Access to drivers on Windows Update was blocked by policy

Posted: January 12, 2013 in Solved, Windows General, Windows Update
Tags: , , , , ,

I’ve noticed these EventID:122 errors appearing on my Windows Server 2012 Hyper-V host. Its running in a workgroup and has registry settings defined to connect to my WSUS server.

Source: DeviceSetupManager

EventID: 122

Message: Access to drivers on Windows Update was blocked by policy

The only reference I can find is from here:

where it says only:

Event ID: 122 Warning: DriverInstallBlockedByWUPolicy.

Driver install failed because of WU opt-in policy. Users or group policy opt-out the WU driver download.

  • Message: Access to drivers on Windows Update was blocked by policy

but no other mention of *what* policy that refers to.

Update 27/1/2013

OK, I think I’ve got it worked out. It’s something that can happen on any Windows 8 or Server 2012 machine.

It’s nothing to do with the Windows Update service at all, it’s the “Device Setup Manager” service.

There is a scheduled task that runs each night in “Microsoft | Windows | Device Setup” called “Metadata Refresh”

When that task runs it causes the “Device Setup Manager” service to start, and that’s what is causing the messages. If you look in the Event Viewer under “Application and Services Logs | Microsoft | Windows | DeviceSetupManager | Admin” and filter on EventID 122 then you can see the entries.

The “policy” that is causing the block is actually the Device Installation Settings. This is a rather tricky setting to find.


If you open “Devices and Printers” in Control Panel, you might see a small pop-down about displaying enhanced device icons. right click that bar and select “Open device installation settings”


If you don’t get that bar appearing, then use the search in the Control Panel window and look for “device installation”


When that window opens, you will see the settings that define the “policy”


If you change the setting to “Always install the best driver software from Windows Update.” then the EventID 122 errors will go away.

If you *also* select the “Automatically get the device app and info provided by your manufacturer” then the whole setting will change itself to the first “Yes, do this automatically” option (so the first option is the same as selecting both the bottom ones)

Now, I’m not so sure yet if I want these enabled by default to update on my servers. If it means “go check Windows Update” only when I ask to update drivers that’s not so much of a problem, but will it go and auto-update itself, or just check and then tell me drivers are available to manually enable? I’ll do some more testing on that now.

So, the only other option seems to be to disable the scheduled task mentioned earlier. That should stop the 122 errors, however I’m not entirely certain what other issues might arise by doing that.

  1. StylusPilot says:

    i think its this in Group Policy

    In the navigation pane, open Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings.

    In the details pane, double-click Turn off Windows Update device driver searching.

    Do one of the following:

    To turn off searching Windows Update, click Enabled.

    To allow searching Windows Update, click Disabled.

    • Scott says:

      Thanks for the tip. I haven’t had a chance to look into it yet beyond making that post so hopefully this weekend I’ll take some time to test.

    • Scott says:

      Just looking some more into this. It only seems to be reporting this error on my 2012 servers. My Win8 and 2008R2 servers aren’t reporting it.
      It also happens on servers in the Domain and in Workgroups
      I checked the policies, and they are all set as “Not Configured”, and the default behaviour should be for admins to be allowed to select if they want to install drivers
      Also, I can’t “force” the error to happen (yet). It only happens when the computer does it’s nightly scheduled check for updates, it doesn’t happen when I manually trigger an update check. I suspect the nightly update check is using a different command option, so I’ll check the logs to see if it gives more info.
      So I guess more investigation is required. I might try playing with the policies to see if it makes any difference.

      Also worth noting that the Policy you mention has a comment at the end:
      “Note: This policy setting is replaced by “Specify Driver Source Search Order” in “Administrative Templates/System/Device Installation” on newer versions of Windows.”
      So that newer policy seems to be the one for 2008R2 and above.

  2. Chris says:

    I’ve got this event in the log too. Unfortunately, it doesn’t say for which device it’s trying to install a driver. I do have some win8 problems (notably hibernate taking 15-20 minutes) so I tried changing the policy and running windows update. I also tried manually updating drivers for a few likely devices. None of this had any effect at all. I’ll be interested to learn what you come up with!

    • Scott says:

      This message isn’t saying that it is trying to install drivers, only that it wants to do a scan for new drivers, the same way it just scans to see if any updates are available. It doesn’t mean there is a new driver, it just wants to check.
      If the windows update catalogue has available updates that match, then it offers them the same way as any other updates that are available.

  3. Scott says:

    I think I’ve got it worked out now. I’ve updated the post. If you are subscribed to this post I don’t know if you get notifications if the post is updated, or only if a new comment is posted?

  4. Chris says:

    Ah. Interesting. That must have taken some work to track down. Like you, I don’t really want these things just installing in the background.

    BTW, it looks as if I get a notification for the comment but not for the update to the posting.

  5. Scott says:

    I’m trying to work out a test to see if it auto-installs any updates it finds, I’m actually pretty sure it doesn’t though. From memory I think you will see any new drivers it detects appearing as “optional updates” in Windows Update alongside other updates.

    re: notifications – This is my first real attempt at a wordpress based blog, so still trying to work out best ways to do things. It looks like a simple follow up comment with “I’ve updated the blog entry” is the way to go.

  6. Evan says:

    Just wanted to say thanks! I’ve had this popping up in my 2012 servers event logs for a while, and couldn’t track it down. Kudos for finding the cause!

  7. Faptomass says:

    The registry fix bellow is the solution to the problem with annoying
    “Access to drivers on Windows Update was blocked by policy” warnings:

    Windows Registry Editor Version 5.00


    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Device Metadata]

    • Scott says:

      Thanks for that. Given those are policy settings, there is likely a corresponding setting in GPO that could be used to set them. When I have time I’ll look into this again and update the post.

  8. Maarten says:

    Cheers for this! I was looking into the logs when I came accros this warning.
    Also found the GPO setting:

    • Scott says:

      Thanks for reminding me. I thought I had already updated the post with the GPO, but looks like I totally forgot about it. Thanks for the link, I’ll update the post.

  9. Bert says:

    Perfect; exactly what I was looking for. Thank you!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s