For organizations that wish to disable auto win10 updates, the below is a useful hack. However, this does not prevent an end-user from going to System Settings and clicking the button "Check for Updates". When this happens, not only will they receive patches, but v1709 will be installed.
If you wish to prevent users from being able to self apply patches to their systems and only be allowed to be patched from EPM, please follow the following.
Apply the below registry entries and once applied users will see the message below
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"DeferFeatureUpdates"=dword:00000001
"BranchReadinessLevel"=dword:00000020
"DeferFeatureUpdatesPeriodInDays"=dword:00000168
"PauseFeatureUpdatesStartTime"="2018-01-01"
"DeferQualityUpdates"=dword:00000001
"DeferQualityUpdatesPeriodInDays"=dword:0000001e
"PauseQualityUpdatesStartTime"="2018-01-01"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000001
"AuOptions"=dword:00000002
