@Xkeeper @sc the main trick is to disable the Windows Update service entirely, and then enable it when you want to grab the built-up updates.

there are a few other aspects, let me know if you want to get into the weeds

it's ridic we have to do all this, of course