Saturday, July 23, 2016

How to Prevent Windows from Automatically Updating Specific Drivers

ddu_top
Windows–especially Windows 10–has a bad habit of installing new updates for hardware drivers whether you want them or not. You could go big and simply prevent Windows from downloading updates altogether, or you might have luck blocking or hiding updates. But if you’ve got the Pro or Enterprise version of Windows, you can tailor your actions a little better by using Group Policy Editor to prevent the installation or updating of specific devices.


And of course, we have a caveat for you right off the bat: setting a policy to disable updates for a device prevents both automatic and manual updates of drivers for that device. So, if you want to update the driver yourself, you’ll have to disable the policy you’re about to configure, update the device, and then set the policy up again. That said, with a little preparation to minimize the hassle, we think you’ll find it worth the effort.
There are actually two steps to this process. First, we’re going to use Device Manager to find the hardware IDs for the device in question, and then we’re going to use Group Policy Editor to block installation or updating of the device that matches those IDs. Before you get started, though, you should make sure that the device has the driver version you want installed and that everything’s working properly.

Step One: Find the Hardware IDs for the Device in Device Manager

Your first step is finding the hardware IDs of the device for which you want to block updates. And for that, we’ll use Device Manager. Hit Start, type “device manager,” and then press Enter or click the “Device Manager” entry.
device_manager_1
In Device Manager, find the device you want to block updates for. Right-click the device and choose “Properties” from the context menu.
device_manager_2
On the device’s properties window, click the “Details” tab.
device_manager_3
From the “Property” drop-down menu, choose “Hardware Ids” to display the IDs associated with the device.
device_manager_4
Now, all you have to to is grab those IDs so you can access them when you configure the policy in the next step. The easiest way is to copy them to a text file. Just click the top ID, shift-click the bottom ID to select them all, and hit Ctrl+C to copy the text. Fire up Notepad (or whatever you use to store text) and press Ctrl+V to paste the values. And if you’re collecting IDs for multiple devices, put them in different sections and label them so you can tell which IDs go with which device. Save the text file so you can call it up in the future.

Step Two: Prevent Installation and Updating of the Device in Group Policy Editor

Now that you have the right hardware IDs in hand, you’ll be using Group Policy Editor to make the changes. Note again that you’ll need to be using a Windows Pro or Enterprise edition. The Windows Home edition does not have Group Policy Editor.

Be warned that Group Policy is a pretty powerful tool, so if you’ve never used it before, it’s worth taking some time to learn what it can do. Also, if you’re on a company network, do everyone a favor and check with your admin first. If your work computer is part of a domain, it’s also likely that it’s part of a domain group policy that will supersede the local group policy, anyway.
First, sign in with an administrative account and open the Group Policy Editor by hitting Start, typing “gpedit.msc”, and then pressing Enter.
gp_1
In the Group Policy window, in the left-hand pane, drill down to Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions. On the right, find the “Prevent installation of devices that match any of these devices IDs” item and double-click it.
gp_2
In the policy window, select the “Enabled” option and then click the “Show” button.
gp_3
In the Show Contents window, you’ll add the hardware IDs for the device. You’ll need to add them one at a time, so just copy each ID from that text file you created earlier and paste it into the next available line in the “Value” column. When you’re done adding all the hardware IDs, click OK. Note that if you’re blocking updates for more than one device, you can just keep adding hardware IDs for all the devices to this window until you’re done.
gp_4
Back on the policy page, click the “Also apply to matching devices that are already installed” check box and then click OK.
gp_5
You can now exit the Group Policy Editor. You can test the new settings by trying to install an updated driver, but an easier way to verify that the changes took is to head back into Device Manager. In the main Device Manager window, you should now see the device you blocked listed in the “Other devices” section with a warning symbol on the icon. If you open the device’s properties page, you can see that installation is now forbidden by system policy.
gp_6
Also, Windows Update may still download new driver updates for the device. It just won’t be able to install them, instead reporting an installation error in the Windows Update window. This won’t get in the way of other updates being successfully installed and you can always hide that particular update if you’d rather not see it in Windows Update at all.
If you change your mind and want to allow updates to that device again, you can go back into Group Policy Editor and disable the policy. You’ll have to do this even if you just want to allow a one-time manual update of the drivers.
There is a big caveat here, though. If you disable the policy (or set it to “Not Configured”), all the hardware IDs you added to the policy will be deleted. If you want to re-enable the policy again, you’ll have to re-enter all the hardware IDs. This is especially important to note if you’ve got hardware IDs for multiple devices entered. If you want to re-enable updates for just one device, it’s better to leave the policy on and remove those specific hardware IDs. That’s why it’s important to save that text file.
And that’s it. It’s not a perfect solution, but using Group Policy to disable updating specific devices at least gives you a little more control than having to disable updates altogether.


 Credit: Walter Glenn

No comments: