Windows 10 introduced a new computer group policy, "Remove access to use all Windows Update features", which blocks access to the Windows Update control panel. You can turn this on in group policy and then make the client see the change by scanning for updates.
When you turn the group policy off, however, you have a bit of a chicken and egg problem, because scanning for updates from the control panel is still blocked. With the control panel blocked, you can't start a scan, and without a scan, the control panel will remain blocked.
In v1607, after turning the setting off in group policy you could make the client see the change by running "usoclient StartScan" at the command line.
In v1809 this no longer works.
Is there another solution? I tried "usoclient RefreshSettings" but this didn't work either. The change will kick in eventually (by default, automatic scans occur every 16-20 hours) but if I'm trying to, e.g., install updates during a scheduled outage then eventually isn't really good enough. Doing a scan through the API doesn't work either.
NB: I am talking about the computer group policy setting, not the user group policy setting of the same name, which very unfortunately is no longer supported in Windows 10.
Addendum: the problem is not that the group policy hasn't been processed yet; running gpupdate or gpupdate /force does not help. All that does is make sure the registry key has been correctly modified, it has no way of forcing the Windows Update client to actually look at the registry key.
Have you tried wuauclt / usoclient to force reporting?
You can trigger a GPO Refresh by using the following command:
Then, you may have to restart the computer. If it's not working, you can use
gpupdate /force.To expand on Tim's answer, after changing the group policy run
and wait about 30-60 seconds. It is not necessary to reboot, or even to close and reopen the Windows Update control panel.