How to block completely Windows Update on my network

Solution 1:

In order to block it in one section of our network the following domains were redirected to a site with instructions:

• update.microsoft.com
• windowsupdate.microsoft.com
• windowsupdate.com
• download.windowsupdate.com

These seem to have done the trick here, but it mightn't be the full list.

Solution 2:

You may want to consider, rather than blocking all updates, managing updates with WSUS. Assuming you have a copy of Windows Server and your clients are in a domain, it's a free option that you can use to only deploy updates when and where you want them.