Ensure 'Toggle user control over Insider builds' is set to 'Disabled'


This policy setting determines whether users can access the Insider build controls in the Advanced Options for Windows Update. These controls are located under 'Get Insider builds,' and enable users to make their devices available for downloading and installing Windows preview software.

The recommended state for this setting is: Disabled.

Note: This policy setting applies only to devices running Windows Server 2016, up until Release 1703. For Release 1709 or newer, Microsoft encourages using the Manage preview builds setting (Rule We have kept this setting in the benchmark to ensure that any older builds of Windows Server 2016 in the environment are still enforced.


It can be risky for experimental features to be allowed in an enterprise managed environment because this can introduce bugs and security holes into systems, making it easier for an attacker to gain access. It is generally preferred to only use production-ready builds.


The item 'Get Insider builds' will be unavailable.


To establish the recommended configuration via GP, set the following UI path to Disabled:

Computer Configuration\Policies\Administrative Templates\Windows Components\Data Collection and Preview Builds\Toggle user control over Insider builds

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template AllowBuildPreview.admx/adml that is included with the Microsoft Windows 10 RTM (Release 1507) Administrative Templates (or newer).

Default Value:

Enabled. (Users can download and install Windows preview software on their devices.)

See Also