New policy in Windows 10 allows to disable the safeguard update blocking feature

New policy in Windows 10 allows to disable the safeguard update blocking feature

Microsoft is currently adopting a policy of releasing new feature updates for Windows 10 on a “staggered” model. This means that the initial rollout phase will mainly target a certain small group of users, then gradually expand to many other groups of users. There is nothing wrong with this, but in reality there are many cases where Windows 10 users are blocked from receiving new feature updates because of the “safeguard holds” (safeguard holds) from Microsoft. These are usually update packages that are applied to devices that may be affected by known issues – based on Microsoft’s remote assessment measures – which can eventually cause blue screen errors ( BSOD) or bothersome problems with system performance and stability.

However, a recently added Group Policy (Group Policy) specifically for system administrators and professional users on Windows 10 may allow them to disable safeguard hold and push new updates. go to Windows Update.

The new policy is named “ Disable Safeguards for Feature Updates ”, and can be found under Computer Configuration> Administrative Templates> Windows Components> Windows Update> Windows Update for Business in the Group Policy Editor . Administrators using the MDM (Mobile Device Management) tool can use CSP Update / DisableWUfBSafeguards. When enabled, it immediately disables the safeguard holds process.

Disable protections for the Feature Updates group policy

As Microsoft explained in a recently updated support document, that the ability to disable this safeguard hold is a temporary measure for system administrators and risk-aware people. The reason the Redmond company calls this policy “temporary” is because it will be reset after the update and the user must manually reactivate.

When this policy is enabled, a Registry value will be created under:

HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdate

with the name: ” DisableWUfBSafeguards “. When set to 1, the safeguard holds will be ignored by Windows Update.

Policies are created in the Windows Registry

Therefore, users who want to enable the safeguard hold bypass can use the registry to create the value ” DisableWUfBSafeguards “. You can do this in the following ways:

  • Open Notepad
  • Copy the following code and paste it into Notepad
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdate] "DisableWUfBSafeguards"=dword:00000001
  • Click File on the menu bar and choose Save As
  • Choose where you want to save the file so that it’s easy to find (possibly the desktop)
  • Choose a name for the file with the .reg extension (eg Disable_Safeguardhold.reg )
  • Select All Files from the Save as type drop-down list
  • Go to where to save the file and double-click the file to run it
  • Next, choose Run> Yes (UAC)> Yes> OK to apply the new value to the registry
  • Once done you can delete the .reg file you just created if you want
  • Reboot the machine

Windows users as well as system administrators should be aware that protection rules should not be ignored unless they have thoroughly tested that their device will work fine with the new feature update.

This policy is bundled with Patch Tuesday updates and works on Windows 10 version 1809 (October 2019 Update) or later, with devices running Windows Update for Business.

2