Add DoNotConnectToWindowsUpdateInternetLocations

README.md

@@ -771,7 +771,7 @@ The registry settings are merged with the ``apply-registry.ps1`` script. As for
 
 |Option|Incentive|Notes|Default Value|
 |---|---|---|---|
-|``disable windows update``|1. Reducing CPU overhead<br><br>2. Gaining finer control over the feature in question|🔒 A value of ``true`` may negatively impact security and expose the system to vulnerabilities. Users should evaluate the security risks associated with modifying the specified setting<br><br>Disabling Windows Update is in Microsoft's recommendations for configuring devices for real-time performance ([1](https://learn.microsoft.com/en-us/windows/iot/iot-enterprise/soft-real-time/soft-real-time-device)). Alternatively automatic updates can be disabled instead of disabling Windows Update completely which achieves the same effect in terms of reducing CPU overhead but still being able to update Windows by configuring ``disable windows update`` to ``false`` and ``disable automatic windows updates`` to ``true``. The Windows Update processes are known to use a lot of CPU and memory resources<br><br>This option does not affect upgrades which can be controlled using group policies ([instructions](https://www.tenforums.com/tutorials/159624-how-specify-target-feature-update-version-windows-10-a.html)). However, you are limited to preventing upgrades until the specified version reaches end-of-life|``false``|
+|``disable windows update``|1. Reducing CPU overhead<br><br>2. Gaining finer control over the feature in question|🔒 A value of ``true`` may negatively impact security and expose the system to vulnerabilities. Users should evaluate the security risks associated with modifying the specified setting<br><br>Disabling Windows Update is in Microsoft's recommendations for configuring devices for real-time performance ([1](https://learn.microsoft.com/en-us/windows/iot/iot-enterprise/soft-real-time/soft-real-time-device)). Alternatively automatic updates can be disabled instead of disabling Windows Update completely which achieves the same effect in terms of reducing CPU overhead but still being able to update Windows by configuring ``disable windows update`` to ``false`` and ``disable automatic windows updates`` to ``true``. The Windows Update processes are known to use a lot of CPU and memory resources. Disabling Windows Update breaks the Microsoft Store however you can download and install Appx packages directly ([instructions](https://superuser.com/questions/1721755/is-there-a-way-to-install-microsoft-store-exclusive-apps-without-store))<br><br>This option does not affect upgrades which can be controlled using group policies ([instructions](https://www.tenforums.com/tutorials/159624-how-specify-target-feature-update-version-windows-10-a.html)). However, you are limited to preventing upgrades until the specified version reaches end-of-life|``false``|
 |``disable automatic windows updates``|1. Reducing CPU overhead<br><br>2. Gaining finer control over the feature in question|🔒 A value of ``true`` may negatively impact security and expose the system to vulnerabilities. Users should evaluate the security risks associated with modifying the specified setting<br><br>Prevents automatic download and installation of Windows updates rather than disabling Windows Update completely and instead, check for updates manually from time to time. Updates can occur at inconvenient times which leads to excessive CPU and memory usage at random intervals along with disrupting shutdowns in certain cases. This option is overridden if ``disable windows update`` is set to ``true``. <br><br>This option does not affect upgrades which can be controlled using group policies ([instructions](https://www.tenforums.com/tutorials/159624-how-specify-target-feature-update-version-windows-10-a.html)). However, you are limited to preventing upgrades until the specified version reaches end-of-life|``true``|
 |``disable driver installation via windows update``|1. Reducing CPU overhead<br><br>2. Gaining finer control over the feature in question|Prevents outdated, vulnerable and potentially poorly performing drivers from being installed via Windows Update. It is recommended to manually install only the bare minimum version of the ones that your system requires (as the full installer often installs other bloatware that persistently runs in the background) along with the latest version directly from the manufacture's website as outlined in section [11.5. Installing Drivers](#115-installing-drivers). This option is overridden if ``disable windows update`` is set to ``true``|``true``|
 |``disable automatic store app updates``|1. Reducing CPU overhead<br><br>2. Gaining finer control over the feature in question|🔒 A value of ``true`` may negatively impact security and expose the system to vulnerabilities. Users should evaluate the security risks associated with modifying the specified setting<br><br>Prevents automatic download and installation of store application updates compared to disabling app updates completely which is not desirable in terms of reducing CPU overhead. Instead, check for application updates manually from time to time|``true``|
@@ -1003,7 +1003,7 @@ I heavily discourage running debloating scripts or removing components other tha
   - Uninstall bloatware in the applications section in the immersive control panel by pressing ``Win+I`` (this can also be managed in [AppxPackagesManager](https://github.com/valleyofdoom/AppxPackagesManager))
   - In the ``Optional features`` section within the immersive control panel, you can uninstall everything that you don't need if desired
 
-- If Windows Defender was disabled in section [11.4. Merging Registry Options](#114-merging-registry-options),``smartscreen.exe`` ignores the registry key that controls whether it runs in the background persistently on later versions of Windows. For this reason, open CMD as TrustedInstaller with ``C:\bin\MinSudo.exe --TrustedInstaller --Privileged`` and enter the command below to prevent it running in the background
+- If Windows Defender was disabled in section [11.4. Merging Registry Options](#114-merging-registry-options), ``smartscreen.exe`` ignores the registry key that controls whether it runs in the background persistently on later versions of Windows. For this reason, open CMD as TrustedInstaller with ``C:\bin\MinSudo.exe --TrustedInstaller --Privileged`` and enter the command below to prevent it running in the background
 
     ```bat
     taskkill /f /im smartscreen.exe > nul 2>&1 & ren C:\Windows\System32\smartscreen.exe smartscreen.exee
@@ -1015,7 +1015,7 @@ I heavily discourage running debloating scripts or removing components other tha
 
 Optional features can be accessed by typing ``OptionalFeatures`` in ``Win+R``. Enable/disable features that you do/don't need. If Windows Update is disabled then you likely won't be able to install features and instead, must install an offline package using DISM. On Windows Server, this can be accessed via the Server Manager dashboard by navigating to ``Manage -> Remove Roles and Features``.
 
-## 11.20.1. NET 3.5
+### 11.20.1. NET 3.5
 
 Some applications still utilize the NET 3.5 runtime so I would recommend installing it just in case. As mentioned previously, you won't be able to install it in the Optional Features window if Windows Update is disabled but can instead, be installed using an offline package.
 

bin/apply-registry.ps1

@@ -63,6 +63,13 @@ $entries = @{
                 "disable driver installation via windows update"
             )
         }
+        @{
+            "key_name"    = "DoNotConnectToWindowsUpdateInternetLocations"
+            "min_version" = 9600
+            "value"       = 1
+            "type"        = "REG_DWORD"
+            "apply_if"    = @("disable windows update")
+        }
     )
     "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU"                                                               = @(
         @{