If you’re using WSUS in a corporate environment you might have noticed that Windows 10 likes to update device drivers from the Internet and along the way to bypass the WSUS policies. In order to prevent your Windows 10 client machines from updating the device drivers from the Internet, you’ll have to use a group policy.
Create a new GPO and edit the policy.
In the left pane navigate to:
Computer Configuration | Administrative Templates | System | Device Installation | Device Installation Restrictions
In the right pane double click “Prevent installation of devices not described by other policy”
Set the policy to Enabled.
If you have only a small number of machines and you are not using a domain environment, you can do this locally on each of the Windows 10 client machines.
For this policy, there is no need for custom Windows 10 Administrative Templates.
Any comments are welcome.