0system32\config
>>WUTUndo.bat echo/reg load HKLM\WUTUndo1 SOFTWARE
>>WUTUndo.bat echo/set "koff=HKLM\WUTUndo1\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" ^&set "kon=%ifeo%"
>>WUTUndo.bat echo/for %%%%B in (%exe%) do for %%%%K in ("%%koff%%" "%%kon%%") do reg delete "%%%%~K\%%%%B.exe" /f 2^>nul
>>WUTUndo.bat echo/reg unload HKLM\WUTUndo1
>>WUTUndo.bat echo/reg load HKLM\WUTUndo2 SYSTEM
>>WUTUndo.bat echo/for %%%%K in (WUTUndo2 SYSTEM) do (
>>WUTUndo.bat echo/ reg delete "HKLM\%%%%~K\ControlSet001\Services\TrustedInstaller" /v DependOnService /f 2^>nul
>>WUTUndo.bat echo/ reg delete "HKLM\%%%%~K\CurrentControlSet\Services\TrustedInstaller" /v DependOnService /f 2^>nul
>>WUTUndo.bat echo/)
>>WUTUndo.bat echo/reg unload HKLM\WUTUndo2
:: Create WUTRefresh to hijack update notifications and refresh context menu in addition to preventing forced reboots
>WUTRefresh.bat echo/@start "WUTRefresh" /min wscript.exe /e:JScript "%f0%" WUTRefresh
:: Create tasks to run context menu entries with proper access and no output window
start "WUT" wscript /e:JScript "%~f0" cmd "call `%~f0` setup_schtasks"
:: WUT options
for %%# in (NoBlock NoRefresh) do reg add "HKLM\SOFTWARE\WUT.bat" /v %%# /d "Enable" /f %.%
call :toggle blocking
exit/b

:setup_schtasks - no stalling separate process
set "strun=wscript.exe /e:JScript \"%f0%\" run%window%"
for %%t in (refresh lists upgrades installs downloads service repair report speech search defender toggle renew remove) do (
 schtasks /create /ru "%username%" /sc once /tn "WUT\%%t" /tr "%strun% %%t" /st "00:00:00" /it /rl highest /f %.%
)
for %%t in (hide unhide apply) do for /l %%n in (101,1,116) do (
 schtasks /create /ru "%username%" /sc once /tn "WUT\%%t\%%n" /tr "%strun% %%t %%n" /st "00:00:00" /it /rl highest /f %.%
)
exit/b

:renew
echo %0 %*
echo Renewing from internet - old version saved as %SystemRoot%\WUT.old
pushd %SystemRoot%
if exist WUT.new del /f /q WUT.new %.%
call wscript /e:JScript "%~f0" renew "https://pastebin.com/raw/gNsLEWJe" "%SystemRoot%\WUT.new"
if exist WUT.new copy /y "%f0%" WUT.old %.% &copy /y WUT.new "%f0%" %.% &del /f /q WUT.new %.%
start "WUT" "%f0%" setup renew %.%
exit/b

:remove
echo %0 %*
for %%# in (NoBlock NoRefresh) do reg add "HKLM\SOFTWARE\WUT.bat" /v %%# /d "Disable" /f %.%
call :toggle off
reg delete "HKLM\SOFTWARE\WUT.bat" /f %.%
for %%# in ("" "0pending" "1hide" "2unhide" "3apply") do reg delete "%menu%%%~#" /f %.%
for %%t in (refresh lists upgrades installs downloads service repair report speech search defender toggle renew remove) do (
 schtasks /delete /tn "WUT\%%t" /f %.%
)
for %%t in (hide unhide apply) do for /l %%n in (101,1,116) do schtasks /delete /tn "WUT\%%t\%%n" /f %.%
for %%t in (hide unhide apply) do schtasks /delete /tn "WUT\%%t" /f %.%
schtasks /delete /tn "WUT" /f %.%
sc config wuauserv type= share depend= rpcss %.%
sc config TrustedInstaller type= own depend= / %.%
pushd %SystemRoot%
del /f /q WUT.bat WUT.old DefenderManualUpdate.bat WUTRefresh.bat WUTUndo.bat "%f0%" %.%
exit/b

:flip %1:exe
call :reg_query "%ifeo%\%~1.exe" Debugger block
if defined block (set "toggle=enabled") else set "toggle=blocked"
exit/b

:status %1:exe
call :reg_query "%ifeo%\%~1.exe" Debugger block
if defined block (set "toggle=blocked") else set "toggle=enabled"
exit/b

:reg_query %1:KeyName %2:ValueName %3:OutputVariable %4:other_options[example: "/t REG_DWORD"]
setlocal & for /f "skip=2 delims=" %%s in ('reg query "%~1" /v "%~2" /z 2^>nul') do set "rq=%%s" & call set "rv=%%rq:*)    =%%"
endlocal & set "%~3=%rv%" & exit/b &rem                                         AveYo: call :reg_query "HKCU\MyKey" "MyValue" MyVar

::---------------------------------------------------------------------------------------------------------------------------------
:JScript_functions                                                                 AveYo: Switch syntax highlighter to 'javascript'
::-------------------------------------------------------------------------------------------------------------------------------*/
f0=WSH.ScriptFullName; run=WSH.Arguments(0); args=''; for(i=1;i<WSH.Arguments.length;i++) args+=' "'+WSH.Arguments(i)+'"';
function sex(exe,args){WSH.CreateObject('Shell.Application').ShellExecute(exe,args,'','',0);}; function reg(s){ sex('reg.exe',s); }

// Open external commands in new hidden cmd instance - backquotes replaced to quotes
if (run=='cmd') sex('cmd','/c '+args.replace(/`/g,'"'));

// Context menu entries trigger - elevated with no popups
if (run=='schtasks') sex('SCHTASKS.EXE','/Run /TN '+args);

// Shift to CMD if loaded by WScript - pass arguments, prevent loop, run as admin at setup, hide window at context-menu
function cmd(adm,win){WSH.CreateObject('Shell.Application').ShellExecute('cmd','/c call "'+f0+'" shift "'+f0+'"'+args,'',adm,win);}
if (run=='run') cmd('',1); if (run=='runhide') cmd('',0); if (run=='runas') cmd('runas',1); if (run=='runashide') cmd('runas',0);

if (run=='renew') {
  // renew script over internet
  try{
  downloader=WSH.CreateObject("WinHttp.WinHttpRequest.5.1");
  if (downloader===null) downloader=WSH.CreateObject("WinHttp.WinHttpRequest");
  if (downloader===null) downloader=WSH.CreateObject("MSXML2.ServerXMLHTTP");
  if (downloader===null) downloader=WSH.CreateObject("Microsoft.XMLHTTP");
  downloader.Open("GET",WSH.Arguments(1),false); downloader.Send(); oASI=downloader.ResponseBody(); downloader=undefined;
  oASO=WSH.CreateObject("ADODB.Stream"); oASO.type=1; oASO.Mode=3; oASO.Open; oASO.Write(oASI); oASI=undefined;
  oASO.SaveToFile(WSH.Arguments(2)); oASO.Close();
  }catch(e){} // supress all errors since we're working with com objects
}

// WUT Hide/Unhide/Apply lists
if (run=='WUTRefresh' || run=='hide' || run=='unhide' || run=='apply') {
  SRP=GetObject("winmgmts:StdRegProv"); pending=SRP.GetStringValue(2147483650,'SOFTWARE\\WUT.bat','Pending');
  if (pending===0) WSH.quit(); else SRP.SetStringValue(2147483650,'SOFTWARE\\WUT.bat','Pending','yes'); // prevent instances
  k='HKCR\\DesktopBackground\\shell\\WUT'; hk=k+'1hide'; uk=k+'2unhide'; ik=k+'3apply'; pk=k+'0pending';           // set list keys
  reg('delete "'+hk+'" /f'); reg('delete "'+uk+'" /f'); reg('delete "'+ik+'" /f');                               // delete previous
  reg('add "'+pk+'" /v MUIVerb /d "Pending.." /f'); reg('add "'+pk+'" /v SubCommands /d "" /f');             // add Pending.. entry
  // Check for updates
  count=0; wuthide=[]; wutunhide=[];
  try{
  session=WSH.CreateObject("Microsoft.Update.Session"); reboot=WSH.CreateObject("Microsoft.Update.SystemInfo").RebootRequired;
  searcher=session.CreateUpdateSearcher();
  sresult=searcher.Search("IsInstalled=0"); Updatelist=sresult.Updates; count=sresult.Updates.Count;
  for(i=0;i<count;i++) {
    itemTitle=Updatelist.Item(i).Title;
    minsize=Updatelist.Item(i).MinDownloadSize; maxsize=Updatelist.Item(i).MaxDownloadSize; wutsize='';
    if (maxsize > 1073741824) wutsize=' ['+Math.round(minsize/10737418.24)/100+' - '+Math.round(maxsize/10737418.24)/100+'GB]';
    else if (maxsize > 1048576) wutsize=' ['+Math.round(minsize/10485.76)/100+' - '+Math.round(maxsize/10485.76)/100+'MB]';
    else if (maxsize > 1024) wutsize=' ['+Math.round(minsize/10.24)/100+' - '+Math.round(maxsize/10.24)/100+'KB]';
    else if (maxsize > 0) wutsize=' ['+(minsize)+' - '+(maxsize)+'B]';
    wutTitle=Updatelist.Item(i).Title + wutsize;
    if (run=='apply' && WSH.Arguments(1).indexOf(itemTitle) > -1) {
      // Add matching entry to UpdateColl
      UpdateColl=WSH.CreateObject("Microsoft.Update.UpdateColl"); UpdateColl.Add(Updatelist.Item(i));
      // Download update
      downloader=session.CreateUpdateDownloader(); downloader.Updates=UpdateColl; dresult=downloader.Download();
      if (dresult.ResultCode==2) {
        // Unblock apply
        sex('sc','config TrustedInstaller type= own depend= /');
        KeyPath='SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\wuauclt.exe';
        SRP.DeleteKey(2147483650,KeyPath);
        WSH.Sleep(1000);
        //Apply update
        installer=session.CreateUpdateInstaller(); installer.Updates=UpdateColl; iresult=installer.Install();
        if (iresult.ResultCode==2) continue;
      }
    }
    // hide and unhide are very simple bool flip compared to apply
    if (run=='hide' && WSH.Arguments(1).indexOf(itemTitle) > -1) {
      Updatelist.Item(i).IsHidden=true; wutunhide.push(wutTitle); continue;
    }
    if (run=='unhide' && WSH.Arguments(1).indexOf(itemTitle) > -1) {
      Updatelist.Item(i).IsHidden=false; wuthide.push(wutTitle); continue;
    }
    // Trigger :update_defender to manually refresh definitions from MMPC
    if (Updatelist.Item(i).IsHidden===false && itemTitle.indexOf('(Definition') > -1) {
      sex('cmd','/c call "'+f0+'" update_defender');
    }
    // Sorting lists
    if (Updatelist.Item(i).IsHidden) wutunhide.push(wutTitle); else wuthide.push(wutTitle);
  }
  // Generate Hide context menu
  if (wuthide.length>0){
    for(i=101,n=wuthide.length+101;i<n;i++) {
      reg('add "'+hk+'\\shell\\'+i+'" /v MUIVerb /d "'+wuthide[i-101]+'" /f');
      reg('add "'+hk+'\\shell\\'+i+'\\command" /ve /d "wscript.exe /e:JScript \\"'+f0+'\\" schtasks WUT\\hide\\'+i+'" /f');
    }
    reg('add "'+hk+'" /v SubCommands /d "" /f');
    reg('add "'+hk+'" /v MUIVerb /d "Hide '+"\t"+wuthide.length+'" /f');
  }
  // Generate Unhide context menu
  if (wutunhide.length>0){
    for(i=101,n=wutunhide.length+101;i<n;i++) {
      reg('add "'+uk+'\\shell\\'+i+'" /v MUIVerb /d "'+wutunhide[i-101]+'" /f');
      reg('add "'+uk+'\\shell\\'+i+'\\command" /ve /d "wscript.exe /e:JScript \\"'+f0+'\\" schtasks WUT\\unhide\\'+i+'" /f');
    }
    reg('add "'+uk+'" /v SubCommands /d "" /f');
    reg('add "'+uk+'" /v MUIVerb /d "Unhide '+"\t"+wutunhide.length+'" /f');
  }
  // Generate Apply context menu
  if (wuthide.length>0){
    for(i=101,n=wuthide.length+101;i<n;i++) {
      reg('add "'+ik+'\\shell\\'+i+'" /v MUIVerb /d "'+wuthide[i-101]+'" /f');
      reg('add "'+ik+'\\shell\\'+i+'\\command" /ve /d "wscript.exe /e:JScript \\"'+f0+'\\" schtasks WUT\\apply\\'+i+'" /f');
    }
    reg('add "'+ik+'" /v SubCommands /d "" /f');
    reg('add "'+ik+'" /v MUIVerb /d "Apply '+"\t"+((reboot) ? 'must reboot' : wuthide.length)+'" /f');
  }
  }catch(e){} // supress all errors since we're working with com objects
  reg('delete "'+pk+'" /f'); SRP.DeleteValue(2147483650,'SOFTWARE\\WUT.bat','Pending'); // Remove Pending.. temporary entry
}
//

Last updated for v10.0 final. Up-to-date code on pastebin link above.

The state of Windows Update - beginning 2019

Microsoft has been taking great pains to make Windows Update inevitable, which is why the traditional methods don't work anymore, or only work for a limited time.

Microsoft has been adding system services that cannot be disabled whose purpose is to update Windows. Chief among these is the Update Orchestrator Service, tasked with downloading, installing and verifying the updates. If stopped, the computer can no longer download and install the updates, which is why it can only be disabled for the current session, and will be re-enabled on the next reboot.

The service that is charged with making Windows Update unstoppable is the new Windows Update Medic Service, tasked with keeping Windows Update functioning. It is this service that undoes all the traditional methods for blocking Windows Update, so that periodically and unexpectedly one will find out that the Windows Update settings have been reset to their original values and that Windows has gone back to forcing updates upon the user.

The Windows Update Medic Service itself cannot be disabled at all. Any attempt to do so will end with the message of "Access is Denied".

Nevertheless, there exists a third-party product that can totally block Windows Update: Windows Update Blocker. This free product is portable and can disable/enable Windows Update with one click. In fact, it can also block any other unblockable Windows service. It is reported as still working in 2018.

Using a third-party product may in the long run be surer than relying upon Windows semi-documented features which may change without notice. Some more free products may be found in this answer of mine, which use the Windows API that allows any program to veto an impending shutdown.

Finally found a permanent fix that just works

After trying literally every trick in the book, I have always been bested by Windows Update. I've tried every solution here plus tons of other sources, and Windows constantly found ways to thwart my plans.

Until about 6 months ago...

I have found a permanent solution for disabling ALL windows updates FOREVER regardless of whether the service or anything else is running. I have figured out this method with the help of many different sources that had to do with many different things. Overall, I found this method myself with the use of bits and pieces of other information used to do things that were not all related to this, but it works. And it works absolutely beautifully.

1. Install Acrylic DNS Proxy from here

It is basically a souped up version of the windows hosts file that allows you to add functions like wildcards, which is necessary in our case because of the many sources windows gets its updates from.

2. Follow the instructions here to make Acrylic start doing its job in Win 10. Pretty simple stuff.

3. Go to your start menu, and click "Edit Acrylic Hosts File" under All Programs, shown here

4. Add these lines to the bottom of the hosts file, with no # signs in front.

0.0.0.0 windowsupdate.microsoft.com
0.0.0.0 *.windowsupdate.microsoft.com
0.0.0.0 *.update.microsoft.com
0.0.0.0 windowsupdate.com
0.0.0.0 *.windowsupdate.com
0.0.0.0 download.windowsupdate.com
0.0.0.0 download.microsoft.com
0.0.0.0 *.download.windowsupdate.com
0.0.0.0 wustat.windows.com
0.0.0.0 ntservicepack.microsoft.com
0.0.0.0 stats.microsoft.com

Now the bottom of the file should look like this. Save and close the file.

5. Open task manager, go to services tab, click "Open Services" at the bottom, select Acrylic DNS Proxy and click this button with the red circle to restart the service.

FINISHED

Now your Acrylic buddy should have your back and constantly keep an keen eye on Microsoft's Big Brother tactics to make sure they can't force poor old you to install updates that mess up your PC completely which they have at least a fourth of the time they did it on both my home PC and my Surface Pro which is supposed to be the PC BUILT for Windows, right??? Cmon, Microsoft!

7. Check to make sure it's working by pinging any one of the websites in the code above. Open cmd and type

ping windowsupdate.microsoft.com

If these are your results, you will be golden from now on!!

Note: in my experience, this has not slowed my PC at all. It also does not reroute any Internet traffic besides requests to the sources Windows uses to update or check for updates, so very similar to the hosts file. It also uses basically the same format as the hosts file. This has also successfully disabled the reinstall of junk that windows keeps placing on my computer that gives that giant colored screen saying something like "you must update or your computer will implode". Obviously I don't remember what the warning said since it's been so long since I've gotten it (due to completely successful blocking 6 months or so ago), but it was the most annoying thing I've ever seen.

Disable Update Service

1. Win+R > services.msc
2. Double click Windows Update and change the Startup Type to Disabled. To re-enable, go back to services and change it to automatic.

Source: How To Control Windows 10 Updates

2 years later and billions of unsaved works lost by the update mechanism of Microsoft, there is finally a major update that solves the problem.

Windows 10 Creators Update now available (Direct Download)

After installing the update the user will finally asked again (like those insignificant 20+ years before) if s/he wants the update to be applied:

Sometimes I wonder who is behind those decisions...

After the update you have more options regarding the update times. For stopping them, go to Windows Update Settings > Advanced Options > Pause Updates > ON.

Under Restart Options you also find a new option for update notifications: