Windows Update has the habit of pushing driver updates silently into your system. Sometimes, the drivers offered by Microsoft for your devices may cause problems. It’s always the best idea to only update the drivers directly from the device manufacturer’s site.
Sometimes, we may have to roll back the drivers auto-installed by Windows Update. For example, Realtek drivers pushed out by Windows Update caused problems for some users. So let’s see how to prevent Windows Update from automatically installing device drivers.
- Method 1: Using the WUShowHide tool from Microsoft
- Method 2: Using the ExcludeWUDriversInQualityUpdate Policy
- Method 3: Prevent driver installation for a specific device
- Other Methods to Prevent Automatic Driver Updates
Stop Windows Update from Installing Driver Updates
First, roll back the driver installed via the Windows Update channel. To roll back the device driver, you have two options. One is to open Device Manager and use the Rollback… option in the device’s properties.
To rollback a driver using Device Manager, use these steps:
- Right-click Start, click Device Manager
- Right-click on the device (Intel or Realtek network adapter), and choose Properties
- Choose one of the reasons listed under “Why are you rolling back?” and choose Yes to continue.
If a driver you were offered (and automatically installed) is causing system crashes or instability, you could use the driver rollback method.
Should the Windows Update channel repeatedly offer you or install a problematic driver automatically, use the
WUShowHide.diagcab tool from Microsoft. This tool blocks a particular driver update from being installed. For more information, check out the Microsoft article How to temporarily prevent a driver update from reinstalling.
You can directly download the
WUShowHide.diagcab tool from the following link:
As a side note, the wushowhide.diagcab tool can also be used for temporarily blocking Windows 10/11 Feature Updates, not just device drivers. This tool works on all editions of Windows, including Home Edition.
Pros & Cons of this method:
- Advantage: This method works on any edition of Windows 10/11, including Home Edition.
- Disadvantage: If Microsoft releases a different driver version (supersede), you may need to redo the above steps to hide/block it for future driver versions. However, setting your internet connection to metered allows you to prevent updates from being installed automatically, giving you ample time to block specific drivers.
There is a group policy setting named “Do not include drivers with Windows Updates” (registry value “
ExcludeWUDriversInQualityUpdate“) that’s supposed to prevent Windows Update from installing driver updates in Windows Professional edition and higher.
To configure this setting in Group Policy, open the following branch in the Group Policy Editor (
Computer Configuration → Administrative Templates → Windows Components → Windows Update
On Windows 11, you’ll find the GPO setting in this branch instead:
Computer Configuration → Administrative Templates → Windows Components → Windows Update → Manage updates offered from Windows Update
Enable the policy “Do not include drivers with Windows Updates” to not include drivers with Windows quality updates. If you disable or do not configure this policy, Windows Update will include updates that have a Driver classification.
Equivalent registry setting:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate Value Name: ExcludeWUDriversInQualityUpdate Value Type: REG_DWORD Value Data: 1 (Exclude Windows Update drivers) | Other value or absent: offer Windows Update drivers
Editor’s note: I’ve tested this policy setting on Windows 11 Pro 21H2 (OS Build 22000.194), and it worked perfectly. This should also work on Windows 10 Pro editions (and higher). Note that the registry-based policy had no effect on Windows 11/10 Home Edition.
The following screenshot shows that the four driver update packages (Intel, Qualcomm, and Realtek drivers) are now hidden on the Windows Update page.
The GPO works perfectly!
Hint: If Windows Update doesn’t refresh the listing even after applying the policy setting, press “Pause updates for 1 week” or “Pause updates for 7 days” button. Then, press the “Resume updates” button (this button will show up on the screen after you pause WU). This force refreshes the Windows Update page.
Pros & Cons of this method:
- Advantage: This method is a one-time procedure to stop WU from serving/installing driver updates. You don’t need to repeat the process for each driver update.
- Disadvantages: This method requires Windows 10/11 Professional edition or higher. Also, this policy may be ignored when you install a feature update. Feature updates are essentially major upgrades that increment the version of Windows — e.g., 20H2 to 21H2.
You can now install driver updates manually by downloading them from the manufacturer’s website. HP/Dell and OEM computer manufacturers usually include a free bios/driver updater tool.
Installing drivers from the device manufacturer (rather than via WU) is a safer option.
A group policy setting named “Prevent installation of devices that match these device IDs” specifies a list of Plug and Play hardware IDs and compatible IDs for devices that users can’t install. If you enable this policy setting, users can’t install or update the driver for a device if its hardware ID or compatible ID matches one in this list.
Note: Before proceeding, first, install your preferred version of the driver for the device. Once done, set up an update block/restriction using the method below:
- Launch Device Manager.
- Double-click on the hardware (e.g., Intel Graphics) in Device Manager.
- Select the Details tab, and select “Hardware Ids” in the Property dropdown box.
- Select all the hardware Ids and click Copy. (You actually need the 2nd item only.)
- Let’s say the following are the Hardware Ids listed on that page:
PCI\VEN_8086&DEV_0412&SUBSYS_05A41028&REV_06 PCI\VEN_8086&DEV_0412&SUBSYS_05A41028 PCI\VEN_8086&DEV_0412&CC_030000 PCI\VEN_8086&DEV_0412&CC_0300
Pick the 2nd item from the list and copy it to the clipboard.
For instance, the hardware ID of your video card is
PCI\VEN_8086&DEV_0412&SUBSYS_05A41028, as determined via Device Manager. You can block driver updates for this card using the GPO or registry.
- Next, load the Group Policy Editor (gpedit.msc).
- Go to the following branch:
Computer configuration → Administrative Templates → System → Device Installation → Device Installation Restrictions
- Double-click “Prevent installation of devices that match any of these device IDs.”
- Select “Enabled”
- Click “Show” and paste the hardware ID you copied to the clipboard earlier.
- Click OK, and click Apply.
- Click OK.
That’s it. Driver updates for this hardware are now blocked.
With the restriction in effect, any attempts to install a driver update for this particular hardware will result in the following error:
The installation of this device is forbidden by system policy.
Important: If the hardware vendor (e.g., Intel) releases a driver update for this hardware and you want to apply it, first, you need to set the above group policy setting to “Not configured.”
Windows 10/11 Home Edition
On Windows 10/11 Home Edition, the group policy editor is unavailable. However, you can apply the equivalent registry edit to get the same results.
Option 1: Edit the Registry or use a REG file
Here’s the REG file for the above GPO setting.
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions] "DenyDeviceIDs"=dword:00000001 "DenyDeviceIDsRetroactive"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceIDs] "1"="PCI\VEN_8086&DEV_0412&SUBSYS_05A41028"
Be sure to replace the hardware ID in the above REG file with the actual hardware ID for your device.
Option 2: Use “Policy Plus”
Alternatively, you can use Policy Plus on Windows Home Edition. Policy Plus is a freeware alternative to the Local Group Policy Editor. This tool is intended to make the power of Group Policy settings available to every version/edition of Windows.
Using the SearchOrderConfig Registry setting
When you add new hardware to your computer, you can stop Windows from searching Windows Update for the drivers. There is a registry setting named
SearchOrderConfig. For more information, check out the article “Windows Update Configured to never install drivers” Detected by Troubleshooter.
SearchOrderConfig registry value to
0 means Windows will be instructed to “Never install driver software from Windows Update” during new hardware installation.
Deny Write Access to Realtek Folder by SYSTEM
Apart from using
wushowhide.diagcab method, here is another permanent method to avoid Realtek drivers from being auto-updated. This, of course, applies only if you have a Realtek network adapter.
A Redditor says: After WU installed the Realtek HD audio driver, he uninstalled it and restarted the computer. Windows installed the standard version of the driver after the reboot. However, as Windows Update updated the drivers automatically, the Realtek device malfunctioned and this cycle repeated again and again. Here are some ways to prevent a device driver (e.g., Realtek High Definition Audio drivers) from being updated automatically.
- First, roll back the Realtek drivers via Device Managers, as instructed earlier in the article.
- After restarting Windows, open the folder C:\Program Files\Realtek
- Right-click the Realtek folder, and click Properties.
- Go to the Security tab, and click Advanced
- Change all permissions for
- Click OK. Click OK once more.
- Restart Windows.
You’re set. And note that you cannot manually install future Realtek drivers unless you revert the permissions back to how they were.
Set your internet connection to Metered
Setting your internet connection to metered will automatically prevent Windows Update from downloading updates (both driver and non-drivers).
However, you can see the list of available updates for your device. This will allow you to hide any updates (using the WUShowHide.diagcab tool) you don’t want before they get installed. Note that Windows Spotlight won’t download new wallpapers on metered connections.
One small request: If you liked this post, please share this?One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
- Pin it!
- Share it to your favorite blog + Facebook, Reddit
- Tweet it!