[TIP] Utility to lock in a specific version/feature release of Windows

You don't need a utility to do this, it's a simple registry flag. The problem is, Windows 10 21H2 and Windows 11 are flagged in the registry using the same character string. So this tool does nothing... Users without admin rights can still click the update button and a machine happily makes itself Windows 11.

Worse, the keys in question are patently ignored by Home edition. So have fun with that.

Even the link to the tool indicates some of this, but also gets other things factually wrong. Windows 11 has an annual feature update cadence, Windows 10 is still semi-annual. At least officially, unofficially we all know Windows 10 hasn't had a feature update since 2004, all subsequent feature updates were tiny incremental things barely more than a usual monthly security roll up.

P.S. Annual feature releases > Semi-annual feature releases, if all of the above cools to once per year you won't see me shedding any tears.
 
Last edited:
Sky-Knight said:
You don't need a utility to do this, it's a simple registry flag.
Click to expand...

Gibson points out that all he is doing is writing 6 registry keys. It worked fine on several 10 Pro machines I tried it on. I don't have a Home machine to test right now. Prior to running the tool I was being offered Windows 11. Now I'm not.



Capture.PNG
 
  • Like
Reactions: GTP
Barcelona said:
Sounds like the haters coming...
Click to expand...

Yup. I said on one of the blind tech groups I'm on, just yesterday, "If you use any OS, you use it on the terms its maker stipulates at any given point in time."

I am actually shocked to see what are very typical "end user" conversations about Windows and its requirements here. We all use Windows at the pleasure of Microsoft. You never have, and never will, "own" your OS in any meaningful sense of the word "own." You are a long-term licensee.
 
Metanis said:
Gibson points out that all he is doing is writing 6 registry keys. It worked fine on several 10 Pro machines I tried it on. I don't have a Home machine to test right now. Prior to running the tool I was being offered Windows 11. Now I'm not.



View attachment 13505
Click to expand...

Yep, and read the registry keys in question... see the word policies? Those are GROUP POLICES! And they are not processed by Home edition, ergo... the button doesn't work. There are other settings however that might? Maybe? I'm not holding my breath.

You cannot control an upgrade process that Microsoft hasn't given us control over. So as usual, I see this tool as the worst kind of security, the false kind. Because I already know that this approach doesn't work on Home edition. I deployed these settings via powershell to several laptops that are now running Windows 11 because the user pushed the button, and again... said users DO NOT HAVE admin rights!

If you're on Pro however, these settings will prevent the upgrade, but they will also prevent any future feature upgrades... so beware that. I have powershell scripts that do this mess for me, I don't need the tool. And I see the tool as a potential future problem if used on customer units as you're going to have to update the release version number every six months. There are better ways to do this on pro, where you can push those release updates back by six months.
 
Sky-Knight said:
So as usual, I see this tool as the worst kind of security, the false kind. Because I already know that this approach doesn't work on Home edition.
Click to expand...
I don't have any hardware that's officially eligible for Win11, but InControl prevented a Win10 Home 20H2 from taking the upgrade to 21H2.

To be clear, that's manually clicking on the 'Install now' button, which came back with (something like) "This account can't install this update" (I didn't note the exact message). The user account in this case is an Admin. Releasing control (InControl button) allowed the manual upgrade with another click on the WU button.
 
Philippe said:
I don't think so. Windows Home doesn't have the group policy editor, but process the registry keys...
Click to expand...
It does not, as I said... enjoy testing it on your own. I've been using the above registry edits and more for YEARS they aren't new to control my fleet of machines in their semi-annual feature edition march.

Nothing I've done has controlled Home, Home machines get upgraded whenever Microsoft chooses. When it's your turn, you get it regardless of your input.

Note, specifically I'm referring to these:
Code: 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

    TargetReleaseVersionInfo = {Feature release such as “21H1”, “21H2”, etc.}
    TargetReleaseVersion = 1
    ProductVersion = {Windows major version, “10”, “11”, “12”, etc.}
    DisableOSUpgrade = 1

I know these aren't processed by Home.

But these:

Code: 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore

    DisableOSUpgrade = 1

HKEY_LOCAL_MACHINE\SYSTEM\Setup\UpgradeNotification

    UpgradeAvailable = 0

Might well still work... that last one is very promising as it if it does what it says on the tin will simply remove the notification for the upgrade, which would very well be enough to keep most users from clicking it and firing the upgrade. But it likely disables all feature upgrade notifications, which is how we wind up with systems not doing feature updates too. And we're right back where we started... no good way to prevent Windows 11 upgrades while also enabling feature upgrades for Windows 10.

But that's supposition on my part, I need to test!
 
Sky-Knight said:
In my experience anything in this path: KEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\ Won't be processed by home.
Click to expand...

I wish I could remember specifics at the moment, but can't, but this is something that differs from my own experience. I know I've tweaked keys in Win10 home located under that hierarchy in the past and the change(s) I was seeking did occur.

There were (and, I believe, still are) ways to "hack" the group policy editor into Home, even though it doesn't come with it. I also recall Windows Update using that key hierarchy under Home, which makes sense, as it's used by Windows, period.

The big difference with Home not being its absence, but the absence of a direct UI for getting at these keys in an "elegant" way.
 
Home can use Group Policy, but it's not as easy or well documented as Pro is. Virus/Malware writers used it to prvent users from doing things back in the XP Days, I'm sure some still do.

Home doesn't have a GUI tool that is easily used, so it's a bit harder. Some policies are used, some aren't. But that golden list of what is and isnt of course only Microsoft knows.
 
NviGate Systems said:
Home can use Group Policy, but it's not as easy or well documented as Pro is. Virus/Malware writers used it to prvent users from doing things back in the XP Days, I'm sure some still do.

Home doesn't have a GUI tool that is easily used, so it's a bit harder. Some policies are used, some aren't. But that golden list of what is and isnt of course only Microsoft knows.
Click to expand...
And has been getting shorter by the day. We have three different versions of windows here, Home, Pro, and Enterprise. You don't get support of all things in that policy hive unless you're on Enterprise!

So yeah, home "processes" them all, but whether it actually works is a different matter. And I've learned the hard way that update controls on home edition simply are not processed. And on any version clicking the "check for updates" button flags the unit for beta patches because the software assumes someone with a brain is sitting here.
 
I don't have much to say about this app but as far as Steve Gibson goes, I've been perusing his site since 1998 or so and actually owned and used a copy of Spinrite back in the day.

I choose to let Windows Update on its own.
 
Last edited:
xrobwx71 said:
I choose to let Windows Update on its own.
Click to expand...

Yup.

And in the case of a feature update (which includes a Win10 to Win11 upgrade) these do not happen in full automatic mode. Unless the end user hits the "Download and install" link they will just sit there until the version currently running gets very, very close indeed to its own end of support.

And I'm ignoring the bug, and it has to be considered a bug, that @Sky-Knight reported where users without administrative privilege are being allowed to activate the Windows 11 upgrade "download and install" link. It makes perfect sense that they should be able to activate these for the feature update progressions in the Windows 10 version they already have, as they'll eventually be applied anyway, and better early than waiting until end of support. But a version change is another thing altogether and should require admin privilege. I have to believe that's going to be corrected if it hasn't been already.
 
You must log in or register to reply here.

Similar threads

britechguy
For those who want to closely monitor the status of Windows 10 Version 2004
Replies
0
Views
592
britechguy
britechguy
Porthos
Windows 10: What to expect in upcoming feature updates
Replies
5
Views
930
fincoder
fincoder
britechguy
Windows 10 Feature Updates - A Public Service Announcement
Replies
10
Views
2K
Yosebas84
Yosebas84
M
How To: Sharing a Windows document and image Scanner with MacOS
Replies
0
Views
683
markosjal
M
Porthos
Windows 10 20H1 release will be first to RTM in December
Replies
6
Views
815
britechguy
britechguy
Back
Top