michael/dotfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add a note on targeting specific Windows versions for updates

Browse Source
This commit is contained in:
Michael Campagnaro
2024-04-26 15:10:26 -04:00
parent 9876fcf4cd
commit 9216d7cee5
3 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
dotfiles/windows/readme.md
View File

@@ -19,6 +19,16 @@
* Open settings -> System -> About -> Rename this PC
* Reboot
* Optionally target a specific Windows release for updates
* Useful when you want to stay on a specific release or install one that isn't yet available to you, e.g. running Win10 21H1, want 22H2.
* If you don't care and just want Windows to give you the release when your system is selected then you probably want to disable the policy
instead of leaving it as "not configured". I wasn't getting 22H2 and Windows Update claimed this policy was in use. I had to target 22H2
to get it and then I left the option disabled. So, you might want to try disabled from the get-go and see how it plays out.
* Group policy editor:
* Administrative Templates -> Windows Components -> Windows Update -> Windows Update for Business
* Enable `Select the target Feature Update version`, set the product to `Windows 10` and the version to `22H2` or whatever you want.
* Now check for new Windows updates, should pick up the target version.
* Review trusted root certificate authorities
* Open the Microsoft Management Console (win+r, mmc)
* File -> Add/Remove Snap-in -> Certificates -> Add
@@ -64,7 +74,7 @@
* Download [InControl](https://www.grc.com/incontrol.htm) to stop Microsoft from pushing Windows 11.
* Disable Corana: group policy -> Administrative Templates -> Search -> disable the "Allow Cortana ..." settings.
* Disable Corana: group policy editor -> Administrative Templates -> Search -> disable the "Allow Cortana ..." settings.
* Install Open-Shell to restore the start menu to the sensible Windows 7 style.
@@ -156,7 +166,7 @@ processor time and is generally useless.
* Go into the Windows security settings and disable `Tamper Protection`.
* winkey+r -> `gpedit.msc`.
* Can now disable either with a policy or some custom batch files.
* Policy:
* Group policy:
* Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus -> Real-time Protection
* Double-click the `Turn off real-time protection` policy.
* Select Enabled (you may have to restart PC).