In this post I’m going to show how to quickly configure Windows Updates so that you only receive important security updates. We’ll cover Home and Pro/Enterprise users of both Windows 10 and Windows 11.
These are also the settings I use myself and recommend for most users.
These settings may also be helpful for IT admins.
Set Active Hours - Windows 10 By default Active Hours are configured to be automatic but personally I think it’s better to set them manually.
News and Updates An important update for Microsoft Deployment Toolkit (MDT_KB4564442) has been released. This update fixes a boot loop issue. Download the update here There is no x86 version of Windows 11 This article is based on Windows 11 21H2 22000.258. I will update it in future as things progress In this article as with my previous ones we will walk through configuring Microsoft Deployment Toolkit to deploy the reference image created in the previous article: Build and Capture Windows 11 21H2 Reference Image
News and Updates Update: 2021-11-12 After testing, a Build and Capture Task Sequence now appears to work and sysprep works as expected. An important update for Microsoft Deployment Toolkit (MDT_KB4564442) has been released. This update fixes a boot loop issue. Download the update here There is no x86 version of Windows 11. This article is based on Windows 11 21H2 22000.258. I will update it in future as things progress.
Windows 11 is very similar to Windows 10 is terms of technology and core services, however with the new UI and Start Menu refresh there are some new elements that you may want to remove.
Start Menu Layout Microsoft now expects the Start menu layout to be managed by an MDM service, if you want to do it without that then the easiest method is to copy the start.bin files.
This post is a cut down version of this one and only focusses on Windows 11 for clarity.
Important note!
A “provisioned app” is an app that is a part of the Windows 11 installation and will be available for all users. Otherwise the app is only installed for the currently logged on user. To remove apps for all future users and the currently logged on user, you must remove both types of app.
Fully disabling Network Discovery in Windows 10 using Group Policy To properly disable Network Discovery in Windows 10 in a way that the user cannot easily re-enable we must create some firewall rules and prevent some services from running on start-up. We can do both things using Group Policy.
Firewall Rules Create a new Group Policy or use an existing one that takes effect on computer objects.
Go to Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security.