But that is nothing the OP wanted to get. Blocking Windows to update the computer is easy. However, the OP just wanted to block specific drivers for a specific device!
personally i just remove the windows update driver handler by deleting HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdateHandlers\Driver powershell code (bit problematic because the key is owned by trusted installer) Code: $ErrorActionPreference = "Inquire" #get SeTakeOwnershipPrivilege $definition = @" using System.Runtime.InteropServices; public class NtDll { [DllImport("ntdll.dll")] public static extern int RtlAdjustPrivilege(ulong Privilege, bool Enable, bool CurrentThread, ref bool Enabled); } "@ Add-Type $definition [NtDll]::RtlAdjustPrivilege(9, 1, 0, [ref]0) #name of hklm subkey $name = "SOFTWARE\Microsoft\WindowsUpdate\UpdateHandlers\Driver" #open key $key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey($name, "ReadWriteSubTree", "TakeOwnership") #change ownership $owner = [System.Security.AccessControl.RegistrySecurity]::new() $owner.SetOwner([System.Security.Principal.NTAccount]"Administrators") $key.SetAccessControl($owner) #change access rules $rule = [System.Security.AccessControl.RegistrySecurity]::new() $rule.SetAccessRule([System.Security.AccessControl.RegistryAccessRule]::new("Administrators", "Full", 0, 0, 0)) $key.SetAccessControl($rule) #delete key [Microsoft.Win32.Registry]::LocalMachine.DeleteSubKey($name)
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching" /v "SearchOrderConfig" /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata" /v PreventDeviceMetadataFromNetwork /t REG_DWORD /d 1 /f
The solution to the OP's problem. You can even set a custom message etc. Deployed through Domain joined machines it is as easy as pie, otherwise create a working deployment image with all software and local GP policies and clone it to the 48 machines
thanks dude for the heads up, so I download the Windows ADK for use with Windows 10 version 1607 to work in Windows ICD is one huge download 6,6GB (already installed) then this night I can start my new project with Windows 10 Enterprise LTSB 2016 x64 and compare with MSMG to see diferences in each one right
Of course, the big question always remains: Why should I do something easily when I can do it in a very complicated way, too ???? - Take the ORIGINAL question (and the problem) the Original Poster had in the first thread here. - Then take my answer and proposal to use Group Policy Editor. - problem solved, solution done! ------------------------------------------ And where are we now ???? ===> Loading tons of Giga Bytes and use Instruments thought for System Administrators in big Companies. Frankly, that doesn't help very much.