Many IT administrators managing Windows 7 Professional workstations (especially non-domain joined devices) are reporting unexpected upgrade prompts through the "Get Windows 10" app. This system tray application, pushed through Windows Update KB3035583, automatically reserves upgrade slots for users.
For organizations needing to maintain Windows 7 stability, here are technical solutions to prevent unwanted upgrades:
1. Group Policy Configuration
# Disable Windows 10 Upgrade through GPO
Path: Computer Configuration → Administrative Templates → Windows Components → Windows Update
Policy: "Turn off the upgrade to the latest version of Windows through Windows Update"
Set to: Enabled2. Registry Modification
For standalone machines or non-domain environments:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"DisableOSUpgrade"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Gwx]
"DisableGwx"=dword:000000013. WMI Filter Script
For advanced deployment scenarios:
# PowerShell script to disable GWX components
Get-Service -Name gwx* | Stop-Service -PassThru | Set-Service -StartupType Disabled
Remove-Item -Path "$env:windir\system32\GWX" -Recurse -Force -ErrorAction SilentlyContinueAfter implementation, verify effectiveness with:
# Check GWX status
Test-Path "$env:windir\system32\GWX\GWX.exe"
# Verify registry values
Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" | Select-Object DisableOSUpgrade- Deploy WSUS approval rules to block KB3035583 and related updates
- Implement SRP/AppLocker policies to prevent GWX executables
- Configure Windows Update to only install important updates
html
Many IT administrators have reported unexpected Windows 10 upgrade prompts appearing on Windows 7 Professional machines, particularly on non-domain-joined devices. The GWX (Get Windows 10) app manifests as a system tray icon and can trigger automatic upgrade reservations.
For standalone machines or environments without Active Directory, registry modifications provide immediate control:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate] "DisableOSUpgrade"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Gwx] "DisableGwx"=dword:00000001
For domain-joined machines, deploy these settings through GPO:
- Create or edit a GPO linked to the appropriate OU
- Navigate to: Computer Configuration > Administrative Templates > Windows Components > Windows Update
- Enable "Turn off the upgrade to the latest version of Windows through Windows Update"
- Set to "Enabled"
For automated deployment across multiple machines:
$registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"
$gwxPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Gwx"
if (-not (Test-Path $registryPath)) {
New-Item -Path $registryPath -Force
}
Set-ItemProperty -Path $registryPath -Name "DisableOSUpgrade" -Value 1 -Type DWord
if (-not (Test-Path $gwxPath)) {
New-Item -Path $gwxPath -Force
}
Set-ItemProperty -Path $gwxPath -Name "DisableGwx" -Value 1 -Type DWord
After implementation, verify the settings:
Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" | Select-Object DisableOSUpgrade Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Gwx" | Select-Object DisableGwx
Expected output should show both values set to 1. If policies aren't applying, check:
- GPResult /R for policy application issues
- Registry key permissions
- Windows Update service status
For comprehensive protection, consider these supplementary measures:
# Remove GWX notification icon Remove-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade" -Recurse -ErrorAction SilentlyContinue # Block KB3035583 (GWX update) wusa /uninstall /kb:3035583 /quiet /norestart