Windows OS Hub / Windows 10 / How to Disable Automatic Driver Updates on Windows

January 24, 2025

How to Disable Automatic Driver Updates on Windows

In addition to operating system security updates and patches, Windows Update provides driver updates for most certified devices. When Windows Update scans your computer and finds that a newer driver is available for a device in the Microsoft Update catalog, it will automatically download and install the driver update. This guide explains how to disable automatic device driver updates in Windows 10 and 11.

Contents:

Prevent Windows from Updating Specific Device Driver
How to Stop Windows from Updating Drivers with Group Policy
Disable Automatic Driver Updates with PowerShell
Turn Off Automatic Device Driver Installation in Windows Settings

Prevent Windows from Updating Specific Device Driver

For example, you are using some old (but stable) video card driver that stops working correctly after each automatic driver update. After each update, you have to manually roll back the driver to a previous stable version. You want all of your computer’s drivers to be updated automatically, except for the driver for a specific device (video card).

If a driver update package is available for installation through Windows Update, you can hide this update by using the official Show or Hide Updates tool.

Download wushowhide.diagcab from the Microsoft Download Center
Run the tool and click the Hide Updates option
Select the driver updates for which you want to disable automatic updating, and click Next
The selected drivers will no longer be automatically updated by Windows.

The PSWindowsUpdate PowerShell module can also be used to hide driver updates. List available driver updates and copy the target driver UpdateID:

$Updates = Get-WindowsUpdate -WindowsUpdate -UpdateType Driver $Updates | Select Title,Description -Expand Identity |fl

Hides updates for a driver by its ID:

Hide-WindowsUpdate -UpdateID "0be073ee-34ba-432c-91c8-957a608d0e2f"

You can disable automatic updating of a specific driver via Group Policy. To do this, find the hardware ID of this device.

Open the Device Manager snap-in (devmgmt.msc). Find the device you need in the hardware list and open its properties;
Go to the Detail tab and select Hardware IDs from the drop-down list;
Copy the values of the hardware identifiers associated with the device (in the format PCI\VEN_15AD&DEV_ …) into the notepad.exe; $video adapter device id: pci\ven$

Or use PowerShell to find the device’s hardware IDs:

Get-PnpDevice|where FriendlyName -like "*HD Graphics*"|select class, FriendlyName, HardwareID|fl

Then open the Local Group Policy Editor ( gpedit.msc ) and go to Computer Configuration -> Administrative Templates -> System -> Device Installation -> Device Installation Restrictions. Enable the policy Prevent installation of devices that match any of these device IDs (check the option Also apply to matching devices that are already installed).

In the policy settings, click the ‘Show’ button and copy the graphic card ID values you received earlier into the values table.

You can use this GPO option to disable driver updates for specific types (classes) of devices (printers, sound cards, USB controllers, etc.) To do this, you need to add the device class GUID to the policy settings. For example, {4d36e972-e325-11ce-bfc1-08002be10318} is a class of network adapters, {4d36e979-e325-11ce-bfc1-08002be10318} and {4658ee7e-f050-11d1-b6bd-00c04fa372a7} – printers, etc. You can find a complete list of hardware class GUIDs here: https://docs.microsoft.com/en-us/windows-hardware/drivers/install/system-defined-device-setup-classes-available-to-vendors

Save the changes and apply the new Group Policy settings to a computer with the command: gpupdate /force

Now, if a computer receives a new driver version for this device via Windows Update, an error message will appear during the driver installation:

The installation of this device is forbidden by system policy. Contact your system administrator).

It is now impossible to manually update the driver for this device. To update the driver, you will have to disable this Group Policy option or remove the hardware ID from the list

Also, you can enable and configure this policy through the registry. Open the Registry Editor (regedit.exe) and navigate to the registry key HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceIDs. Create string (REG_SZ) parameters with names in order, starting with 1, and the hardware ID value in each parameter.

Then create the DenyDeviceIDsRetroactive parameter with a value of 1:

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions" /v "DenyDeviceIDsRetroactive" /t "REG_DWORD" /d "1" /f

How to Stop Windows from Updating Drivers with Group Policy

Above, we showed how to use Group Policy to disable automatic driver updates for a specific device. It is also possible to use GPO to completely disable driver updates for all devices on a Windows computer.

Press Win + R and type gpedit.msc -> OK (in Windows Home editions you can run the Local Group Policy Editor like this);
Enable the option Do not include drivers with Windows Update under Computer Configuration -> Administrative Templates -> Windows Components -> Manage Updates offered from Windows Update
Then navigate to Computer Configuration -> Administrative Templates -> System -> Device Installation
Configure the following policies: Prevent device metadata retrieval from the Internet = Enabled
Specify search order for device driver source locations = Do not search Windows Update

Domain GPOs (gpmc.msc snap-in) can be used to apply these settings to multiple computers in an AD domain. To copy local GPO settings to other computers in a workgroup environment, use the LGPO.exe tool. Once these Group Policy settings are applied to computers, they will no longer attempt to update drivers through Windows Update.

Disable Automatic Driver Updates with PowerShell

To disable automatic driver updates in Windows, you can use PowerShell commands to modify some registry options (these changes are similar to the changes made by the GPO options described above).

Set the following registry parameters:

SearchOrderConfig = 3 (do not install drivers via Windows Update)
PreventDeviceMetadataFromNetwork = 1
ExcludeWUDriversInQualityUpdate = 1(located in several registry keys)
ExcludeWUDrivers = 1

To modify these registry entries, open an elevated PowerShell prompt and run the following code:

Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching\ -Name SearchOrderConfig -Value 3 Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata\' -Name PreventDeviceMetadataFromNetwork -Value 1 New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState\" -Name ExcludeWUDrivers -PropertyType DWord -Value 1 $regkeys = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate', 'HKLM:\SOFTWARE\Microsoft\PolicyManager\default\Update', 'HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings', 'HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device\Update' foreach ($regkey in $regkeys){ # Check that the registry key exists and create it if necessary $test = test-path -path $regkey if(-not($test)){ New-Item -Path $regKey } Set-ItemProperty -Path $regkey -Name ExcludeWUDriversInQualityUpdate -Value 1 } foreach ($regkey in $regkeys){write-host $regkey}

You can also configure these registry settings manually using regedit.exe or deploy the registry keys to domain computers via GPO.

Automatic driver updates in Windows will be blocked after the restart.

Turn Off Automatic Device Driver Installation in Windows Settings

In operating systems earlier than Windows 10/11, it was possible to disable driver updates in System settings on the Hardware tab.

Press Win + X and run the sysdm.cpl command;
Go to the Hardware in the Advanced System Settings dialog
Click the Device Installation Settings button;
In the Device Installation Settings, set “No (your device might not work as expected)” in the dialog “Do you want to automatically download manufacturers’ apps and custom icons available for your device?”;
Save the changes and the restart computer.

Group Policies PowerShell Windows 10 Windows 11

Configuring iSCSI Datastore (LUN) on VMware ESXi

5 comments

AA April 22, 2019 - 8:09 am

All of this methods are just “TEMPORARY”. I found automatic driver update couldn’t be turned off and MS officially told THEY WILL NEVER CHANGE THIS BECAUSE OF SECURITY which is just lie.

WIn11Newbie December 30, 2021 - 10:03 am

actually this worked for me:

In the latest build of Windows 10 21H1 and in Windows 11, the ExcludeWUDriversInQualityUpdate parameter is located in several registry keys:

HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Update
HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update
HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

You need to set the parameter ExcludeWUDriversInQualityUpdate = 1 in all specified registry keys. Add the following PowerShell code to the above script:

if you dont have the ExcludeWUDriversInQualityUpdate file in those locations you have to create one Dword 32-bit key in each location and set the value to one

Peter Goezinya October 17, 2024 - 7:24 pm

Well let’s look at what you are actually saying… ‘These are all temporary fixes’
Would you actually expect Microsoft to allow a setting such as “Do not include drivers with Windows Update” to persist past an In-Place-Upgrade (from Win10 to Win11 without losing data) or a Repair-Installation? Of course not because these types of settings will prevent Windows Update from functioning the way Microsoft designed it to function. So yes, it would make sense that MS is going to force undo these types of custom configurations whenever your Windows copy is upgraded. No, updates and upgrades are not the same thing but to the end-user (you) they don’t appear much different (more frequent and longer reboots) than a standard update. So even if you learn how to control Windows Update 100% the way you like it… they’re gonna just put it back to where they like it in the eventuality of things. LOL!

serg August 31, 2023 - 4:00 pm

Block specific device driver from install:
Get the device Hardware ID and class:
pnputil /enum-devices /ids
Go to Computer Configuration/Administrative Templates/System/Device Installation and enable “Device Installation Restrictions/Prevent installation of devices that match any of these device IDs”

If a device is blocked a Event with ID 402 is logged to the Windows Kernel-PNP Log.
Get-WinEvent -FilterHashtable @{“LogName”=”Microsoft-Windows-Kernel-PnP/Configuration”;”ID”=”402″ }

Peter Goezinya October 17, 2024 - 7:02 pm

If you have Windows Pro then the option to use GPEDIT.msc to set the policy “Do not include drivers with Windows Update” will work. However I am not sure if this policy will persist an In-Place-Upgrade or Repair-Install. I would suspect that since it’s a setting that directly affects the functionality of Windows Update (and subsequently Windows entirely), then most likely it’s gonna get reset when you upgrade Windows.

As far as trying to install GPEDIT into Windows Home Edition, well that seems to only be installed at surface level. I have tried this many times on many machines and it will NOT exhibit control over Windows Update. I don’t know if it can do anything actually.

Furthermore, Microsoft is putting a stop to the use of WuShowHide. It has not actually worked to “Hide” updates in quite a long time actually, so don’t bother using it.